Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
474s -
max time network
490s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
15/05/2024, 21:35
Static task
static1
Behavioral task
behavioral1
Sample
Yuqu v_7.98.zip
Resource
win11-20240426-en
General
-
Target
Yuqu v_7.98.zip
-
Size
51.4MB
-
MD5
ee05bf407cd8ce0e15c06e7127b466d9
-
SHA1
215a6ff26ae9ab0f97a8abc7ba91c6b9da17ff5f
-
SHA256
ff61a80e81df211aed7752b338d5efb8298ac047a4d6133cf0b60b0b03f87d16
-
SHA512
168b55568a2d21075e84b4e9873d3972315b55716faa3e300ab1dbfdae7e652049e0b4bc710f7dd2df8d394052cfcaaf58232e6e0a7da42017861529294037a4
-
SSDEEP
786432:tQBQ9mlEHBJgDkkK8v9sXyooMePc3wsO5SRw70HiCRnUjBue87jZ/6mE7O:tooBeDkkKmBEBw10mc6Ye87jZCG
Malware Config
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral1/memory/3688-671-0x0000000000400000-0x000000000044A000-memory.dmp family_redline -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 5512 set thread context of 3688 5512 Yuqu v_7.98.exe 172 PID 3996 set thread context of 2308 3996 Yuqu v_7.98.exe 177 -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133602826471456001" chrome.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe Key created \REGISTRY\USER\S-1-5-21-1696768468-2170909707-4198977321-1000_Classes\Local Settings chrome.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Yuqu v_7.98.zip:Zone.Identifier chrome.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2764 chrome.exe 2764 chrome.exe 5644 chrome.exe 5644 chrome.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe 3688 RegAsm.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe Token: SeShutdownPrivilege 2764 chrome.exe Token: SeCreatePagefilePrivilege 2764 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe 2764 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3252 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2764 wrote to memory of 3776 2764 chrome.exe 86 PID 2764 wrote to memory of 3776 2764 chrome.exe 86 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2608 2764 chrome.exe 87 PID 2764 wrote to memory of 2444 2764 chrome.exe 88 PID 2764 wrote to memory of 2444 2764 chrome.exe 88 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89 PID 2764 wrote to memory of 4756 2764 chrome.exe 89
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Yuqu v_7.98.zip"1⤵PID:3696
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2660
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb21ccab58,0x7ffb21ccab68,0x7ffb21ccab782⤵PID:3776
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1528 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:22⤵PID:2608
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:82⤵PID:2444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:82⤵PID:4756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:992
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:1224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4144 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:3900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3832 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:82⤵PID:2484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4516 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:82⤵PID:2832
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4464 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:82⤵PID:2688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:82⤵PID:2768
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:82⤵PID:1076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4740 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:1852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1488 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:2236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:82⤵PID:3916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3288 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:1824
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3828 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:3052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4996 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:2652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5116 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:1476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3184 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:3116
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5424 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:4004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5656 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:1840
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:82⤵PID:4632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6328 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:1336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5840 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:3440
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6604 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:2324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6112 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:4984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5768 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7044 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:3036
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6884 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:1076
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7236 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:1248
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7492 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:5200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7708 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:5312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7896 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:5368
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7844 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:5472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8276 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:5552
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8404 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:5680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7920 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:5688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8732 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8916 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:5660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9008 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:5848
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9184 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:5988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9188 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6004
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8412 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6484
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9000 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5952 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6520
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9600 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9612 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9652 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9776 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9780 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6660
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9960 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10084 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10104 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6696
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10252 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6704
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10376 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10548 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=10704 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6728
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9968 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:3268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=9316 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11352 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:5852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=9748 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=5668 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10536 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:1472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10972 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10628 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:7016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=9648 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:5240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=8732 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=10532 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:7044
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=10308 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:6408
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9960 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:1432
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9528 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:7136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=11496 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:1912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10372 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5644
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=12244 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:4700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=12084 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:4900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11896 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:82⤵PID:6700
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=11764 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:82⤵PID:5896
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=12100 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:12⤵PID:4564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12140 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:82⤵
- NTFS ADS
PID:6584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11836 --field-trial-handle=1768,i,1050404104220552562,11732224490045077146,131072 /prefetch:82⤵PID:6316
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2880
-
C:\Users\Admin\Downloads\Yuqu v_7.98\Yuqu v_7.98.exe"C:\Users\Admin\Downloads\Yuqu v_7.98\Yuqu v_7.98.exe"1⤵
- Suspicious use of SetThreadContext
PID:5512 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3688
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Yuqu v_7.98\README.txt1⤵PID:476
-
C:\Users\Admin\Downloads\Yuqu v_7.98\Yuqu v_7.98.exe"C:\Users\Admin\Downloads\Yuqu v_7.98\Yuqu v_7.98.exe"1⤵
- Suspicious use of SetThreadContext
PID:3996 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:2308
-
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3252
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:3464
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
40B
MD5a38b2a845a8f9f401af9b64fe3a6e14a
SHA1bc25d8c364676ed6d81c1c1fcbb51e4f9a3e0e1f
SHA256ec4d3181ecf500896d0aa07bf95fc66cce532a7ffbfaa88408403ffbe55e1840
SHA51214884b80bceea87d662ca46e8f8192370ada66c4ddb19c406d44733bf3c0e88ed7bf01109297083643c700090969cfb1b58220bc4804c0287906e81ab969b9f1
-
Filesize
2KB
MD58b355770717af86a559a58236400f21e
SHA125c4e082398fc903e9f083dc016131810ee0f055
SHA256c867116fa91eed23a8e3c13c4fd566d37b23b5a2acbe790f76019ab9f103a15b
SHA5125f99811d2f96bb6f449e52a3cf1834ebd958d8c3dfbbe9e1d4f7baa86510e7e3e6cc563875d1cfd1b247d7402c9b47be7c218eed48337ed74d5930c10c95c5b2
-
Filesize
2KB
MD500c04248bd1ea9bc09ba10d9e0baadde
SHA1f1142c41377abb96b03a1e01006aff88691d41ce
SHA2560149bcf478c0407c861afc3051a14f62e11029d64f6f2a413542717acd9cb7c0
SHA512127442bf2adb647fbb4066e818e04b98d437d9f2353abfd7c4beb79d2b3e941a768170076804b2bf76935c0cb336a03e319e6d881e877f0bb1fa226d42b26077
-
Filesize
2KB
MD59afd92683b7c178af04d2d77a3151918
SHA162bee78212bb22643cd4690ab9a8323473e4e024
SHA256c73253fa4e1bc4fc3b9311180c66dc4aab5ba2688ba4ee7bccc351406c0f2858
SHA5129d05df596cb50ec9801f23e7459cb404d1a84ffca1d1569d6e3ee1599aef91a1a2825168f91b45a7fd553d782f6a3c8916da372e0c10940a4e9b01f91f45720b
-
Filesize
22KB
MD589e31d8b9f827c7110a2a83e525bbe68
SHA115885ed2124e1a1a29a6d5e4cb516af46e2a8852
SHA256d3399c9ed3db649da4a3cde27ba86bae06ef54bea8f7460531c52e4cb5169bbd
SHA512be3b935f2e071c3432a9afba536a457c5efa3d8c02ec111cbec7983057bab75fa298af575bd6de75aebff29b2569c43d0c6481beb9b568f08cc9d19ff9ee9648
-
Filesize
21KB
MD5dbfeb5d9458c071a18e4092fd3fb1a03
SHA161cb277b28912bab8c53aab8162b39fa81f83da4
SHA25698eb69fc51382c51bb28b1c6e2e2e51dce334db1ea423745071f57a3842a640b
SHA51247bae7df4f1ac23241bd3981098d7745ec80634d3c76872ad9c1c03a7109f305860e887b1a762b032e28266d2dca56e169144b484ea3eae97529b14cafbb254f
-
Filesize
20KB
MD5e322af56bb7679f8b19219948a53f8a4
SHA1a2a33ec13791008325c1fb4c728ff9a8dac7da22
SHA2568e19c13e75cc6e04c559bd3cc9f5bec5808d87ba5a95541d370e4619a5f69505
SHA5129997818a27981a4896be95d08a39baf00f74ff1c435d95fe1d4a3683bf9510272919b14fa9a6ea4acd23844771acd4c2d8af992050275c3c727c761ba878f376
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
2KB
MD5130dce2fe610acc81f021c2ee544b0d5
SHA1354d22bd8f26538649ad1a6457e19dff39b20fe0
SHA256a40f2a3d690ae1d3d6151785060887c8442b95caa70655b0dcefb9c693baa7a8
SHA512231ecb301826748e2bfc1b0a73d3be98f4c7f723dbe671962986faff8e3c2a90f5929c4db2005b265ad365de5050c9afbd5a9a449e6c29ce455c15e36c19fda4
-
Filesize
356B
MD5aa82f4bfa342673cdcd80ccf9454e3b8
SHA1ee3440c87660ebab2663369ab9eab67bed0a9a3e
SHA2568fb20b9e0fdd79f0d209433b0ce7b9cd56b5061f1cd7bbe64f92fb683a59a9f9
SHA512430bef8c199cb351a535016f81d0df7d1d8a222c4d76acd5f6945af8996ff7921194a9707041899ed3619e49bbad3f8bbe7c1fbe90a7edfbe8497868f6f89d61
-
Filesize
6KB
MD598bcdb65d183de0fb78846372b59ade9
SHA182c8092cb3fc0ee412a67d02ae66d2a0cb5fe681
SHA2562791c719ac14659b7b4fcafb87dd6ac352180d95f270f39d83bb1f20d97c5af5
SHA51245cfec4fb94e15fe4f1a0711dbfaaa99960d3120a6e671545f26a3015a0b1c7f685a436a9f458840ed36bf52b0809e6f9fd857dc11de7238b4d573a16a8cd142
-
Filesize
7KB
MD55d0d7ad18c814497b864809d0d7bf26c
SHA130ebca9bf99625c8dd65e670fb3019f5a6defd5d
SHA2563657929b5b462df7caafc2562f0450ef21c35a07c11bdf7d47332a134785a997
SHA5127bad261bba35c8775ded1ced0fd4f4eda3965ed72a351b7f501e3dec9ac17db05b77b657b9221eb70ddd89a7d6f50276aa8bed9a76bd0e3fdfaf0f003d787a85
-
Filesize
9KB
MD5c5f23c426ce4f2bbdf54f5fe1dd01cf8
SHA1185f0edcde6a4e9d26c2407895ac8890295c9eed
SHA2568b87211023339b2011ad40220bbcf17b8892b95b63b5e6316ffc479b852ff962
SHA512b9b0730b82ba0cde332daa5541cd79455b214f5134b996c92d281795a334c0aa874c8ebda41ceeb2db34cc4e931bcafd004a7580f391305ca67ae80802b5f30b
-
Filesize
9KB
MD52c2d02833ff281cea4dbbf0cdbb87c95
SHA1c767f8f9a0dbfe00cda2ad303e85311f5020a3c2
SHA2567a36cf4755efcb00489e6a95356aed18ed3f66915fc221a8ac3082420b2d1998
SHA5121c2924f96078dc46e12a152032034f2ca0d9f5d3beb22cfbadefec82ac5039b39cdf30204be311f560ca5dd8ec4be31e119ffbdf7fbff95fc14b574277c0add0
-
Filesize
8KB
MD5e93ba2075197fd48dfdcbb470f385e81
SHA1cdc7715417b6a9cf5a02e6967dd559ab2a6769fc
SHA256e89c8c96d66b32dd45809b72dad8b8db863ac3f422639ba43a97c91d35353dee
SHA512f7f4c6ec02b0f03f0453d80dbbbb6a93656b04cc83830c57c6365c0b70fc8a266f78c67037bbd937ef6f164721e3148db557eda6d2e8914fc37886db0be6e772
-
Filesize
6KB
MD54bbd7b207c094ab3dbb315f39c153faa
SHA129fc1c4906ece2ebc50dc7d36c011f2a60ae8a49
SHA256fbee73fe23f644da9d28a6bfab9d60f78aa75788e4e0380a8a459be86a90d577
SHA512a6c1578e7b3a7f615324e8b41cc4ef5ba8a9df2c41ba4a3c59e5986378a3d4c36fc7c9506493f183c40c8704a3af0c0ac1e886a89ef0316c4980785e3ba275ba
-
Filesize
16KB
MD567d9e6542884131bece846f0e867bd8c
SHA14e2bc23411a2dac7514ed4553ff38b30ab3925ce
SHA256a1ca26750433e8603afd1edd20205b811e2f68fae6322119890fe3590767515a
SHA51282bddaff911004f88c949cdcd06cd35a5c0a8052d0e39ca3e89c234c184a6d4383c730607d4f9e67ae3185d04eaa2f0771506b60a7d5b2cbd7d465bc4eba3987
-
Filesize
258KB
MD54db184dba8b2761cdec23fd9d20e58b3
SHA1cd352b6e53fec407347e4c92ff096f2e86f6f81d
SHA256ee1f6c0c69ea25cb8f424a5a817070504f55f595bb3d8bbae2ece96fad5413e2
SHA51236613bd721b49481a6041708378cb363e9b5b949805f66b390bc6b23a7b0df1058bfaba085fe46ccac86ad98c86d300d53c75a5c2bef5276f32106c200478e22
-
Filesize
258KB
MD5f659c5c05ec65f6b2138f05d32c91b7d
SHA13161955af788dbffe6bb93dadc03212c86a9f80f
SHA2561a9b033723dcd8d0ba87fc32bc431a5f254365ba2c331946a4be3b4fee594b7c
SHA512b5a13f022e86a37bc4ad11e7d5808b09c02a5cbd03370ba58cdfed151af4b984a3b498c718d0584199831479ca93abb7e69486479257e378183edcfe9cc04d53
-
Filesize
258KB
MD5bb7e3a1e53479e4db9b5d088be1381e9
SHA14ecd663d17abd33fbe986344c59b5e958d7d0911
SHA256b11450929de629573ec2ba33a14809c66f4c2b56cf32f6bc8f63afebe38252a8
SHA512bbc8043f143d9ae4c257cab8c7fdc054b5d1d94c67d545ae6e89062cc0d4fcfb0f7527f2ca8c99f3938bc31000f37f68373f21f5d64cfa6340d7c3aece108875
-
Filesize
258KB
MD5e7b09dcdb93461cf5c1667bf92ece7ed
SHA1405bb80d138555af2bb2fd60dcc79fb3c62b9681
SHA256a353d5bd8bc84286377d4a9258f3434a082c6793c4c278143b959e830fe099f6
SHA512cf157c23f1e8e9b748887136f56a5bc616ec6bed49660bbb1b9cb6de0afecc691a5519926596b82939109498206bf672f8d041797cbbcb38f44597beaabde48b
-
Filesize
95KB
MD5f966f662a99b12d1df3a5cffee02e1ec
SHA15c58e5b9b9622cfcd2f1b68773009aacdd873dda
SHA25696852a596704e5b96ea553e631e52454f31b1bf3059d862001417a48fe76d2d9
SHA5128f513e12dd6e024b597f17afd02879aa3f2b0a220707acc8a0382494a78a57e65071313a92639769f8f7dd34dfd5fd214d1d499bdfa701979f02625d26ebf847
-
Filesize
88KB
MD5fbffc7ccb04d807376a2f2fc2e0fb80d
SHA1ce010e275a02e33fadf3d1da1762a0bf48329a60
SHA256b733f84c925ad205cc100a6d9316a3e051406270bd2b3d9c60e0ad35c3552d79
SHA51290c939fe3759f7dc76fc43ed51a0a9f5e3f66aaed1be406a877f7bdaf46bf35b92c12f4859c8b6495e4281a23d161a3c898867014edd621ed247b25ed88a191a
-
Filesize
83KB
MD5b442bf1030891f760bdece96e63a7b19
SHA19dcb4f3885951f6e3f0eae59b7b6bac6d28552c5
SHA2567bc1abcb6edee38d55ec231a2fc04cfd408150f041567d35eefb32d1f0c1f391
SHA5126434528d7eb254e5b9aca1dae6146beee8f5f59706243ea0187539789845633f00e179c91fcbe8dc54f45d643f370cb334edfdde13aff04660db6db6307be610
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD52f23663111658be2ba0b273463ff5e60
SHA1c2af77369b83a0177bfdb90c11fad4c5f897a983
SHA256eab4709a1ad32b0b87a53d307893899eb3ee26c6a59a1b34fe83062c79817513
SHA512e0fdfe555a47709cbf14c4c22498c89c3e8fd61c5b40806b9dd06aee20fbdcd3d9c4f7861d1183df15e9c64ed25828f97c8292bc6b4a700d3d4586433bf45bd8