hxxps://pastebin[.]com/ZXswDHsX

Resubmissions

02/08/2024, 20:26

240802-y79cmstera 6

02/08/2024, 20:23

240802-y58nbsydrp 7

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 20:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pastebin.com/ZXswDHsX

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
6556	Sapphire Raider 2.1.0 Setup.exe
6224	Sapphire Raider 2.1.0 Setup.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	pastebin.com
6	pastebin.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 40 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Sapphire Raider\assets\is-6IEMV.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\assets\is-NQ0J9.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-DME2R.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-FD6FS.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\assets\is-A7AB3.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\output\filter\is-ULDUI.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-L2KN4.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-L0C8B.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-T9HBC.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-8KEDS.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-JVCC0.tmp	Sapphire Raider 2.1.0 Setup.tmp
File opened for modification	C:\Program Files (x86)\Sapphire Raider\unins000.dat	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\is-6JUGF.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\assets\is-13H4N.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\assets\is-540D9.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\is-S2VGL.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-20T45.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-3SC29.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-IOTMG.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\assets\is-S9EAH.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\input\is-O8AF8.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-GQB54.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\unins000.dat	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\assets\is-PJ4S9.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\assets\is-KAH61.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\assets\is-RUPTQ.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-A0N40.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-T5FG0.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-MQ77M.tmp	Sapphire Raider 2.1.0 Setup.tmp
File opened for modification	C:\Program Files (x86)\Sapphire Raider\Sapphire.exe	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\assets\is-S4HRV.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\input\is-KNG9I.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\output\is-TN5HU.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\is-JO4Q1.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-TTC4V.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-U3LIR.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\is-901OL.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\assets\logs\is-I1KLF.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-8MIPO.tmp	Sapphire Raider 2.1.0 Setup.tmp
File created	C:\Program Files (x86)\Sapphire Raider\fonts\is-S4LJV.tmp	Sapphire Raider 2.1.0 Setup.tmp

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sapphire Raider 2.1.0 Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sapphire Raider 2.1.0 Setup.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
6224	Sapphire Raider 2.1.0 Setup.tmp
6224	Sapphire Raider 2.1.0 Setup.tmp
6000	chrome.exe
6000	chrome.exe
6000	chrome.exe
6000	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 49 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe
Token: SeShutdownPrivilege	2340	chrome.exe
Token: SeCreatePagefilePrivilege	2340	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe
2340	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 536	2340	chrome.exe	84
PID 2340 wrote to memory of 536	2340	chrome.exe	84
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 4760	2340	chrome.exe	85
PID 2340 wrote to memory of 2244	2340	chrome.exe	86
PID 2340 wrote to memory of 2244	2340	chrome.exe	86
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87
PID 2340 wrote to memory of 2096	2340	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pastebin.com/ZXswDHsX
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd4,0x108,0x7ff8a8d2cc40,0x7ff8a8d2cc4c,0x7ff8a8d2cc58
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1996,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  PID:4760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1868,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2080 /prefetch:3
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4872,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4908,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4668,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4860,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5488,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5608,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5612,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5888,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6096,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5892,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5556,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6540,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6720,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6860,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6996,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=7160,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7184,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7312,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=7572,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7712,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7720,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7848 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=7872,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7992 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=8012,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8140 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=8280,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8164 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=8328,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8432 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8572,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8460 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8600,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8712 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8752,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8864 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8888,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9004 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=9032,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9156 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=9144,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9300 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=9432,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9444 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=8324,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8288 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7612,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=7616 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7564,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9628 /prefetch:1
  2⤵
  PID:6252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=10204,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10128 /prefetch:1
  2⤵
  PID:6352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=10004,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10032 /prefetch:1
  2⤵
  PID:6404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=10264,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10284 /prefetch:1
  2⤵
  PID:6424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=9804,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10472 /prefetch:1
  2⤵
  PID:6516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=10068,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10064 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=10424,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10724 /prefetch:1
  2⤵
  PID:6628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=10748,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9880 /prefetch:1
  2⤵
  PID:6692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=10588,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10676 /prefetch:1
  2⤵
  PID:7036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=10244,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=8172 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=10552,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10576 /prefetch:1
  2⤵
  PID:6272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=9604,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=9960 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=9588,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10388 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=9652,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6272 /prefetch:8
  2⤵
  PID:6952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=9688,i,18019492835690677627,4229585715977723193,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=10728 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:6000

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5932

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5376

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4852

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Sapphire Raider V2.1.0\" -spe -an -ai#7zMap30643:106:7zEvent15873
1⤵
PID:6496

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Sapphire Raider V2.1.0\READ THIS!!!.txt
1⤵
PID:2660

C:\Users\Admin\Downloads\Sapphire Raider V2.1.0\Sapphire Raider 2.1.0 Setup.exe
"C:\Users\Admin\Downloads\Sapphire Raider V2.1.0\Sapphire Raider 2.1.0 Setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6556
- C:\Users\Admin\AppData\Local\Temp\is-SE70P.tmp\Sapphire Raider 2.1.0 Setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-SE70P.tmp\Sapphire Raider 2.1.0 Setup.tmp" /SL5="$A0254,36660497,783360,C:\Users\Admin\Downloads\Sapphire Raider V2.1.0\Sapphire Raider 2.1.0 Setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:6224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Sapphire Raider\Sapphire.exe

Filesize
33.1MB

MD5
c74762d2d555f2b12039843ed50742c1

SHA1
c363deafd917bca3e90da011fe0edd012e5102f9

SHA256
506c3af67e6b5a6cdb798f1da03848fdd14e73cefdb66cc84616403b0a68fc74

SHA512
df7aabc5494a8ce4eb2724336570f7882c62189af3d1523d4648e982477ea7a65a9a5a993da1935b4b1ce9389711c17aaa2d2d2ec2ea05a99a8669bbf988784a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4944e59be36ce2f9295fe585c441cfc7

SHA1
5db2db43110399d6877de973ab82baccd9865fde

SHA256
688d81008e52686cc33e090c6c2cd5f40fad2e91fe6c4b8792899434fab1a795

SHA512
5fc03899136dbd33cf21bd1fb3f142d0bf7ef4fb8108060de06e73135c01f5811182dc3aea241ab41a34e5dcaeeac082af612c2ffb5bd0a580d36f943a723fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
26KB

MD5
346717b016e22e5d9fc054b8dc237a98

SHA1
7e2688af12614de34147c0edbd21831c324499bc

SHA256
6be08f077f2382f641d8d352bda199587b2d31001cdb4de23d4f7f8b70348e62

SHA512
504f8ff968f4cabf7619f5fc25a628db8a80cfe052cf90952898c1cc93ee84dd3826385796181972d044a593d83db25e863f466f70a323bbe6f8d6632de9bdc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2f678b6295a221ad9e8cd14f2b2642e0

SHA1
2753e035bc7ac8f35dff45a4503077ab57ec4389

SHA256
ae61a51bb935b56922903db3c6437a8b46af00e4c68b8194fe04cc13c5fcf5ea

SHA512
e7d311569fdb71a4664bc207998a039a6b1abda00b964d6997b051994443053ddb6b26fa2f59133d9055ecc88752dc80cadc86b54ec456947cf2f2a370ab7cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
fee942a45c4f11db3265f35c1d082358

SHA1
b3a493052d58f36f6c64da230d4895488b89b4a8

SHA256
59fd3361b5a9020f67588ab0bcbd23cf68982dd133eab9ee990f1df8699f0677

SHA512
a1bdada7e2ae4a0a109aa42ee531830cb0d411f84860c30aabe303c8decd1ab890e139ba1b28a1938b135e69de4aaf95d0ec2a1874b38c3e80506b033cd1b449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
1afef3cc60b46decfbcea58a66112826

SHA1
e37b30772338d79ad73ef7e69ff02d9a15ece883

SHA256
2c934504b66f63af9f086c0408608f19bdc8a9873ce8e7728db2ffe61937998b

SHA512
b3471eaa11837d26393656f9d99c3e0cc6db14ecc65740a84094c8bf9195bf7d22f9828147efe7e180bb69573b9c5ba23053115a15f8140ef5596628151ff364

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e1a50ddb34196b02b18ba7ff7462edec

SHA1
755a66c38e81cd44a3d14e82fef00a4399749e5c

SHA256
eceb8bb2e52af18b4ee6d1bc4b5e29aebe0d8b7d818ed526aca0d6175cd759ad

SHA512
8f3ff63b54622393a995a6d27a994c083918fed48b10a5e7fba3e33934ed49ddb4e37ab0c6290d21fda660cf8cafa8d85b4ed02cdb03e2ae040033163137e4d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
32b8f364f9473d54d62ff87ec1c2bd2d

SHA1
58a71c2bbd970cdda983c34d6611ce741d44f983

SHA256
04c9ee91d3ded97b6527d5b5e027804bb0d45d67f9538c496612e2e454034387

SHA512
b470a53b2e43b96d4ed870b804411f177580570ac0893669c1e12197f232665f415322c48794152afcd6277800368ac0e55941bc2ae96d52d982fbe82fce5581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
15f19c2f88843dd8689ed7558059089c

SHA1
689e614e07331cfd595b68a4782a8850fea5fa5e

SHA256
073d8842d32b40aa452371a742c9d84f38d6f4f9ed449162cf6555b83d2d8992

SHA512
a63d721a03cab2e29c447f99e5298eb138d51a946e5dfa65345cf4ca9770cb3ebaa5c51c66027bb5090d5175166679a04c41ef1b6ffa8938e6fcfe77d6b74fb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
133cc2e4defc19da1b463271a3627e8a

SHA1
eb6e43b6a96e43f22871248c3f25f2bd33fa7efe

SHA256
c15094f8c4f4528baffd9c8ffafadcea17d10d7f9d9b907e15d1020ed1779c3d

SHA512
340488b6dcfcc5cce6b66fee9942863ec31ab5df39ece6a6abb400911722bc104b733b65a272538aff0e90f2c0f28c1406ced240ec475329f2dada477b5f0376

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3e41b5474201d85f7a95179752325311

SHA1
fa6d0ab5abf258893d7b59920b1dfdf8734827a2

SHA256
1e2f2a98f6e68b56b1cbd57dfccc2815086f9c699ca3d09be3af74f97ac6ff87

SHA512
a44adcd2cd5fbb5bb11ed0e8258c5c2d84728be8c8dffa464f1e0fd3c3e00f90406c3f1e011dfeae843584aa89a381e5e6c4c5cfdb3be3c5c699a4ba3c482fdc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
792e73bb4b9f10aecaa27682622529d8

SHA1
a4c41e8e442ea6fe2e98448e8b63057df9fb33db

SHA256
6c943cb451d1017589061407c3dfef5a12f23a5f972b923efffde9c06dfd7ad4

SHA512
7ffa1d16cff274d63c5d9a8aaf13567fff02ad85b59f24460a8726af86c1c597a023e5e9bca3dbae99c9851faad4fd5afc3aa903dfe2a61c8e4996208b3658e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
127f47b4eab5e59685b7b877d4684f40

SHA1
a93ed58bd30dd3e7f0f437373bea4f8d03c9d01a

SHA256
4ee4858ddb02912f1c0fa99889f377b2da0ce1e174c3478b12a056c5d93df90e

SHA512
2b2fe2f71aca7c1d3da086daa2ab313291d0c2472c251bf81722a0b5976af96f0f4789d56caf8365c3a99732370f75b02f51eed9f1520211a531356c0582a848

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
010393c728f18110657968b886424466

SHA1
ac3d4314d0fc8ac993ca819482c5de1d3e64e154

SHA256
1310eaf35aa6e51e7c89b6583393513cfe13bdec9020f8a3d3e02b68bc8d56b2

SHA512
f6fde4a91a64d7c8d8e4deb64ebd7689bb08200a683d071ad1804053cf46dc7fd70d1ee643e78f5d5b0e95d766b1df92ee6e9d6900b465ee374d06cce95a8e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
500d9b0a0dd21ee40ee04e200f5eb0a8

SHA1
b4d5ccf470079995bffe659e588822bc04491f09

SHA256
0aa849846ae2512cee5a899811d72007f96947062bdb5f3135dedef7081962af

SHA512
f6b7a7a28b67980e047fc72139b09ddab0623d412ba65d061d2f7ec1463183d644f71ebd76067881122bde1919fbdb2904ac2a73e22d134438ec65183b69bb5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e40d79a102dd5b9b43b3554d090a007b

SHA1
a7bee1036e6e44532d27255589ea687e7c9adff1

SHA256
143694a2e3861bc666dd65ef594df204db2650a38adfe85989f4439d410d3a41

SHA512
3fa68a2df2ad20b63d81ae285c9aa7bc74d09823c00a799bd55f482328020b86871e4fa418fe5e3bb89118a4afe9e933b8b4412b3df230b3d1fe69a254cce278

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ff4494ea98363eff1157d2449ab17c61

SHA1
294fa83c103eb59169499e90f238448b99b57838

SHA256
e8964b58a4e3fac552da8176c358ee89484907c389ac96b2d6f8ab904b4396cd

SHA512
2bf3d150bed3caccba93828928c1402daa18c60975e6eb300bd8ba934236bd33951425d982fcd30123ad1bd70a10f5fbbf9ae38860669257376018c3d5c65086

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
08666714042f75706fbb30be24db4d4e

SHA1
937539499dc3e16553e60a7c20bd5a5c991c445b

SHA256
4be872c2a03eed417fe83d70ee74f9a5d00736bef9e720fcf07ad747dd4c9d09

SHA512
04d950a0c56814380addc72683f119769ddc1b736ec8975acb70ac72fd00fa08b59678a8470ce026ae678546951206a87b5f99f5622e2dcda0a28a4514f3d8c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
481b72cf0d582496ba97d36fbde3bca7

SHA1
12fe2ebff36edfc5efff41326b4c62d444d87fb0

SHA256
ddf4fc5b7367acf85b1108c0a850d65f8f65fdea2aabf65ebfa90e292e830c09

SHA512
05a1c4973b016bf944e2b8767ccc574b3218c4c6cc9649647a1842af13d80301e337f29bc267818b580271d61305b58f5e27ec1881eadeaf288300c78f312b30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
91a5a4976b064cc9909a02e1146908d6

SHA1
5bf23e7b6ce71073bf0e6adf66beae25302588fb

SHA256
7e184bdc12dca8b9db17ba2662397a5c1f651f7dc82452300d3b356d36f8b45d

SHA512
22ee94003fd7ea7ba29b929992ad6a2bbd646127e61858bb3794961ad8267413589dc9c776ef4130e5806a7ea25ba8e7e376f06daa290b50922c7d86b676bb9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-SE70P.tmp\Sapphire Raider 2.1.0 Setup.tmp

Filesize
3.0MB

MD5
60e37d0404e32890038a474734222902

SHA1
57318324b332e9b9cd3bcb6d66096fd2c722bac5

SHA256
00c460591082e17f7319c666bb00746ba10e2861bd5c31e7488df9b84eb45ef2

SHA512
9d2c23d82adb39d6491f488b9db8548bbcd3f54c11c499603527761d7e77faf944e37590040a109b9f3324c99e3234f04a5bed957cfe0ee3009c915edd13c327

Download Submit
C:\Users\Admin\Downloads\Sapphire Raider V2.1.0.rar

Filesize
36.5MB

MD5
489760e4327657ddeadf87c1ddfba9de

SHA1
ececcac1182a8c8cef2e3545313020d00dae12ee

SHA256
16dc99b67f16654cb217bd1c100fa90528012f9d252fdf5cdd7e8fb9c90f2935

SHA512
06f6feb65ea91c1fc5863ac76c82bf0ce22abd37208af2e2ef83cb7098eacac666697f55aad535caea2b900dc955ee5ed5245c1742a840fb14d937989a16c555

Download Submit
C:\Users\Admin\Downloads\Sapphire Raider V2.1.0\READ THIS!!!.txt

Filesize
362B

MD5
fa42109267ea5456a0e997bba37528e2

SHA1
a54703c579d8d6ec5cec8ab08c3308294940579b

SHA256
49e14d8a1a0f968f201d34b47b1ee942439f11aacd156d9655aae9a66ae0bef4

SHA512
2728c150fa101e91c6a1d89bee49a49b7a18f0308239dce85102154d7d87c706fecc8eaa51fa635ec00b8fcae36d08d494786f68c343ea209073a3bd3295dfb9

Download Submit
C:\Users\Admin\Downloads\Sapphire Raider V2.1.0\Sapphire Raider 2.1.0 Setup.exe

Filesize
35.8MB

MD5
a4aef766a43cf51a69da259493f39b65

SHA1
f4c60fb652393e8a642dc41de5efe2316e5d6db6

SHA256
4e93fd44731bae88724303c23ed29ba6e842774a5c45f2b4df96f0cfbb056cb9

SHA512
38e38a61b2feb07a49c6772d6c21270d92bebe1c52c41e4085d0f312484023464914cf7ff3f538a6ce8cbbb57282b05c6baf175db79dbe72be94c206d78349b8

Download Submit
memory/6224-622-0x0000000000400000-0x0000000000708000-memory.dmp

Filesize
3.0MB

Download
memory/6556-534-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/6556-623-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download