redline | hxxps://www[.]youtube[.]com/redirect?event=backstage_event&redir_token=QUFFLUhqa3p0UnBhem8xT2VqWHpOcGw1Tjk4MHNSOHRtd3xBQ3Jtc0trSHRXWVZzeDQxMXNqMEtrUnZ5UzZ0X0FCWXE1UHl1bkd5MGZRQnd0TEdnTDRJT01JQ0k4bGdjTWFMVzRuZWVXSzYtcHFkRWN2VDBNQjZ6amFzdUxxT2R5MW1HRjF4MEE0N1lmQ0VsNXdYNTJMaEZabw&q=https%3A%2F%2Fsites[.]google[.]com%2Fview%2Famamsoft%3Fusp%3Dsharing

Analysis

max time kernel
117s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=backstage_event&redir_token=QUFFLUhqa3p0UnBhem8xT2VqWHpOcGw1Tjk4MHNSOHRtd3xBQ3Jtc0trSHRXWVZzeDQxMXNqMEtrUnZ5UzZ0X0FCWXE1UHl1bkd5MGZRQnd0TEdnTDRJT01JQ0k4bGdjTWFMVzRuZWVXSzYtcHFkRWN2VDBNQjZ6amFzdUxxT2R5MW1HRjF4MEE0N1lmQ0VsNXdYNTJMaEZabw&q=https%3A%2F%2Fsites.google.com%2Fview%2Famamsoft%3Fusp%3Dsharing

Score

10^/10

redline @nonamepuk infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

@NoNamePUK

94.228.166.68:80

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
RedLine payload 1 IoCs

Processes:

resource yara_rule

behavioral1/memory/7192-592-0x0000000000400000-0x0000000000450000-memory.dmp family_redline
Executes dropped EXE 5 IoCs

Processes:

Setup.exeSetup.exeSetup.exeSetup.exeSetup.exe

pid process

7644 Setup.exe
5792 Setup.exe
8564 Setup.exe
8668 Setup.exe
1524 Setup.exe
Loads dropped DLL 5 IoCs

Processes:

Setup.exeSetup.exeSetup.exeSetup.exeSetup.exe

pid process

7644 Setup.exe
5792 Setup.exe
8564 Setup.exe
8668 Setup.exe
1524 Setup.exe
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

44 sites.google.com
45 sites.google.com
293 mediafire.com
43 sites.google.com

resource	yara_rule
behavioral1/memory/7192-592-0x0000000000400000-0x0000000000450000-memory.dmp	family_redline

pid	process
7644	Setup.exe
5792	Setup.exe
8564	Setup.exe
8668	Setup.exe
1524	Setup.exe

pid	process
7644	Setup.exe
5792	Setup.exe
8564	Setup.exe
8668	Setup.exe
1524	Setup.exe

flow	ioc
44	sites.google.com
45	sites.google.com
293	mediafire.com
43	sites.google.com

Suspicious use of SetThreadContext 5 IoCs

Processes:

Setup.exeSetup.exeSetup.exeSetup.exeSetup.exe

description	pid	process	target process
PID 7644 set thread context of 7192	7644	Setup.exe	MSBuild.exe
PID 5792 set thread context of 5064	5792	Setup.exe	MSBuild.exe
PID 8564 set thread context of 8628	8564	Setup.exe	MSBuild.exe
PID 8668 set thread context of 7640	8668	Setup.exe	MSBuild.exe
PID 1524 set thread context of 8104	1524	Setup.exe	MSBuild.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640172283643648"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeMSBuild.exe

pid	process
2516	chrome.exe
2516	chrome.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe
7192	MSBuild.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 63 IoCs

Processes:

chrome.exe

pid	process
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe
Token: SeShutdownPrivilege	2516	chrome.exe
Token: SeCreatePagefilePrivilege	2516	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

chrome.exe7zG.exe

pid	process
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
6984	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe
2516	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2516 wrote to memory of 3324	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3324	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 3024	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 4932	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 4932	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe
PID 2516 wrote to memory of 1496	2516	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.youtube.com/redirect?event=backstage_event&redir_token=QUFFLUhqa3p0UnBhem8xT2VqWHpOcGw1Tjk4MHNSOHRtd3xBQ3Jtc0trSHRXWVZzeDQxMXNqMEtrUnZ5UzZ0X0FCWXE1UHl1bkd5MGZRQnd0TEdnTDRJT01JQ0k4bGdjTWFMVzRuZWVXSzYtcHFkRWN2VDBNQjZ6amFzdUxxT2R5MW1HRjF4MEE0N1lmQ0VsNXdYNTJMaEZabw&q=https%3A%2F%2Fsites.google.com%2Fview%2Famamsoft%3Fusp%3Dsharing
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc102ab58,0x7ffcc102ab68,0x7ffcc102ab78
2⤵
PID:3324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:2
2⤵
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:8
2⤵
PID:4932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2196 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:8
2⤵
PID:1496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:3256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3016 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4396 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:8
2⤵
PID:3924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:8
2⤵
PID:792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3904 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:5196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4068 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:5564

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3264 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:5388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5020 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:1236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5184 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:5680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5344 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:5848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5480 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4572 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:5556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5616 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5624 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:8
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:8
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6016 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:5752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5308 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:5936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6140 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:5928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6476 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:2024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6308 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5152 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:5952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6760 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6896 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6912 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6928 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:5964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7560 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7604 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7620 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7756 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7892 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8324 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8584 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8724 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8752 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8384 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8956 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9148 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9524 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9116 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5980 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4560 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9868 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10016 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10360 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10544 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=10548 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:8004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=10044 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=10796 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=10812 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=10828 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10844 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=10860 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=9752 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:7988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9296 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=6316 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:2272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=10536 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:5792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=10876 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:5688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=10896 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=10912 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:8048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10332 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=10664 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=10936 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6588

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11040 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:8
2⤵
PID:6016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=11012 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:6020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=11000 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:8300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=10556 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:8308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=10500 --field-trial-handle=1888,i,10851609875643542228,14984442773034421394,131072 /prefetch:1
2⤵
PID:8316

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4064,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:8
1⤵
PID:5284

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7636

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap17695:74:7zEvent6562
1⤵
- Suspicious use of FindShellTrayWindow
PID:6984

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:7644

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:7192

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:5792

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
2⤵
PID:5064

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:8564

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
2⤵
PID:8628

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:8668

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
2⤵
PID:7640

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:1524

C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
2⤵
PID:8104

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
64d7569e7e9cd59b61724e5ca8024d2b

SHA1
7e567c8f3a278f528fd7d85d462cce4e56bb8e79

SHA256
8adde9c0e5b89d0b9041d73f1c9ef531e668cdc1d020e7625e45f7063569ab1c

SHA512
b4425d6dea07aaa95039db3491ace66ff0e4e64232309b2c7dfe29200823454c3f91391db09b01b83edeb298dd3a9ff1dd0198c13230763553160e5a2607efb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021
Filesize
19KB

MD5
ce1093c800c0933d7c9674eda75790d8

SHA1
371c2dcde092f51b18852e2617bc6c0c176f5873

SHA256
57781a723db9a2483067bcbc89d1f30f7e2f22ae2d18aab1e45ad894d8cdab89

SHA512
fdbb31c607cc9a4bd75c42cbc552fb40d82e53804d156244ed2daa124c75e1680b908589f7a3ad8888b9b03ebfd1f4b3e83e19f84e3a746cf210d0b8a1678533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036
Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
0a999c07ecba7a6dd45a3a7ca735eee0

SHA1
00020ceabb55e153b95cc8875cc7a87f55f12328

SHA256
5d84376c8f9b675b0a22491b044b51768d2f2c6060853f0ffaf5cec2a3687569

SHA512
dae906a716c753a57be4d2301b0e66775cbdcc90201b4f6b88bf494ba40d3a1d4a6c2c824246519b6a39fa3be744b5601004421370f0359f9dd15abb70f62351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
22KB

MD5
3cf084f448713e124e37adc7c34bb139

SHA1
def943c01ea3578b738464a06a90578177ebe61b

SHA256
022f7f1ed617d6ea1aba726758557692f37d72d42fc974eb9b8d789218fd621b

SHA512
8d76547a9b34c755e552ab49c9514cf140d6154f3bf7e16fb4af24528d8741d8ce232e1fa7fe2c1f697c745264776d9bc11d0322afac33a1edc9abfd5c2b08ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
3268cd5f9ce252e67a7b44bbb60ca40c

SHA1
7388742d9c0314d367cfac7142ee7a02717d6a00

SHA256
17b3265c62ec9bf6cd5fc6dcfe32e2f859fe406925905abaf4655150fc612d15

SHA512
684b765a1d00c1336acbab8202b8cf455b1bf4a18a4162ccd0139c1d7fd85c796f3c799c5c56e332566bb4a4ef67178bc1402a1ce2471af4db39a670d893e49d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
7b0f3dc8a187027b0b430a0035bea9b9

SHA1
08e2f1420d861b4fc17d03e2fd6442d0a2fd1b24

SHA256
ffb00fc281ef854384f8b9062e2194c82d88a0f0e955d1b8723d3cd7255dd272

SHA512
c5581e6e789a37854e39da0f61b8ae61525beebd87dbee5cde947f725df0116d96973871feaa4d0412934f6bb0e5b06f277d83afcf7e3802bfc41b9ff8b5b28c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
55f2f4d6f4aaab43f1f99e92bfe11bfd

SHA1
6c5a51578a3b2193c575f0fca55a399e8d04c1b2

SHA256
62ba410a295b5a61486e19e679b528beee4a2f39368d5a9b4620e18b5bd90287

SHA512
8bbaf99d2cf4c4a393891caf144322378472ca8638531dd5a50ce5cbd37b5d8acd087f8da7f66b135181ef56c031a25a74ec99dc85bd35f01922a561f596f8d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
7ad65efddd43756eb5c45e04ce18b3ce

SHA1
b4dcd625666d2fd685414c14ed9306100819bb4b

SHA256
aeb3e4c0b42a5ebfb92c1aa4183d371230697849fa935e580595ae9330953c70

SHA512
a4a171cab05532d3b11e19c826b9bb905ddb89526da5a02877483a3642134f6c0078177b7b987a400113bf783961449cdf411a77bf6c4fe62675c4ff6f1b49f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
6927c6208c54e0e01cd152557c1eb0a8

SHA1
d7fa0e139094b3d0d07c115634822344c0e984ee

SHA256
fde1fb3400e131ac9ada16566e60c8317bb2462c169bf9dfd4062b566872e3aa

SHA512
f1abfeab646e14c7b7c4f8690539c1698a6a0557071664d88591308ab8a6731399121e31544bdbd2654a1e83c3b48344d8132c1458eb5f41fbff55f86c47cb53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
c696a5eb716b204307f4ec63e6641dae

SHA1
4ade20c5681e3a30499a6b4836fb9484e8fe2028

SHA256
7b87e12b19a4afaf1747386e5897c815f6ae6c6030e62cbad5f93c648ebe3c02

SHA512
c4dadeabe560ef766ffc1ed49045784d5914ba32e2a826d93e13bf16818f651584ef7977cca4980b471b14f94654167a5bd01b7d56a07b44b5967d5b8f964d86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
51082c5d9eac43458c9888c9396683a6

SHA1
cf5241f54096b0dedd27829db680a423220006b8

SHA256
7edb973032d260f96fefe08115168dfa9cbe359062c6f3f202c39b9ff01d3562

SHA512
53d92490c046c0a76f263afa15fb785f37304a173ae17b4bdd95caa9d006f28f95b4b05eccff4767659008f0bd31e1f25235500b4aba00dd2a6d167f46e41edf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
138KB

MD5
55c2aee4ce8639ceba3ac61e9c94286e

SHA1
1a457e93d6a6cd64fca157aa5bfc2b18c625eb76

SHA256
79ec44bff16366ee58bbc88e31b9974c9067e899dc02696def9d7199b4c5c092

SHA512
c4a0207869de6c30a633c8d0a3fedea0e890f2b1b061c3b738c641f0af9c2a60b3b94165af34000dcf5bbe06a1525cc62b2ad36971befeb6903c230f7a7e934a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
5bdd79459a99de509b83e80460ba2f32

SHA1
77cc9ac4fc01ebcef30dbf88706a075944028e9a

SHA256
ccd63a0a54181946791b036f51270555e1217313774cef04b431297826149973

SHA512
8c12771accd34a52b3565de21cee484e15c0844fa932b28c18e36f9eaf8a1f9a0b4a1ae3890d7efb9abf103e63500dee6b8e5da0e9cce65f64537571d87966bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe587d2a.TMP
Filesize
91KB

MD5
ebf1f3c4c55930415e2d5f2c5c3c876e

SHA1
0867541f353eb3936502d81d96194204a35032a9

SHA256
91319f44aedb751f446aa285521922dc7a7d4eae1313d9accab827669145d189

SHA512
abb42509936062383f1ffe74f06a5c4a0531cf4d8443832316456dcaaef6a87d80d743b4a8e518d93ddaa54bed9c78f5477077db0bdfee3828e772aed7b7c370

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll
Filesize
428KB

MD5
dd2439b31b366fc1f4bbc99e9839a16a

SHA1
188f219202e86c92cd4065af99ea1a609eacd303

SHA256
f533074be632965f42a68b78322b0b52378266af5c733c055a7fd7a1e7abceb3

SHA512
d015e47b332bca54916987521fde3ccfe674d9a9d1b00cc8fab16f33a940d49ece5c262f1153bffd48246ede7f9cfc794d795d73fed979f1ff20b600576fe4ea

Download Submit
C:\Users\Admin\Downloads\2024.1.zip
Filesize
262KB

MD5
bc5fab9090071a93a58aa76642e3dd8b

SHA1
58a3e2daa2e94890bd7a50445144ad618ac259d7

SHA256
e4fe07e038a44d567040df24563d1230e59a5d9f2be042f8c134a20b88503a66

SHA512
9825b3e2578a83571fec41207f9bb5028e2b0f09057029af09e049e752a214612a3777ae8e81a77d5031f6ed68d97d04fb6479e86a5802468158d3a73b0f10a0

Download Submit
\??\pipe\crashpad_2516_EMLEKPELYYPHMIYP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/7192-598-0x0000000006C30000-0x0000000007248000-memory.dmp

Filesize
6.1MB

Download
memory/7192-600-0x0000000006B10000-0x0000000006B22000-memory.dmp

Filesize
72KB

Download
memory/7192-592-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/7192-624-0x000000000A670000-0x000000000AB9C000-memory.dmp

Filesize
5.2MB

Download
memory/7192-595-0x0000000005AD0000-0x0000000006074000-memory.dmp

Filesize
5.6MB

Download
memory/7192-596-0x0000000005610000-0x00000000056A2000-memory.dmp

Filesize
584KB

Download
memory/7192-597-0x00000000057C0000-0x00000000057CA000-memory.dmp

Filesize
40KB

Download
memory/7192-623-0x0000000009CB0000-0x0000000009E72000-memory.dmp

Filesize
1.8MB

Download
memory/7192-599-0x00000000084B0000-0x00000000085BA000-memory.dmp

Filesize
1.0MB

Download
memory/7192-610-0x000000000A0F0000-0x000000000A140000-memory.dmp

Filesize
320KB

Download
memory/7192-601-0x0000000006B70000-0x0000000006BAC000-memory.dmp

Filesize
240KB

Download
memory/7192-602-0x0000000006BC0000-0x0000000006C0C000-memory.dmp

Filesize
304KB

Download
memory/7192-609-0x0000000009180000-0x00000000091E6000-memory.dmp

Filesize
408KB

Download
memory/7644-584-0x00000000741FE000-0x00000000741FF000-memory.dmp

Filesize
4KB

Download
memory/7644-586-0x0000000005940000-0x0000000005946000-memory.dmp

Filesize
24KB

Download
memory/7644-585-0x0000000000FE0000-0x0000000001044000-memory.dmp

Filesize
400KB

Download
memory/7644-594-0x00000000741F0000-0x00000000749A0000-memory.dmp

Filesize
7.7MB

Download