umbral | hxxps://goo[.]su/poDL2

Resubmissions

04-02-2024 20:05

240204-yt7a5ahga6 1

04-02-2024 19:55

240204-ym9snshfa2 10

04-02-2024 19:51

240204-ykw4sshee8 10

Analysis

max time kernel
113s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-02-2024 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://goo.su/poDL2

Score

10^/10

umbral stealer

Malware Config

Signatures

Detect Umbral payload 1 IoCs

resource	yara_rule
behavioral1/memory/8476-570-0x0000021FC7F70000-0x0000021FC7FB0000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Executes dropped EXE 1 IoCs

pid	Process
8476	metainstaller.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133515499468841176"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3268	chrome.exe
3268	chrome.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6152	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 56 IoCs

pid	Process
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeRestorePrivilege	6152	7zFM.exe
Token: 35	6152	7zFM.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe
Token: SeShutdownPrivilege	3268	chrome.exe
Token: SeCreatePagefilePrivilege	3268	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
6152	7zFM.exe
224	7zG.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
3268	chrome.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe
6908	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3268 wrote to memory of 1272	3268	chrome.exe	64
PID 3268 wrote to memory of 1272	3268	chrome.exe	64
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 2460	3268	chrome.exe	87
PID 3268 wrote to memory of 3908	3268	chrome.exe	89
PID 3268 wrote to memory of 3908	3268	chrome.exe	89
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88
PID 3268 wrote to memory of 4712	3268	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://goo.su/poDL2
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafd2f9758,0x7ffafd2f9768,0x7ffafd2f9778
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:2
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3932 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3172 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4884 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:8
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5812 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5388 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6044 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6168 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6372 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6676 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7548 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7584 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7408 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7272 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7076 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7028 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7020 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6956 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6948 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6352 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8136 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7840 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8436 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8556 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8760 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8936 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8940 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8740 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9336 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9304 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9320 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9700 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10752 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10716 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=10600 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10584 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10428 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10408 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9992 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10120 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9844 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:6908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=11120 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:7492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9620 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:7600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=11276 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:7688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9316 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:7744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=11348 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:7936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=11884 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:7992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11848 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:8084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=12236 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:8160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=12400 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=12592 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:7880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=11276 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:7928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=12724 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:7820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11860 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:8280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=13012 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:1
  2⤵
  PID:8288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12148 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:8
  2⤵
  PID:8848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8980 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:8
  2⤵
  PID:8988
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\meta installer.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:6152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12976 --field-trial-handle=1872,i,13425796827595507154,15697944528500280904,131072 /prefetch:8
  2⤵
  PID:5344

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3744

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6264

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap3774:90:7zEvent12446
1⤵
- Suspicious use of FindShellTrayWindow
PID:224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:6776

C:\Users\Admin\Downloads\meta installer\metainstaller.exe
"C:\Users\Admin\Downloads\meta installer\metainstaller.exe"
1⤵
- Executes dropped EXE
PID:8476
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:8876

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d953520eef04a7f704dfe97db53f6a7f

SHA1
55e37085e46991e0aeb58b2cc0dbc1a3c3c04e39

SHA256
7b14abffd2823cb808b20be179788d4ae316533eaeb954fb0c0fbee8f9fe0f47

SHA512
630b0cf4ba960966d41b512868e6ec54db4e270fe936a2ad8ff80ab7b7cc9b021c6b7eeda83744602edcccaeb3893f87a2b2270b8ca8ba9c409e98036d5b0b85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
af57fe280164d27ad089bc593b7b8bdf

SHA1
2c1fdd0564601b597b4508ad10ae65962087f0af

SHA256
d9f165c382b619322b802598c2f8a75db18b33eb93a66cf5b34d948d48e8c92b

SHA512
eb45fde3c1d5ee15f8b67b38161c29223f84628109f44c5a40993783a0b52ba51d12bed764f227d581f0bbd48dcea5373bda92e520528d2023aa64a0f9df2634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
17KB

MD5
cc38d5d0b3c52efa20bc1f904be6db7e

SHA1
862a6dfd55e0f1effa981e8b0811f0319fc60bc3

SHA256
494f62cf10395742f557ba1e3d6a0bb85092205bccfa0f335f4fd06686caf3cb

SHA512
76fe014c5a3d783144e3620da9570706d277576da2dd952dcec25a1083093b806b1c0da6ca888d7cbcfd5718f2330dd6f7af892e6b8b391b73df15e2d61d43c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0a1bc5faeebfee7e937801a19cfa6564

SHA1
d308c0d49728ca0d2ae629d9c66ccd78b6fb8a16

SHA256
6508008ff3e124ac1b0e3d59dfe392bfb1c2884ff16219f92e1fa37bdb13ba69

SHA512
956dce384718b0774d0563bb70c9da339d40c5dcb0aea9c049cb6f2e512a13e2d5d20f5bbd7f85d3d210737d8adfb8ca25e17c2013d33a90c8e088b55478c06e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4347952e7335973c345de606653a3ad3

SHA1
46b839f402b626c8f5502fd0959eadd1bcfb76a4

SHA256
a39ffb5243b12df5aa00be0aeda83c7e5a4b53c45f932577768843f406137beb

SHA512
348ffe6f3f416bcb5133065c88666402f5288964be0b226ce79da24af4c7e7dc9455e5bb55077d7ea137f510da250f3fcf0c9670927b871c0e436a4e9de306fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b9953ce1f47ac82a25b759cd7ab9ca13

SHA1
b1308eaf53bc3f809b27ded30ab090da2fdfaaef

SHA256
6144ac5a1e6b020e928a3e555f47738576e5147113d4252cb91088adf098021a

SHA512
9a1907f850bb96b402d1e52a51d8c77f11014be75573c025b1abb6d1b48743c556f34e08b621a1f3f4b5880e4f35fadb043652cff339b0b91a7059e2b20ee21f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9fc08c6092b2988408aa9e5b74031496

SHA1
b576d38788cd62665435153b4ffd3a6b852ecda3

SHA256
fa7af69d4a8426a9c3db0ac7da974d3b594cd73031e30b9cec87ab888aa200da

SHA512
7525efb7cbb26e613e6b5f8263d20b1633fe85d0c8c19999b46a605d9a0ea048d3418ca3cc6f21f547bf5848d88d399d94293103b5fff0eca0a617b0af9c91f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\c95bbebf-3af7-4fb9-8375-034f6731c033.tmp

Filesize
6KB

MD5
be698c18c2b4144be9bbd8183b407856

SHA1
933d8ddb2f50ab2e4614d80b04bf62a5e0dbcb05

SHA256
a4210b01fbe428927b4ec5b8fb257bde75eb10e0a96be8fea65293b68d46ccfb

SHA512
23fd66073f0ee1e30658dab02e5b06d5db8f528735f2b0360dc7bc3a144e6d4d07f65c3ebaa5f80cadc56121370488b3daacbafc905b64e29211ae263b512860

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
000ba7b1a7272f124045b6724dab8794

SHA1
9656a43f64aa1fba3409ad47d209a5fa6ab7b187

SHA256
dc49ff4b1132c8b4777bfb97483325dc670f2d370a58371455a13655ff133224

SHA512
8391e9277e8f26fe4619e811868b7bdb83cef00eaee89f41dd0711e91cf72b42a7f661e700f4d2cfba00540cb167d01dd053dfe59ec0def27658b9d649a318f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
117KB

MD5
78ae5b9b40428a25e50e23a73c9245d2

SHA1
63dc8b3c7ece45718224fd3127145893656187fa

SHA256
a25cab3f486ffaef29e5cd960fe465bd4099848cdede3f6c2147842b8b19547c

SHA512
ff2cae110bf571840e45bf261ec03b66724d8d6d964d305b2b9fb50bfbea398107805bfa0a3eeacb89369f5aa413d004d8a5fbacf667bd7b8a122083d075abe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d736.TMP

Filesize
104KB

MD5
f5823550d2fc6ef7ddcf27aad4c40734

SHA1
d0c0b741d12fd9a6d0ca0c1c1f3eb4b9ec93e63d

SHA256
0ab9c87dc041cdb05ffebf270bb7d2908c4f9c9030cf9548beb2c2786fb013ee

SHA512
6f464eac2cf00c6737ba9a4c7d22f6f0c254c5706161ecb64eefdc484da326a684819886b53454076cb0b97d2a9fd5e8830bacc10fbd98798aa7713ae869afdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\meta installer.rar

Filesize
479KB

MD5
7f12cf4a52dc73ef22cb0a539fdfae17

SHA1
2a8ae148fcab75c7459f11296a39b106e3e59687

SHA256
9d59e2b871016bb73fb13018b3569920bae746e66265415cdc8e27106607b97b

SHA512
418f8aaa0e85a3f2c0623fae2af09fc42adc7bf5c9d0bc8ba6c99490797f1fb3fcb9e31d1a461482af41e2eb5814224fa955ad0d987bcfc0808a75c62c0b953f

Download Submit
memory/6908-587-0x00000138D7CC0000-0x00000138D7CC1000-memory.dmp

Filesize
4KB

Download
memory/6908-584-0x00000138D7CC0000-0x00000138D7CC1000-memory.dmp

Filesize
4KB

Download
memory/6908-581-0x00000138D7CC0000-0x00000138D7CC1000-memory.dmp

Filesize
4KB

Download
memory/6908-582-0x00000138D7CC0000-0x00000138D7CC1000-memory.dmp

Filesize
4KB

Download
memory/6908-577-0x00000138D7CC0000-0x00000138D7CC1000-memory.dmp

Filesize
4KB

Download
memory/6908-576-0x00000138D7CC0000-0x00000138D7CC1000-memory.dmp

Filesize
4KB

Download
memory/6908-575-0x00000138D7CC0000-0x00000138D7CC1000-memory.dmp

Filesize
4KB

Download
memory/6908-583-0x00000138D7CC0000-0x00000138D7CC1000-memory.dmp

Filesize
4KB

Download
memory/6908-586-0x00000138D7CC0000-0x00000138D7CC1000-memory.dmp

Filesize
4KB

Download
memory/6908-585-0x00000138D7CC0000-0x00000138D7CC1000-memory.dmp

Filesize
4KB

Download
memory/8476-572-0x0000021FE25A0000-0x0000021FE25B0000-memory.dmp

Filesize
64KB

Download
memory/8476-570-0x0000021FC7F70000-0x0000021FC7FB0000-memory.dmp

Filesize
256KB

Download
memory/8476-574-0x00007FFAEA040000-0x00007FFAEAB01000-memory.dmp

Filesize
10.8MB

Download
memory/8476-571-0x00007FFAEA040000-0x00007FFAEAB01000-memory.dmp

Filesize
10.8MB

Download