povertystealer | hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbXNVRVVRWHFNT3p3N2owUXc0RXBDN3Z4Y25JUXxBQ3Jtc0ttRFBEakRFMHJ4YlY1SllkMTI2Qmx5V2xQN3pseUN6eUcyZzZyb3dHejNpZThUTm9nLUJQakZFWVFQQTBjcGI0d2RnQ2NEallKUm5qU1YyMzdOdUFDcUpzVmw5ZXpTYS1jZXN2MTc0WFdjR0xjVU5Qbw&q=https%3A%2F%2Fwww[.]mediafire[.]com%2Ffolder%2Fv29nva4zio2as%2FGMS&v=8z0_rh3V1u8

Analysis

max time kernel
144s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
06-02-2024 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbXNVRVVRWHFNT3p3N2owUXc0RXBDN3Z4Y25JUXxBQ3Jtc0ttRFBEakRFMHJ4YlY1SllkMTI2Qmx5V2xQN3pseUN6eUcyZzZyb3dHejNpZThUTm9nLUJQakZFWVFQQTBjcGI0d2RnQ2NEallKUm5qU1YyMzdOdUFDcUpzVmw5ZXpTYS1jZXN2MTc0WFdjR0xjVU5Qbw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fv29nva4zio2as%2FGMS&v=8z0_rh3V1u8

Score

10^/10

povertystealer redline infostealer stealer

Malware Config

Extracted

Family

redline

45.15.156.142:33597

Signatures

Detect Poverty Stealer Payload 8 IoCs

resource	yara_rule
behavioral1/memory/7400-637-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/7400-640-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/7524-642-0x0000000002440000-0x0000000004440000-memory.dmp	family_povertystealer
behavioral1/memory/7400-644-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/7400-646-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/7400-648-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/7400-656-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer
behavioral1/memory/7400-662-0x0000000000400000-0x000000000040A000-memory.dmp	family_povertystealer

Poverty Stealer
Poverty Stealer is a crypto and infostealer written in C++.
stealer povertystealer
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral1/memory/6832-615-0x0000000000820000-0x0000000000874000-memory.dmp	family_redline
behavioral1/memory/7288-657-0x0000000000780000-0x00000000007D4000-memory.dmp	family_redline

Executes dropped EXE 2 IoCs

pid	Process
6832	setup.exe
7524	Installer.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 7524 set thread context of 7400	7524	Installer.exe	158

Program crash 2 IoCs

pid	pid_target	Process	procid_target
7804	6832	WerFault.exe	151
6276	7288	WerFault.exe	159

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133517042488266380"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1155165157-2721788668-771323609-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
6892	chrome.exe
6892	chrome.exe
7096	7zFM.exe
7096	7zFM.exe
7096	7zFM.exe
7096	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
7096	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 58 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1424	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 4260	5008	chrome.exe	58
PID 5008 wrote to memory of 4260	5008	chrome.exe	58
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4952	5008	chrome.exe	82
PID 5008 wrote to memory of 4900	5008	chrome.exe	79
PID 5008 wrote to memory of 4900	5008	chrome.exe	79
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78
PID 5008 wrote to memory of 4996	5008	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbXNVRVVRWHFNT3p3N2owUXc0RXBDN3Z4Y25JUXxBQ3Jtc0ttRFBEakRFMHJ4YlY1SllkMTI2Qmx5V2xQN3pseUN6eUcyZzZyb3dHejNpZThUTm9nLUJQakZFWVFQQTBjcGI0d2RnQ2NEallKUm5qU1YyMzdOdUFDcUpzVmw5ZXpTYS1jZXN2MTc0WFdjR0xjVU5Qbw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fv29nva4zio2as%2FGMS&v=8z0_rh3V1u8
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbaba69758,0x7ffbaba69768,0x7ffbaba69778
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2180 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2952 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1560 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:2
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4688 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:8
  2⤵
  PID:1784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4728 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3200 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5712 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5796 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5724 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5560 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3828 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5272 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7428 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7288 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7140 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6972 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6712 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7768 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7632 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7912 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6576 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6432 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6412 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7580 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8492 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8468 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8428 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:8
  2⤵
  PID:5796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=9236 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=9456 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9640 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9020 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9620 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=10088 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=10216 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:6192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9184 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:6352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=10204 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:6344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10684 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:6580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10052 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:6572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10392 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:6704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10656 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:6796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10388 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:6840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=11384 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:6876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=11544 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:7040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10668 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=11536 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=11192 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:6444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=11992 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:7368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=11380 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:7480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=11080 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:7644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=12348 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:7884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10104 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:7892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=12196 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:8072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=12000 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:8164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=12008 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:7336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=12760 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:7612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=13216 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10164 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:8568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=828 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:8604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10140 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:8596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=2332 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:8748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=12724 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:1
  2⤵
  PID:8824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13656 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:8
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=13884 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=14008 --field-trial-handle=1816,i,13766616071457002601,14780812363725152285,131072 /prefetch:8
  2⤵
  PID:7048
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\installerV2.rar"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  PID:7096
- - C:\Users\Admin\AppData\Local\Temp\7zO8BBDB919\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO8BBDB919\setup.exe"
    3⤵
    - Executes dropped EXE
    PID:6832
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 1004
      4⤵
      Program crash
      PID:7804
- - C:\Users\Admin\AppData\Local\Temp\7zO8BB03019\Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO8BB03019\Installer.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:7524
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      4⤵
      PID:7400
- - C:\Users\Admin\AppData\Local\Temp\7zO8BBAF9E9\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO8BBAF9E9\setup.exe"
    3⤵
    PID:7288
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 1004
      4⤵
      Program crash
      PID:6276

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3640

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6832 -ip 6832
1⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 7288 -ip 7288
1⤵
PID:7368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
756afb1d5cbdb311a007b19939fb62c3

SHA1
6dff714b1cb43c3be8607b3acdf9865f9c0690e1

SHA256
a925d3b5c1f49e7fab70613cf82643cd1c8bbfb1ee7abd69b0a639ac8c8dd5fe

SHA512
43b7fced9ff5be96ab805252182526855e90e29f1b1d4de865605685196150390f556d8ca2535fbaf2833faa09bc0dd450bf3ccda21668610fadbfd874312d4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000046

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
cfcd455202fc89a5b0ce472e1e533ce5

SHA1
00ddbb4e2aed2a6b2e1ee192f07f9835a68c6718

SHA256
a27fb85c42ded33c1668c61b0a8ea988356e2ba1d4632cf4b2588c28b2b8e2f3

SHA512
24e5f3c0f343f6209015514fb011b704d1c3bd37aaf0dc50feffd4c51c976d9ae60154f9237e9cee745b5a60e2c9aa45951b2211fa8d1b698e678e889a9d3d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\33bebacf-cee3-4549-a5db-4bc7d0ca0e2c.tmp

Filesize
5KB

MD5
a4e5c169173ca336f5b8b395b82ade66

SHA1
1e326cfa855f4c35968ca457681762fafc594c9c

SHA256
fe012def2c81669e7fb52065e119936bf676b4dcda364ac4d522006badb30cbf

SHA512
e629f85e5b6a8072e6da3c354db17c0b474a6656a28b962a62b1bf461607df22f2925788af482bde9e9f3807df07df14a16b9e94821b60d2b762063c111a1e21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
b3d721531129e72b3767f4c1870c6efa

SHA1
db42e170373597d2cd03b8fea59bfa60920ba46a

SHA256
4c7dda6fd885e348c7485d97ef693eded2442b0064f4767b9049313da9366f87

SHA512
a080fc7a5d011602b577a58765a366efd3ab047413bc5098b3ca27955345c8ec6a2a0343ba0abdd5e22a192a041e3fda3c0b60f4905e4f015fd0818cf036f61b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
72bd61d2c2c73b79aa0ed99567f045b9

SHA1
b60a74f8e924d153a56d4f4ad828b18e7faaaab4

SHA256
4564a31f09852aa9d9cf09c9ff04e6d819f60c8406233ea4374495d2d1f5454a

SHA512
a1d6e48bc0571e6dde88e51edad5f686893784cf8c738c76117dbee216d99f0a6ef8ffc06ac66a16ed719042f9e6d55be00adf4a52d749b152d1f1e480f188e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
00a8d1e66cfa82acaf983eaafc36f56a

SHA1
a15c6cfda908a7e138327a17e4a150744b7e1dde

SHA256
05db054c7a00904684ab9db6eaae9d95da8d8667653a0f75beb4f352181c6a11

SHA512
43d6c83578a35c6eb0bb6b0b4e66da047543358571c551016eb156e82d66030c5fa5821a2bb46df7a4c2bec41f7b8dc078f621d0c7c678d8841f28b04ac5f3f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
d2e4cd88fe21a7b3d7eb130f4220c25f

SHA1
ef4d4e279c0438b2e7ab6f36047b09ca3d252a7e

SHA256
eed349ba0ab7b40c6a8a71e5afbce02378e8411a5b7c15943b05d45946f3e4db

SHA512
f953bcc31e49447f5cc5cb2a2d9cead1164f3b6fa8b6fbbe8dac7d3bbb39e72c9857cdebeb1632e373481e2ce16613d29d7e97bc84048b0578d93cad0d04e4be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
71dadc0ba722977d1c0281ec79b5765a

SHA1
53b7d3582593fcfe8dc13fd124876dfc67d534f4

SHA256
dedf98e38189f235009791dbc9fbe2e630c5e5d0cf82fb74fa0ce5284b53cb2d

SHA512
f7a1051730806519b98a7cf46c6ffd95ed1f09ff6833167679a8860866c5ee0f6178948bead29128072c45439199fa521239c172ca8c50dea4344afb0b122998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2fc8abc6db82460d8874339f423b9b4b

SHA1
8d2df2ae7f8c97c51d0295b2832e2cba3461b923

SHA256
72adab7511fd00788f793eb1b01f0ea4b274860ca22326fbda6aeb914fa61a3e

SHA512
56ff6a411b9209f2b8d832a9b022072e1424a590f20565718af4fd7b6ceeb6ec84a98df2c23ac51352cb9ac6b157ffc67dea66a423acc0b54d6e7a9902ee5c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
eba6cfa8200421eb6043f9e214ba2a43

SHA1
7d09e725fa2b0d83ced5719c0387c7b0edf84fc8

SHA256
59582b74130a461c7dd9d16c0c624dd00013c702738d58831f92424321de1e21

SHA512
e4d679026848fa0a71a8ff42c4a4ee491166076afc72ed52bd2b14693c96199e61d99c7d71bb45af0635f4858f3113e927ef8f7892a24823db537385dc425c29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
3926abee7ce7f117174478471b7651b1

SHA1
9f3dba815f82852cf989796f17030d52b839cbc2

SHA256
27dfb512d4785fb9843747d116965bbbdfc87dab0bc4ccbfe2f9f32a6dd6cef7

SHA512
dbd95d2609241f8f3e99a330b3fd94b5720d1ba9c0f0b4e36983b620a666205b069d375184ec2e13cac7540d435d5947f380f197ef1ee981b3c8448eb702579a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
782d40d054ee4c9df1adcc49572fb739

SHA1
60d86b2266efa419dcdd6cd8f652c0f30c653e8c

SHA256
f683dc8d48f936fc0546d554aeccdc263d3c19f3b91de3ce2ca2f96d43662694

SHA512
cdd5636e163e5e9951bd3af0858c416215baf20cb93e44c46d73c262b720468843af159d047c9256a5257910651dcef0d3640a4b505710231a06b8d72219c4da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
99806c7835afc92ed116db85d111781f

SHA1
4cc57f636c418d1b3e6e56c249c0522fbf76b2ca

SHA256
8d35adea7abbb5c1ef1def3a2bb80afe6ada858c243bd993f0e386caeb4cca58

SHA512
9387de94dc311ebe4ce51326c465bf42899d602b1c76e1e227712e3788138be83f1f4dc8a680e613a3e01f74a2627a701f6088dc6e26224bd13741833b6d4300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
40c650efae94f8bfab816f4ef8bfdfda

SHA1
5a1880e34bc4e51057fc2044abc00f86c12e3a7d

SHA256
f3229c82d9db64499b2925a5147f9631decba4c14029c755b9674cc765675e14

SHA512
c62d9cd86e725b3fb088158bf1ddbf1cf3fea6ab59c15b1082127a4bba85840c485b7357f0d8f74d87933281ae24d800c562cce41a1d533253c340c76941c92d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e08c.TMP

Filesize
94KB

MD5
9fcc955750cce222a0c2ad17aff94b5d

SHA1
eba8909dad78cf04aa24e4a3664e69d42874adc2

SHA256
15513f18c7a734bbd901e4b5ea5023f3ffd43d6c7b445e975c409f5721616974

SHA512
bcad5b2817a2f46cefbe7b180870a322b79024e15aefa377142f7e495855d668932ee6418cfa6726246a17ffa38b03b74f2f0b720c6e5a4db1601773ccfbe521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
9525ed790aaa25e346ee37d85fd2607c

SHA1
02db19a5bd9119cb90329f438c287cda89b2d032

SHA256
f48431cb6a0247a5019286176ed5fc3db474a95b119b96ea4c5b1295747e3e75

SHA512
6bb92cbc68468f106f542485aadfcceb6bdbe6bc8b12782fdb83bdca290bc72e0c1c3b0cc657893365e5b02494884002c858e1f8114208e6b317f623172be7e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8BB03019\Installer.exe

Filesize
60KB

MD5
839877efcf0594f1ea8dc80767d50026

SHA1
d6905930f7ecfbf96ad7054d3703dd76693d5c53

SHA256
87a6822fdc917b095a5ac3f342d62ddcab8fdb3c149807643fbaeaba88f3820e

SHA512
c474c3254dd520604b4e449f072e921a634e456e1d12657d73b3884d6c3e78dec5adc0a33b3742f1d3e882f5c2cb206b5045c73920c4cb7790cc86948e341c05

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8BBDB919\setup.exe

Filesize
419KB

MD5
e4d5405015ac1bc577d63999e8c19239

SHA1
bd7805b3f79ab9521302a85448cf126d5be5acef

SHA256
f373f50f0a5c1944faf6a511ce2a44dd7fcfcfb370c67fd736f7c01f8135f452

SHA512
34cca0186d3a3cdec341041087ffc23a941280fc5cfce557940dd6d4bb2b7bf38a5894f1474c2d0b721c4213639a266a47bfa9b8642a32b53f1205deb0405a50

Download Submit
memory/6832-615-0x0000000000820000-0x0000000000874000-memory.dmp

Filesize
336KB

Download
memory/6832-619-0x0000000074780000-0x0000000074F31000-memory.dmp

Filesize
7.7MB

Download
memory/6832-621-0x0000000074780000-0x0000000074F31000-memory.dmp

Filesize
7.7MB

Download
memory/7288-661-0x0000000074C00000-0x00000000753B1000-memory.dmp

Filesize
7.7MB

Download
memory/7288-664-0x0000000074C00000-0x00000000753B1000-memory.dmp

Filesize
7.7MB

Download
memory/7288-657-0x0000000000780000-0x00000000007D4000-memory.dmp

Filesize
336KB

Download
memory/7400-640-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/7400-656-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/7400-637-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/7400-662-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/7400-644-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/7400-646-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/7400-648-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/7400-647-0x0000000000D50000-0x0000000000D51000-memory.dmp

Filesize
4KB

Download
memory/7524-634-0x0000000004A00000-0x0000000004A10000-memory.dmp

Filesize
64KB

Download
memory/7524-642-0x0000000002440000-0x0000000004440000-memory.dmp

Filesize
32.0MB

Download
memory/7524-643-0x0000000075020000-0x00000000757D1000-memory.dmp

Filesize
7.7MB

Download
memory/7524-633-0x0000000075020000-0x00000000757D1000-memory.dmp

Filesize
7.7MB

Download
memory/7524-632-0x0000000000020000-0x0000000000034000-memory.dmp

Filesize
80KB

Download