lumma | hxxp://mediafire[.]com/folder/6q6psz38mqj7b

Analysis

max time kernel
136s
max time network
137s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29-06-2024 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://mediafire.com/folder/6q6psz38mqj7b

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service
T1102

Processes:

flow ioc

2 mediafire.com
Suspicious use of SetThreadContext 1 IoCs

Processes:

Aura.exe

description pid process target process

PID 7104 set thread context of 5896 7104 Aura.exe RegAsm.exe

flow	ioc
2	mediafire.com

description	pid	process	target process
PID 7104 set thread context of 5896	7104	Aura.exe	RegAsm.exe

Drops file in Windows directory 4 IoCs

Processes:

taskmgr.exetaskmgr.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

6536 7104 WerFault.exe Aura.exe

pid	pid_target	process	target process
6536	7104	WerFault.exe	Aura.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641407575594394"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

Processes:

chrome.exetaskmgr.exechrome.exetaskmgr.exe

pid	process
512	chrome.exe
512	chrome.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
6380	chrome.exe
6380	chrome.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
8592	taskmgr.exe
8592	taskmgr.exe
8592	taskmgr.exe
8592	taskmgr.exe
8592	taskmgr.exe
8592	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs

Processes:

chrome.exe

pid	process
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe
Token: SeShutdownPrivilege	512	chrome.exe
Token: SeCreatePagefilePrivilege	512	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
512	chrome.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe
7868	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 512 wrote to memory of 4164	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4164	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 4468	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2316	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2316	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe
PID 512 wrote to memory of 2480	512	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://mediafire.com/folder/6q6psz38mqj7b
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffea7679758,0x7ffea7679768,0x7ffea7679778
2⤵
PID:4164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:2
2⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:8
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:8
2⤵
PID:2480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2676 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:3492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2696 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:4752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4700 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:8
2⤵
PID:3244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3148 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:8
2⤵
PID:1140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4924 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:832

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5400 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:3148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5516 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5628 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5780 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:220

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5944 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:4488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6552 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6736 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6056 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:2632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6008 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:2568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6060 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6980 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6000 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:4752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7080 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7356 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7516 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:2500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7520 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:4712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8040 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:5504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8044 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:5572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8372 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:5648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8380 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:5656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8716 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:5804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8896 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7840 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5760 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9272 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6256

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9244 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9436 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9460 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6352

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=9488 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=9476 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9464 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9636 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9676 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9720 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9816 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9840 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9848 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=9864 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=9888 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9896 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9912 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9928 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9944 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=12348 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:7744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=12040 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:7824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11656 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:7872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=12316 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:7880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=12624 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:8116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=13184 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:6492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=13048 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:7672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=12856 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:7700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=12924 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:8216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=12760 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:8224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=3136 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:8376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=13496 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:8476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=13636 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:8548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=13656 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:8556

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=13936 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:1
2⤵
PID:8768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12892 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:8
2⤵
PID:6192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13740 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:8
2⤵
PID:7108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=13700 --field-trial-handle=1672,i,13798942375896868141,7723289096502162650,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6380

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3824

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5952

C:\Users\Admin\Desktop\Aura\Aura.exe
"C:\Users\Admin\Desktop\Aura\Aura.exe"
1⤵
- Suspicious use of SetThreadContext
PID:7104

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:6856

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:6876

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:6004

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 340
2⤵
- Program crash
PID:6536

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:7868

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:8592

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2c044739-879b-4e27-8c86-ddf5815d4bbc.tmp
Filesize
111KB

MD5
e0e0ead69cafb779cf4de27b7845ebf8

SHA1
45ea6d14bf4bc6fb784e2da5155f7229455798f8

SHA256
b0ecf561343846e2c055555f725bc05b34f93e92b2595620a0dfafe6f4fe2d68

SHA512
192fb462aadd7b9b9c9dc04c768f4d353888f695ba616ff8817e0a9965624838a04a095fd133e95ee6d48fd23a5fbb872b2c32cccc30197f4fc077c54e9d67e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
c86640aaa33658aa24db5a9e946108b5

SHA1
42a8819c961a6db7e165a84bab0781ef72e71d81

SHA256
bad1ea3662cf7bbc1c20e838088b1b20eb1cdc6060eff54f7513c67a6bfd0717

SHA512
5fea5255ffee9a38d99ff112b0ccadccc5c08458ba90d91655a92bbfdb83d921188bd1952893c934467d211b10e6b9f89ae8b4a5fe1a3db1124641f86897fc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
b3ba66dd5895bb4a53b78e7dafed2828

SHA1
a217674c0e23373401cf5c206c27a473004e0da3

SHA256
974c13a80eddbfc4ae3344f9a433e75f588507017b9a6e0fb6f58f408469b5f6

SHA512
336530be355e116f1faa10dd08a6b431bd09dee9af574ece9c2a1e5a055ac548087aee0671fa106c630473f68627b1842b66a21163987256a3c05180fe6ae713

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
19KB

MD5
dff786c5113dbd9d5b2b698e71c54c80

SHA1
f457b9ba65f914697ac4403541f5dde37e30050b

SHA256
f05a0bd8d65760cb0d7ca1d5e52fddd758c4f8289e43c37693115c1a17858de0

SHA512
e48b31adffc2125a5848035c8b4700c80d68bddf11d8b1ee454ae1d12a6663f2dedc65470aa176c5f7ea6bf89340e7ada1b5fa0253973be08a0f68c0e423f1b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
29472895558e81312fd043432824eb97

SHA1
6c86eb4a239dccf55aaeddebc85ddfe7f91622ae

SHA256
ad55f8a7dc44a5c1aecd4a914e03ff7806af8c9f92886f6ca4eb9a083b00ae90

SHA512
255ed7a9438f84009c5a63c0c628ef2a69d5ac1fb12f36e001c891192cffdddb71f199375308e9fe97e49c81b5bb944cce57f6e07d26d30e1d0a2ab5e78267a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
8ce04a8f5bedafe16abfeb5af2954c4e

SHA1
c29744dd7d5909b03f23e4c2beb66df6af244731

SHA256
c5bda94c54690ce276552cf80bd71b558f39971cb5938e55af07fa7e03494735

SHA512
68e19fb5751bc6bc8af5fe6790384a880d760e8ac453bd53dd5e5fd0276dbc35474ecc8abe7c2e2b406db5e137fce3347d9a3678853660b307e63dbed5adb9e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
2ea183a875c3cad650bb4eb92023c08a

SHA1
bd9e3391ec88f5f23ec36defe82ec8f4d584a09e

SHA256
1ab93bda2a2af75ce50f17cb019676fbfbede0b27ff7211e1b074e6513820523

SHA512
5c0818d7d703239b2282bab53758339957516ea60e81d849a537110e0d7bd4dbf52b9652b6afe361fd57a16ceba539b28d1936959af20110fc2c204246766f5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
0e5918a4203e383d0fba5410cb2a64b7

SHA1
02340ad3b6f93757297249787c9a901b603f76ca

SHA256
892ecca370f82738787306b4c20b9c064db28193837eee57a542fb423fdee019

SHA512
d74241bd5a20d943fd6390091aab6bb186d904c1621507f9149db0bae2bdb10f69cd5d5baa2ad86ebba144df4070b4b264661bc02ea3088ca57715895b1eb897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
b1ef474745ad6f7947725ca15f206583

SHA1
bb3b5fdd8e36747640b68ae5723e8f6fcb92f47c

SHA256
3609e23a901d4af7202e1b64156086883d85c05b8a8268bdad92d4f95d834bbf

SHA512
d1d845b3f43ccfdee918e99d574055269c41b3b4caf58fe11f0826aac71216814bd8da1dca1a2211815170964548fa0252f899bf9acd3145bca102a4b1484e03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
bbddb889f4cbc06868ed971cfe81f8cf

SHA1
1182b4c0ad1d2cba0013c244ffd9534230bfa542

SHA256
cea86e3aaac6a00d69705e3dc15f774a73b144160289fdaeb91d542fb4f3ae5e

SHA512
1590dbe49e16e20513100f53da4eb8079724313b8a84d674ca5189c479bdb50be9f06f5d9badb3de0c2721cd89081fd885653ab1a8a88bc6faa3bb0138fde9ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e2f5cdf71b441523d62e772b25cb33d0

SHA1
002fce357e1839cc085a4a7e1907b6fb42ac8e7e

SHA256
acbe0eb55df5ce75dd341caaebaca2ab03402e6fa1508ded8b049757386e72c3

SHA512
a33dfdbdb1e80d9bff4b5d552347ff9fbd39ca9ea616db2c29619234d530a28a604b41434217e02cd27be3a64ffd8dd6639dbeef4942ee4dd1920aa2ea5f82f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
7a961a04291be1ab5c16eafd6a9bbdff

SHA1
b8c35d677297a9acd47ca3bec310530fda9694bc

SHA256
2190b5d9498e2caef65bf25bf4e5e9e73e20a9948c8dda6edc1cb025a4fda620

SHA512
00b8c9a585c81a80d9372f04c5f908b256d8a534123766e5af21285f356602a79ec0a51eb65dcee8e4ee2494e59aa8d4c7c41e2d9eaf9f9846f9c346d9e398ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
5cb616ddeff65fec73b311b162db094b

SHA1
e67b4ae8dfa5311039eefabff3ec993591d69b14

SHA256
2f898a48b121cdc8c1aee389365d7506a17efd3b25594b6f1595e6387aa0018d

SHA512
b3803e9e2b14720e4d4f9e61ae1ea0e0b19f7f748640f66f3f575aa5b31790998144fc0eec10efd69f10c9e6cd9c2da375b6da5c54756dd36496683d2eeb1c44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe588da5.TMP
Filesize
107KB

MD5
4b75bc0148fe79baad271445d86e6104

SHA1
08200428416e041dc4ac83349a89bc96f775c7dc

SHA256
1311b1207f584224aa406b020c2ac402f5c560d56ef3aff6cf4e0a2b5554deea

SHA512
f719b1492acaf837e085ca2761ca9274377b31c3e6ac65e8bb0eab805df4d816d86eb5575ab594b3f55ac458a4646eadbe74c3a302a68873c5d3d4ec1ca8db35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_512_MYGQONQQHJAELQHU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5896-418-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/5896-420-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/5896-421-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/7104-417-0x0000000000C30000-0x0000000000C31000-memory.dmp

Filesize
4KB

Download