hxxps://www[.]onworks[.]net/software/windows/app-free-robux

Resubmissions

23/01/2025, 00:35

250123-axbfvsvjaj 10

23/01/2025, 00:32

250123-avxlbatjhz 1

23/01/2025, 00:29

250123-as1vystjcs 7

Analysis

max time kernel
126s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2025, 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.onworks.net/software/windows/app-free-robux

Score

7^/10

discovery pyinstaller

Malware Config

Signatures

Executes dropped EXE 11 IoCs

pid	Process
5432	troglodyte1.1.exe
2080	troglodyte1.1.exe
3908	troglodyte1.1.exe
5420	troglodyte1.1.exe
4952	troglodyte1.1.exe
5796	troglodyte1.1.exe
5260	troglodyte1.1.exe
5380	troglodyte1.1.exe
3176	troglodyte1.1.exe
5384	troglodyte1.1.exe
6132	troglodyte1.1.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0002000000021ee1-587.dat	pyinstaller

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133820657929665081"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 53 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe
Token: SeShutdownPrivilege	4864	chrome.exe
Token: SeCreatePagefilePrivilege	4864	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
3280	7zG.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe

Suspicious use of SendNotifyMessage 63 IoCs

pid	Process
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
4864	chrome.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe
2232	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 4688	4864	chrome.exe	85
PID 4864 wrote to memory of 4688	4864	chrome.exe	85
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 2272	4864	chrome.exe	86
PID 4864 wrote to memory of 4144	4864	chrome.exe	87
PID 4864 wrote to memory of 4144	4864	chrome.exe	87
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88
PID 4864 wrote to memory of 2480	4864	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.onworks.net/software/windows/app-free-robux
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa173acc40,0x7ffa173acc4c,0x7ffa173acc58
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1648,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1632 /prefetch:2
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4844,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5004,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4964,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4404,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5440,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5396,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5780,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5944,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6072,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=6248,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5972,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5704,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5916,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6720,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6880,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6840,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5472,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6352,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7172,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7196,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7472,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5716,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7444,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7884,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7720 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7848,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8012 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8244,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8176 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8228,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8200 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8308,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8320 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6912,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8404 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7720,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7956,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8240 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7340,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=6996,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=5212,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6268,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8016 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=8112,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8832 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=8088,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8052 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8096,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9068 /prefetch:1
  2⤵
  PID:5332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=6952,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9180 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=8124,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9204 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4012,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7184 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6216,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=5256,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8020 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=6876,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=8964,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=5792,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=7828,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7960 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8520,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=6476,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=6420,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=4924,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=6180,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5000,i,12557396615584963657,16216101394930564532,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3584

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:876

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5596

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\freerobux\" -spe -an -ai#7zMap14665:80:7zEvent18235
1⤵
- Suspicious use of FindShellTrayWindow
PID:3280

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\freerobux\free robux\README.txt
1⤵
PID:4172

C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe
"C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe"
1⤵
- Executes dropped EXE
PID:5432

C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe
"C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe"
1⤵
- Executes dropped EXE
PID:2080

C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe
"C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe"
1⤵
- Executes dropped EXE
PID:3908

C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe
"C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe"
1⤵
- Executes dropped EXE
PID:5420

C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe
"C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe"
1⤵
- Executes dropped EXE
PID:4952

C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe
"C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe"
1⤵
- Executes dropped EXE
PID:5796

C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe
"C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe"
1⤵
- Executes dropped EXE
PID:5260

C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe
"C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe"
1⤵
- Executes dropped EXE
PID:5380

C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe
"C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe"
1⤵
- Executes dropped EXE
PID:3176

C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe
"C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe"
1⤵
- Executes dropped EXE
PID:5384

C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe
"C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe"
1⤵
- Executes dropped EXE
PID:6132

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9347884f-a461-44c0-84b1-e8d16b575d56.tmp

Filesize
11KB

MD5
f8aa832ed05ebeda1af74ff4f3856d1b

SHA1
8ad059ca2ac69c4eb729f33dbd9d94d0c6abbc2d

SHA256
b794f2fec3b3956c530e578e0bdf75868e18e386dff2a4712cc14d3d8a4ce31f

SHA512
e051ca6e8a5d60ff43101d69724060b6d22679ee786b4ce6f0dbe4372bfe2ab23d3fa6c8a221af4cc871af46af0af10b820e09068086701aff5056609db5f7b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
0ccef4bfa2e24f61a93bd3e1d327c4ba

SHA1
1b91b826218f3e0f7dec45901e945f46afa02189

SHA256
734b5d8bfabbdb317fe1428f0eaa073d1ae4a5ee3c45321c513adc15aa8a6b01

SHA512
4aea8e045053393e4b8b882c10783c06e4710620864c485acf4c67c7c8dc1311a5fd421435c6c38c541935c2f71bd6996a32cf14c56cc086c43e871dd3487f78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
43KB

MD5
1ba5dc1117344ce502d22630408d00d8

SHA1
3e45e7f85b0d1f2ca8e359a348818772284497f0

SHA256
c29a4f1a87cb2005301913838b0b34a4a773c5f21152534d21316efe5b131d60

SHA512
15f77b4ba8a7329f6f8dfea8428e145295ecf32cefa9f0accb53c69a3a5dac5d15947bf8cfd68c886bc934d57eb48b06b770f5c9aa042d6928a37256381565a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dc5f2b195eea57f1fc4c3c878f1f2d02

SHA1
cc71086ba18473220e669fff366fbcb8296ec43f

SHA256
6ee0e84946ab19839ceb37f359245ed69bac462c995025bb8ec1fa945391639c

SHA512
4c861f76a585cf48ff76e4cadb23d7dfa38b3f93994bd8c1b952b2dae79fa51423c30802ad54e84f9df2ed2bbcd302f9f6538be5ed5d4f0e1a879a00c104723f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
27KB

MD5
7016707446d4270654f0d9e6c5badec9

SHA1
ef4ebb6c0516a6d8e6144a5f81bdf1b0c1bde7ad

SHA256
756bb5215f9319b0cbad619354459572e8dc84d29f624e4707e453313ce95a68

SHA512
7a76a0906e5e33e250edf34771dbccf4fc61a28e9431a2c1a917f219802695651cc023e2e2c85355d2dd806a3570622e75a630c1e9ab346e8dbbb2987294e4fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c7897d68b345ee4099db00b281531bf7

SHA1
b45f0c2636b70e21087ba6f3cfd31d5085a6311a

SHA256
c7a567e7665508fa2a52d4af692ef2cb7cdcd24460105dfd1f1f3a75fbfaf79d

SHA512
434935476c33da0e7fb65c831fb91b526b7a92bdae192ed11d07cc8d5713970c8781f0252ed79e2cac92d759d53d07fc0f6a4ab35f9f0e390cb7a5993eb9d47e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fcb701477d411bd030468a1ff8b897fb

SHA1
856edea33693804e8dca7d9056871c7eb8332cde

SHA256
0adeaed52d97b8ba584e1776c19c1f5e945c659b9f278cd01a3fa885d18e94ff

SHA512
d7c5c5fe35109c49d9500b255900b7661512a9e94759692f1af173d47b8bed0b9277a16913a9a771ecaf7b0cec3fdb3c180213c17d65739cfd6349cf8ce6bf4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
993dc6318dcf46db72e000ae348af384

SHA1
954a5a17ab5e9bbf5630c35e786b7575f42a8a5f

SHA256
52a950eef972de68fb08bcf4ecdd8037e99093c96e6c2618ad38c8a33f82edd8

SHA512
a3c760e098f9c36b44b3181de2ea3af3f7cd997810481ccabacabb6b44255e4e18a2639cfd4c89aa56001804c7f19090809549170f01bb0b14992bf7f3b39f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9c01156374dce32f9056c40734297e94

SHA1
98f2a92ba6bee4d0652aa9757776402dc066a1d5

SHA256
1a70f63dc3884eb8ec8a43ad1766cc462cdc25cfecb3954f11f5d4a61a63f163

SHA512
9815cdf6b2343c6ed3caa1bda8d2d90e2d218edc228f79c6d346143af6a83d7857bc9bae07a84b4f07952d406011fdcb3719649e5c2ff4e35a714311a973664a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7e42fe9abe416f09d5fceaa9ca237a72

SHA1
fdc0e5da0731ec91eabaf79ae292ac250cb0554f

SHA256
fd69fe95cfeb0e5561998beb09b8c559aa0baa6095f1420dec7c68d097452021

SHA512
777480481790c720d9816bbe5f267a63a748eca2921f9d9b83259c2a937b54f3c06461228e00b9a362394f0e688439acac113ff88ba3526dac75d12b3abfd010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2cba445babdc0af9d4035fcb8aa4e0dc

SHA1
e563cb23af26308a08485067b7228f51dcc47bbd

SHA256
579f464301c807ade347e1bd1b28fbaec221a7125d49f3ffa05cf80932a70dc5

SHA512
1762921d18402b6db18e2828aa35a1c611198a4cc4379fb8c8f57924db45115fb68b636c1c8c106fb8c748a2c1ecae58039474bd818563c04c571f68eb02b77c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
295289206a66bdbfc27861bc450c0215

SHA1
5a9a26877e0dc9e13f33a73aea2f3d63ee70417e

SHA256
8343fd91ee3cb8e483fdb1704f3716c08caf3e736a3ee37a4a492f5870788947

SHA512
787a0c3a76234aef76951da30f8d85ea0eb5b8bb2465bb816f615d2c2b9e71075bd67fac7c439368ddea0f19640606b67a911179439cf81ad1f308ad252acc28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
24baa47c37862d3f875a960f7bf9d375

SHA1
db42d310854e14fb85eb0a5e6a4c64eb72b195d7

SHA256
8cdcd1b424f46efca6b5437a108d9074622cc128801f26222f462ec4a2b2a575

SHA512
50de02bd10f7d757b4a7ea28a8d62f613d4bcc9091c2e0841947aa96b0aced1e91430fb4c3a7f275c906d44503751b5345a2c2cae79bba6c2f0b70ae621024b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
01a4d75037ae289f4726e4c721c14615

SHA1
facd45105639b648a962d4cbf1798676e925f6ac

SHA256
58e1fc104b058fe194abac51f6cfe4ebe295ba3b6b666b0d98bf156bd8a5bfc2

SHA512
222c7c2ae5ce4674e2dee401a18dd222e404dbe6c7a6269cf562c95e66b1bd3a40eb6bd5fc4f3a6dbdf547c2b957c381f71a5267f0630a8004114a518f31820e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
89ba60565672c951e4a00a75b37b0949

SHA1
4790e62cfd10636e9b35f6d3fe3868935f658db5

SHA256
93497670f7d4bcf7d60ab93b2ab88362cdcced2cc2fdf9bb37edb42d6c39846c

SHA512
03b593575122b3451b18e6bc75f88726d6fce918fb12f394b9b463c37eaba9668a38431fce0e4d61ad911c7991cf148cdfb0ca8a3b4b8035b8d52143d8e9a547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
a4f93fe175302077d852f1e6c7360ea1

SHA1
6e838a1152f944c66dbf1659e77d24082c1e5e09

SHA256
2a72292be5bce212aba8d95a00de3b13177ddb5e274e612a1b3c37ab461bfaf6

SHA512
00cb267d050e25b317a68bedd9e44d635509685a0337ef8e66f0a0a533dadff936c4ad6cec917d1634170fbd1cb0d13f3a54fbeae81f8b13c6860c8d81e1d13f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
450c0a2f737737e87dfc0686d5088d8f

SHA1
ac3ffd2e234bd4a3db8cc5b03fdcc67dc4c23df1

SHA256
a01e830bec52d743233ad252c5986f9b47adf4e0e9729bdd719c3cfa02fbaafa

SHA512
3d75771b2e882e3a9ef9f92eef68a566bdbc33fdad989f019f0430581c181b72a3d616bd64cdc23209ac854b6346a66a7be07faca1a7cf496d8a0b7f800d5da8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
b4f148deb192cd843fcd58fb43def734

SHA1
68ecd5c493bc22d3f34805e8a925527f1df8e966

SHA256
8c9fd37e300521fd8b53281088f61a2d3490030bf10ce7c1d6acaa0dfc3b4d0f

SHA512
85221bb31255320dffaece2f0d14e6fe9c7cbcfefcf2810a78044c9ce20fd288c37c2cd774ff58ef7b2ce05f74e3bd60ce487543b458de740223c0a28f4131ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
c459f14c4d2a2c2900ff6339ac6403b0

SHA1
73adea60bc30b00e27a7fc8e82430714dfab2cec

SHA256
93de3f923485af402396f0548628031bdb46f20d60b22b4f798325a34c230358

SHA512
1e34cd62dfa1187960b91f0df8e1204d801662878db7515f0ac437f1edf45ba81dc4b517aa0800b475728304c8723e8b00d74e1f7b9ff4f2b8f724275ea9c513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1a2ab6c020b2e41b4d9d382570ccce27

SHA1
c4ad9723390a1bfc51995014b668f0e9235888fc

SHA256
49c4c145a760acfed20c002b40be795b5f7529e26a19ee9f8e916860f57a5bee

SHA512
5a3663074c301a9518c7509af40a441343fb64a409ac50cbcdccf5474e28d11fdcbf7cc58bc1c778abf27eecf624c5e9240a98cdece34bb6a45e74f0df0c8a64

Download Submit
C:\Users\Admin\Downloads\freerobux.zip

Filesize
1.5MB

MD5
ae052b21e59a2a598de27e546fc530ba

SHA1
bec76f3e4d4dca8aab8aca08d5967d21589c8fa6

SHA256
4e02795aae09edffb4b1d637928319abebe5b7c38c3c3b9619e5d20270205b45

SHA512
41909b7aad45db559f724e3380a3dde107678c44b53626481b5fed37bfd668d6086ee80b4e5a2f3f4d5532cdd00817d2dc01ce544391ec8836bfcb2ffb728cfb

Download Submit
C:\Users\Admin\Downloads\freerobux\free robux\README.txt

Filesize
27B

MD5
c619719e972de2522313d136538d0821

SHA1
017bb23e40d66e303cfd94c739b5b1d80ccc7729

SHA256
5ddd2908412b3abce8fd03ea3a7ed2523aae1abda0ac68729749fc120766485e

SHA512
1573a7ea7ba692d1065b5eeecc424b5ec2d43836c1e9aae1a598f91d915dbc365dca9de1c1fd28d603c1f00cf07a8b1b95bdde56da1d73db6a52a08af77784d7

Download Submit
C:\Users\Admin\Downloads\freerobux\free robux\troglodyte1.1.exe

Filesize
1.6MB

MD5
9f6a8ee3a31a55e7ebaed6d6e7e18bd0

SHA1
f0d0614b44265db8c811d3a057e8d5381df8df00

SHA256
c5d6c3c34eb313a5ecd261873f7a246d409465d3d607ee58d963f612ff6af7fe

SHA512
282036d8c327a7db48a34c2f091d7e2d99e48b35ab5beeaa002845fb2161d27f4053fcd5a7828d361cc802ec8d6fa533d6db0b1c289ecb72c755a3d983197ad6

Download Submit
memory/2232-622-0x000002F5D2F40000-0x000002F5D2F41000-memory.dmp

Filesize
4KB

Download
memory/2232-612-0x000002F5D2F40000-0x000002F5D2F41000-memory.dmp

Filesize
4KB

Download
memory/2232-611-0x000002F5D2F40000-0x000002F5D2F41000-memory.dmp

Filesize
4KB

Download
memory/2232-621-0x000002F5D2F40000-0x000002F5D2F41000-memory.dmp

Filesize
4KB

Download
memory/2232-620-0x000002F5D2F40000-0x000002F5D2F41000-memory.dmp

Filesize
4KB

Download
memory/2232-619-0x000002F5D2F40000-0x000002F5D2F41000-memory.dmp

Filesize
4KB

Download
memory/2232-618-0x000002F5D2F40000-0x000002F5D2F41000-memory.dmp

Filesize
4KB

Download
memory/2232-617-0x000002F5D2F40000-0x000002F5D2F41000-memory.dmp

Filesize
4KB

Download
memory/2232-616-0x000002F5D2F40000-0x000002F5D2F41000-memory.dmp

Filesize
4KB

Download
memory/2232-610-0x000002F5D2F40000-0x000002F5D2F41000-memory.dmp

Filesize
4KB

Download