hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbmRlN2pzbUd1OUh3dGJjTXdlTzUxTUxXcUhad3xBQ3Jtc0ttRzNZZEFXeENYcUxLclBLQVdLdnlWYzZOajNTSkg4V2FQQUp6aFE5amxSYzZLQTZIWDV4ZnVGWVE2Vm4wSVdFdDQwQ2tUdi11ejItS1NHakUyWFpkdXhsWUdpUVpRZHhkZ3RMdk5wTm1BYkhuZFFfcw&q=https%3A%2F%2Fmboost[.]me%2Fa%2FcRC&v=9gayHw3njx8

Analysis

max time kernel
1799s
max time network
1789s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29/08/2024, 07:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbmRlN2pzbUd1OUh3dGJjTXdlTzUxTUxXcUhad3xBQ3Jtc0ttRzNZZEFXeENYcUxLclBLQVdLdnlWYzZOajNTSkg4V2FQQUp6aFE5amxSYzZLQTZIWDV4ZnVGWVE2Vm4wSVdFdDQwQ2tUdi11ejItS1NHakUyWFpkdXhsWUdpUVpRZHhkZ3RMdk5wTm1BYkhuZFFfcw&q=https%3A%2F%2Fmboost.me%2Fa%2FcRC&v=9gayHw3njx8

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
113	pastebin.com
114	pastebin.com
115	pastebin.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133693917455472444"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
6664	chrome.exe
6664	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 56 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: 33	4880	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4880	AUDIODG.EXE
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe
Token: SeShutdownPrivilege	3328	chrome.exe
Token: SeCreatePagefilePrivilege	3328	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe
3328	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 428	3328	chrome.exe	73
PID 3328 wrote to memory of 428	3328	chrome.exe	73
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 3832	3328	chrome.exe	75
PID 3328 wrote to memory of 4388	3328	chrome.exe	76
PID 3328 wrote to memory of 4388	3328	chrome.exe	76
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77
PID 3328 wrote to memory of 4668	3328	chrome.exe	77

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbmRlN2pzbUd1OUh3dGJjTXdlTzUxTUxXcUhad3xBQ3Jtc0ttRzNZZEFXeENYcUxLclBLQVdLdnlWYzZOajNTSkg4V2FQQUp6aFE5amxSYzZLQTZIWDV4ZnVGWVE2Vm4wSVdFdDQwQ2tUdi11ejItS1NHakUyWFpkdXhsWUdpUVpRZHhkZ3RMdk5wTm1BYkhuZFFfcw&q=https%3A%2F%2Fmboost.me%2Fa%2FcRC&v=9gayHw3njx8
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc82a39758,0x7ffc82a39768,0x7ffc82a39778
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:2
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2052 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2824 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2832 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3824 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4872 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4720 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5252 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5772 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5564 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5928 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:8
  2⤵
  PID:168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6076 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3648 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4564 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3424 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5880 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2952 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2972 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6192 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6720 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6864 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7076 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7212 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7012 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7400 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7728 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7532 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8100 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8044 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8528 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8536 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5264 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5040 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5184 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8876 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9024 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9188 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9212 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9164 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:6248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9168 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:6256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9348 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:6408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9844 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9976 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:6504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9532 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:6640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10460 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:6684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10656 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:6768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10660 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:6860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9500 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:8
  2⤵
  PID:6868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10928 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:8
  2⤵
  PID:6876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11040 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11188 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10152 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:7016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9788 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:6992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=11320 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:7300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=9372 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:7428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=11592 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:7504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=12124 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:7560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10468 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:7656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=12108 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:7732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=11968 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:7804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=11036 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:1
  2⤵
  PID:7372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1788,i,11206511963961085319,15888115329832147760,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6664

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4452

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x380
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
143KB

MD5
0e2d6d4eee2257db76b0430a74ed672a

SHA1
f64af1fa5523dce190a4dccaa1ac1fb4922689f2

SHA256
ea9846b3dfb901a5cd46bf087999d3cf065a533e222a6891e515979ef64b7dbf

SHA512
28c1ba4defac9470a9dcff2b4788aaf9a2f5e7013a50b33b26b0a3ae955ebc8ff1f2fe3e0bc78e70167810a91e6cc7ea569db8c11656f3af8926ab3e6169eb69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
251KB

MD5
70a0197e463c78214bcaf4383a1cc62d

SHA1
ff7f211d6db63764716820a1138764f43569d808

SHA256
a914fd8830b130f0150b9577451dab1b0afa453bf92bd986c8e7963d8c51b5fa

SHA512
f8dd08ba631a253e718e328bd10d573a20cc6024ca5da850e4112b671634fd43b5e5c16819a4b160cd36c3b52761e0e129ef8de6ed1ef56af01ee459129f343e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a550ac9fd85159e857e5230e29660031

SHA1
383e30e7a0483546f8ad908fafbaeb600409802b

SHA256
0bb2e76feb25cb1d23ecb0006d7167d1f275e1c6d4f4a94b6c184da98777fbbc

SHA512
f858e44d3bf39883507cbe1a7a73120a03d84c4535a172dd7c12417ad4c096358735172bb253c2c251a856a5336705b99200f45f1e1bbea563d4b32f61d18a81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
c56d1ead2e07685dcdcbf7f54007f3ac

SHA1
b6743accdb024c40ec4c8463b1b38c7490eef438

SHA256
973946c92e6770f03fa8f86b89ae3db81792ebb9f9f930c3b936725681ec3d31

SHA512
0ecdff340ec79e54289ed7a71168c8266859491df3a9da3720d79d030dfbb0180a44ebb8ff934bde59c67e3221e37bb838dfa2d25e52634bc15c1d93b24320fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
366a6d1fd00c49bd9a0c2fc1accad6aa

SHA1
1f6806819922d992540701c3e998a016396b49db

SHA256
e041bd2b64ecac64adfecc529b58d8388c9e36d7d973e1d3f321c15620d31d64

SHA512
b151ec28c8d779773ef8287ec214bed9c78ba64979ef217bae1c8b4a6a91a7968c0a7bd7ab96b09127e1f3cf85ea59bf1b30c0fb886e55f6aa92e1f5b766b8f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
d5961a2a34507dbde215b4dd123972cd

SHA1
754516a718e7b0f0e5e0f17b15ce91cd2b264d36

SHA256
c6bbd47c4aedf215dab3dfc85bb7044abc34a6b95f745306e7b79a9e07bc6754

SHA512
0f84e5832ff56fe52d3f5573085bbd34f4df9c08667ee943d40527ca4236a4852ca9ae96969f0bab9918a2281b99e0172418dfe203841eede09dbd1cf1e079dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
f90746a121aafb7e22ace16154878062

SHA1
eb845d2f96e83c84793e8b832fa94679a474ee79

SHA256
f828a35004fbed79ec4cca79a88042d6da73abd4259ef10a72ec294e7e0465d0

SHA512
4faf3a3a6b7e8f5dfc44708932067e95065846550482c7746ff00262bd1e72943139dd52c48d23d0c1d9088ce1d48b6936968d12728f23dc8fb38154b77e9872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8af97849a1260702f90afad863c82315

SHA1
add1126911c741d0f45c63628e3667a8893cecce

SHA256
c4043c9da6482effa1d778150f4e532bb8f6cf02ee4347b82ca63f8d3fecb1fa

SHA512
3d97102d6ad18358d795caa5a8573dc410a8127d2fa7db989db611f60122ee36f68734c00d2616adacd9f5afdd989817837688ebdb2c004ca6f94382edffadba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a28c541b6657c1533e37a4083aa3f013

SHA1
0342e99ccb037a49c2ba89fe180fd9eefbe35e75

SHA256
f6babd5d40a40ee57168a76351a5e003fee54cd04b036061131103e3b506cdc4

SHA512
b5960fd8cb8e255975e637b5c8bfa04b29dbb7cd6b8c85c9590f92eee1614976958418eb42b9b13138640ecc063046738c9c342573fc62a32e828006d52d6b4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
5accbe0c3fba5e3f57d9e8c25acf69d2

SHA1
d3a410f9c0dcbe32ae616154937dce1e935c299e

SHA256
69cad45d532591730e15e10b64b8d69aa9a9d92414cf47867b483392fa633e41

SHA512
faa136bb13ae3a0256572a6fb004ebec63d1f705340f78f3e13f0fd1d9efa59f257356ee32949a61024bef0db0b045b37997f0357bdfed6c34438250819a0311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6aff79c2dcb0c2553af2b49c37ec3438

SHA1
aa7559ce91b68f4fd415bd79c1ea2209e772509e

SHA256
924869c0e7d226b38c585c10a8d7dd4f25d29e9e30e1bf8df6dddd44f7ac4afd

SHA512
66d69bd83f5e13c589aaa8bbbc000431d6d67dcad573799eee947973686b0a1c61694b87634433cba7d085dd96723d645c4f0be2109190cc7ead046ee3a4f08c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4d8b613ec06d1f4b1e168e7cbba5e8a8

SHA1
adcf626aa60a8a60d9b862a8ca8037c190a9f95f

SHA256
84cf343e5114045d2be607bdaa34561775aeb24328a989474a5cbe103b47d8f8

SHA512
dbc1b28bd4149b1bcf1d8a2e09960b2e8ae01bd0e8ef86b48a919ae37b265da908c8ce5af46130fe2c25b839cfed4f31b8ead54345f0386327fcd280c43e1be1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\36133179-2ae1-4366-aa16-aa7caab7eaba\index-dir\the-real-index

Filesize
2KB

MD5
b581ae93e5b2df40335a2f4f3afbd758

SHA1
8124675d568de0dd26a7b24e7fff3a72a04cf294

SHA256
2171de6ca2201d13df1cd18733b44f406db2e3312464a5c7ab39d8970578980e

SHA512
86cf448bd8290082d39a0156a4174ae80c35b2d174574692f91aec5b83363ca335d89739e03da4093959acf5cc953f117ba9053ea5df8ac6bdaf9f563b59d6cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\36133179-2ae1-4366-aa16-aa7caab7eaba\index-dir\the-real-index~RFe57e62a.TMP

Filesize
48B

MD5
4ffa3868b3faab541b821769dd97342f

SHA1
9c5579b037654eaa2fc7f4d20698c07fb0e29229

SHA256
34dce3f5a8ac3456faba56eee9855a55d5c169b467c559229a958ef46a1afedf

SHA512
e54186575bce091a2f79a54da6a99d20388441bec0fea87cadea9836ba28c9676c8dfe480efd2480bfd90bb99fba633e643fa107fdf7f374f5c55bc97d3c6738

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6bd25889-7c34-4c51-a42e-d09a7cfd371c\index-dir\the-real-index

Filesize
624B

MD5
ed1e441d4210965668729e5300bc5db2

SHA1
598bcc6c3c6adc7f9d57b6208cb7d149c98b5854

SHA256
618138b396dd75a5c8dc3317deacc76cb2fea1bcdd874442fcf4047f565108e1

SHA512
29e8a1717491c86857b29ce16bd945fccf0928a9f3ff8e8db8b4bb2dc6afe4f685779f4460d2c9513cf4051dc0b9db35340aa46ea7e523e768269972935b3f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\6bd25889-7c34-4c51-a42e-d09a7cfd371c\index-dir\the-real-index~RFe57e966.TMP

Filesize
48B

MD5
0b273d76a4075a6fbfd174a0dc1ce380

SHA1
f0a048c36d198cb3f0c34d4cd12b1249308b8802

SHA256
82c76fcefda952b1ff6f4cee32356a7e364d0e920627a3f4e504c4cfa08d25ca

SHA512
4a6b005f1c266470f4a56ce110daacd92d50cf999eb2cf5e57642981bc66dc5f95e369023fb5dfb8074393064455a1b9aecf0f1d0cd72668043f02d4dc023902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
4875aaed8961b67261ac4a8cdc3cf3cb

SHA1
4b4b7c96b00c3d9669617dd0adbbdf2ccfac73a6

SHA256
0b4f1f788d161396e856e8dae49813671177548daf74b9514600e0af5c9399f0

SHA512
21c66b0e485306adb4c48aef29820474a57a0a7e28743591eb3d207f13d316e04ec9eb3bcd9df22a2c3fe19200c8def0aba0f7a91ef2ddc605c4c85f2d43c99c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
186B

MD5
d69b56ed577f92af8d77ba443292bde4

SHA1
b2e78147f07d90f5df6668f8f7c1aa56eac4c58a

SHA256
fa905d45c1c56e72b84ef265608d42ae506829c0474c45acbbfb7684ee21e094

SHA512
cf952fc0a0683636ee4b722a585105047e29c8d6daaaf2fa878ffc0eb94e913a5f9ca1e7ca90c6461d99b4c97d69012e611c82e168adcf29962189d6ff79b736

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
20a73ee70d10606eb1a226f0fcab6eba

SHA1
638242adcd4b6ad49882d319e15510c5e7cef0fc

SHA256
c5ff0f4d46829f257138392d374a4b358cbec3b889a13ff07fc7107f31dc9b16

SHA512
a50267d9ddc3ee940d0b2cb76fd7f4cf005e1920a9731c93f148cd0e58ed077586d6d0681a0a2076e70e8d0645f68c1b27ca441c1af74cbf661d5060e95785bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
fec4ab5166b5acedbeddda6e69ed2c3d

SHA1
8ca579ab714205a81ce7d01b3f91d7f2a92e8e62

SHA256
3e27a444992c9eec6d9ce76942db12000649606e9b3b09dc8c72d8ee11ac6a12

SHA512
3b451199cc051532810cf14bff94c46ac7e0aaa4626e33a9822c2e899ca8ac1f09784c2df1cddd3e2d431be986bcccaff933f501dfec5c6fb44070cbf303eb02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57900b.TMP

Filesize
119B

MD5
71f44bdf1d48ac5e192965830ee65446

SHA1
7eba63171177ba12d12d0f68e243caf0d5a15b14

SHA256
a68924fa05aae1532514515aeb9fe49335f241107abecdea7e9358deb0e73d65

SHA512
7e483adfc108e3d8290d72b47f8f1a6858e3b3c6ce1e7c3581e20266ca9f7329f7f52b368f6cd6b712238d5d7b2c61026220cff37c6b7e386e7ba0fed9bc1204

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
17KB

MD5
9e375e6652a3e7649287e3a24a2e4481

SHA1
d540df42ed602ab0dd0dea60d3d91833ee761463

SHA256
a4bf4e0605a2fd92ab6214b1426fc52ff24c6d1f79a3d61bc785a0960ee0f2d8

SHA512
9d6b874c585f2ce1621cbc58777cdf7ebfb54b6f0c00e4d0b4769db8d90d0eea83fad970d12d99a5ed94c6d4a411e2fdf81e1534f5dc152c24b119b76a6fb3d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
11KB

MD5
d5fcb04753e6f55bfbfa47acb5388b6e

SHA1
a651c2e57a0a4c06e3a32614d4bb0fab1b9a9606

SHA256
7945611c9437ff910b6a07167f47ac7644b1b57ab3fef9a860344df21869652d

SHA512
ac598979a07053562b2c98a0a0bea53c4902d77dafc5e46899ab3e68fee590db77cd7cf37371e857262217ba80fefd43517c25f734de2a7abf841ef69000860b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
154KB

MD5
ddd7e51428466fd3668d1b06d7c850dd

SHA1
5f4b55cfff6debe84f13afcbccd5be87c1b12405

SHA256
2f1c2c362781fd4b4e640251649890546648645713deb817a4f72dc55da958ba

SHA512
11872cd0b7a480b2db3863c2898d2e48dd4da3060fee16f63c01269cdbe29024f0027094e419d076cd3d2619a428bcc096193ee90ae4f852fd3ecf2aee838718

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
365KB

MD5
9a84860e9d685cfdf012631f1a7a7b67

SHA1
3d72c5844c3364b3c5aab3c46f183ad445beea3b

SHA256
a36d602383cf4ebf817f3a8bbe1058b7c904d0afb83f54f5b4dfb93a7ad464da

SHA512
6d87a001e42989cfdeb3f87bdcd6b09d0487dc1dcd666b77e02a33a8efb4896a3b16f1d187b79ed8932b2172622efeb34a1fe30a3b0a8b9a2cc8a2df14da15bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ba666ed4c8cd9dbd5c26265934696d15

SHA1
bbe685e7434af988b0c6a5606a3144c142b4387c

SHA256
86b5a01ff9fe88ea8a2fe59f63ecd7c5b0f3b8f598a06309ed6fb67006d6491b

SHA512
6173e134b624ac04fe7c7a85b8bcedf7b43f18b420848f214aa16bba6996160e9854942d1aa73081824410678fa1ab4ae187d2babff32c9150d1c477cea1ced7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e000.TMP

Filesize
48B

MD5
b201b298b848618366085a4085678d90

SHA1
d0209fad2fa29b82eb68c989ef52f1859190e441

SHA256
29d7ad06e0749971cab1999ff993e3f238ed294271f67a500d946d49c53454c4

SHA512
0628212c5dd233786b32d77a54bbef7ff232a75dbab336dedf7785eb87c8a2bee02586d38bf6bdf3bbce1b75b4e5ce488887376825e0ca5547451c6ba7f84113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
7c3085507704792a3f28939e2ed9c230

SHA1
9866581a65faa69924a404ea9c5c209d111f0305

SHA256
4f8cf81dc1a54ac702b49963208132d7a75ec99eb062809b82c864c7142e72a8

SHA512
6cd0291d21e76935ad3bdddab741ac143c8992b2d0c1899967c7cdc38dacce47facc22b91b3d71a9bbf00418ac2915c9d3731d99e546d6abf1c066f97cf24242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
137KB

MD5
5bbfefe4537408c043295e2a89a4d077

SHA1
d3114a0b9e5bcb2110d62743bc9b3e1be6f8cf41

SHA256
d984bab9b791ffdc9ca6d469ed1c35d096df53641028aac90f681f9fce906b9d

SHA512
bf3f78e0b9ca94eb24b7c8322fdbcb6c28972f40bc822aa40455f52b714100c3d5fb952077a008fbaeb4590e7017d4da0978b7fd1da05947f7234a6f5ee747a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
ce52673aeb7b8de8a0bed1f2a129dede

SHA1
f2b00b8de9eb6641b2a2984f4e2aeeba21d7ca46

SHA256
2483ee143a72c0da62b70db029c6b357cbb9126153ea54eb2440e04ae14f9c3b

SHA512
6541e53bf84763168ef0f72f32bfc0a94c8148c4f32023abc2dcbf2051ef636f57e026bdd7081f34a5ebd80c9a3be73b00859060546b96875ae0bf8a50996272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
157KB

MD5
73b085daeee43c87aef7ef5bd10c4b3c

SHA1
05923bbb7af2f85d8199b2fe146a7909b267e0d2

SHA256
20c230ad5282207b84e396de56e3526f261dcf8477015c3b5daf73f37d68ece2

SHA512
fad196a913107d191a4f2006b7ca991362d32e192891473685bf6a7a01ed7186d8e0e130a9389b5bf612fd4dda2f5190ad729c620b31ce70682c94c181a8d476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
138KB

MD5
31ad85cf95e2d724da1bb2bbd5ada641

SHA1
538fd58d156e8ba950b67083018e6c77ea2c5b35

SHA256
0fcfbb732630a20053180932e2df6132ee75545900cb76dfb2d55b80663adf19

SHA512
ef7d35fa1f0bd1b6da454242affa672acb90716b2952c5c0b8f7599091af1bb154b77697a4cb249cbe00cf91872657ed082bc5b7ff10a945b020abc00be1ba6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
566cc91be07418f119f1bad749f9011a

SHA1
f25ce0ebe84669d7256637805287095917f06344

SHA256
5c4ed261a7a462bb928f59e7ef619a86daece298872489feb01fceec9297f0b4

SHA512
8a7992131fb06744097973fe3834d9e6d2f258f6555e9415d226126eafa7d19f7d371ea5ea862f367f88f244fb5c93dea7539beaa51b4a4a66bf49bf212cd9b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57ec06.TMP

Filesize
98KB

MD5
8be9b25e374d0083ac2860bbd38f9424

SHA1
1ffde3355ec511e2f49a509954af021822c48c1d

SHA256
7a766ea87ede2513eb86698efc33e6fa41cf6895b716af6a0c295436b0d1707a

SHA512
562ed0b072fad1e414283d88d54976048b65e8a5aa53f47a71cd742e737842c174a41daa693d1b30561d2c9c80f03a25f843c80227e3a700cb45e18c9ee59021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit