vidar | hxxps://www[.]mediafire[.]com/file/49cvufrqqhv4gqo/Ṕ@ṨṨḴḙyĦīṥẏḛ_Ṕ@ṨṨḴḙy_Setup3[.]rar/file

Resubmissions

01/07/2024, 01:15

240701-bmewza1hkh 10

01/07/2024, 01:09

240701-bhv3dsvcpn 10

Analysis

max time kernel
119s
max time network
111s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01/07/2024, 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/49cvufrqqhv4gqo/Ṕ@ṨṨḴḙyĦīṥẏḛ_Ṕ@ṨṨḴḙy_Setup3.rar/file

Score

10^/10

vidar c70f482a18aea356c95e9e64e49355be stealer

Malware Config

Extracted

Family

vidar

Version

7.7

Botnet

c70f482a18aea356c95e9e64e49355be

https://5.75.209.125

https://t.me/newagev

https://steamcommunity.com/profiles/76561199631487327

Attributes

profile_id_v2
c70f482a18aea356c95e9e64e49355be

Signatures

Detect Vidar Stealer 3 IoCs

stealer

resource	yara_rule
behavioral1/memory/8804-648-0x0000000001200000-0x0000000001941000-memory.dmp	family_vidar_v7
behavioral1/memory/8804-651-0x0000000001200000-0x0000000001941000-memory.dmp	family_vidar_v7
behavioral1/memory/1112-665-0x0000000000BA0000-0x00000000012E1000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Executes dropped EXE 3 IoCs

pid	Process
7216	Setup.exe
7348	Setup.exe
9016	Setup.exe

Loads dropped DLL 8 IoCs

pid	Process
7216	Setup.exe
7216	Setup.exe
7348	Setup.exe
7348	Setup.exe
8804	PsExec.exe
9016	Setup.exe
9016	Setup.exe
1112	PsExec.exe

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 7216 set thread context of 7384	7216	Setup.exe	148
PID 7348 set thread context of 8784	7348	Setup.exe	151
PID 9016 set thread context of 5068	9016	Setup.exe	155

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642697717575608"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	7zG.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	7zG.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
7216	Setup.exe
7216	Setup.exe
7216	Setup.exe
7384	cmd.exe
7384	cmd.exe
7348	Setup.exe
7348	Setup.exe
8784	cmd.exe
8784	cmd.exe
9016	Setup.exe
9016	Setup.exe
5068	cmd.exe
5068	cmd.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6900	7zG.exe

Suspicious behavior: MapViewOfSection 5 IoCs

pid	Process
7216	Setup.exe
7348	Setup.exe
7384	cmd.exe
9016	Setup.exe
8784	cmd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 59 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3716 wrote to memory of 2200	3716	chrome.exe	74
PID 3716 wrote to memory of 2200	3716	chrome.exe	74
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 3192	3716	chrome.exe	76
PID 3716 wrote to memory of 4068	3716	chrome.exe	77
PID 3716 wrote to memory of 4068	3716	chrome.exe	77
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78
PID 3716 wrote to memory of 1268	3716	chrome.exe	78

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/49cvufrqqhv4gqo/Ṕ@ṨṨḴḙyĦīṥẏḛ_Ṕ@ṨṨḴḙy_Setup3.rar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff41bd9758,0x7fff41bd9768,0x7fff41bd9778
  2⤵
  PID:2200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:2
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1840 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:8
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1940 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2892 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4708 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:8
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5420 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:8
  2⤵
  PID:304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5672 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5012 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4928 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5908 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5268 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6252 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6932 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=7108 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6936 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6296 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7452 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7548 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7696 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7824 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7988 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=8128 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8564 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8688 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8708 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8984 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=9020 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8856 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8396 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9552 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9716 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9920 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=10060 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:6844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9840 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:7004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=10196 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:7088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=10180 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:7096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10640 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10824 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:6420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10992 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:7192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=11124 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:7200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10600 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:7348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=11000 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:7356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10780 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:7508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=11572 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:7592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10628 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:7600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=11800 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:7748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=11148 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:7756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=12340 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:7908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9868 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:7916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=12652 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:8064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11948 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:8112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=10956 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:6444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11996 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:8228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=12912 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:8388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=1572 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:8476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=5376 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:8700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=13472 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:8736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=13480 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:8748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=13748 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:8900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=13760 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:8912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=5936 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:1
  2⤵
  PID:9060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 --field-trial-handle=1784,i,17088841643452780414,304505365915978057,131072 /prefetch:8
  2⤵
  PID:6452

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:752

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6192

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Ṕ@ṨṨḴḙyĦīṥẏḛ_Ṕ@ṨṨḴḙy_Setup3\" -ad -an -ai#7zMap4500:116:7zEvent29275
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:6900

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Ṕ@ṨṨḴḙyĦīṥẏḛ_Ṕ@ṨṨḴḙy_Setup3\Full!!_!!Install_Ṕ@ṨṨḴḙy_Setup\" -an -ai#7zMap1509:280:7zEvent22180
1⤵
PID:6692

C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Ṕ@ṨṨḴḙyĦīṥẏḛ_Ṕ@ṨṨḴḙy_Setup3\Full!!_!!Install_Ṕ@ṨṨḴḙy_Setup\@#Setup-Password-123\Setup.exe
"C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Ṕ@ṨṨḴḙyĦīṥẏḛ_Ṕ@ṨṨḴḙy_Setup3\Full!!_!!Install_Ṕ@ṨṨḴḙy_Setup\@#Setup-Password-123\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:7216
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:7384
- - C:\Users\Admin\AppData\Local\Temp\PsExec.exe
    C:\Users\Admin\AppData\Local\Temp\PsExec.exe
    3⤵
    - Loads dropped DLL
    PID:8804

C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Ṕ@ṨṨḴḙyĦīṥẏḛ_Ṕ@ṨṨḴḙy_Setup3\Full!!_!!Install_Ṕ@ṨṨḴḙy_Setup\@#Setup-Password-123\Setup.exe
"C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Ṕ@ṨṨḴḙyĦīṥẏḛ_Ṕ@ṨṨḴḙy_Setup3\Full!!_!!Install_Ṕ@ṨṨḴḙy_Setup\@#Setup-Password-123\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:7348
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:8784
- - C:\Users\Admin\AppData\Local\Temp\PsExec.exe
    C:\Users\Admin\AppData\Local\Temp\PsExec.exe
    3⤵
    - Loads dropped DLL
    PID:1112

C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Ṕ@ṨṨḴḙyĦīṥẏḛ_Ṕ@ṨṨḴḙy_Setup3\Full!!_!!Install_Ṕ@ṨṨḴḙy_Setup\@#Setup-Password-123\Setup.exe
"C:\Users\Admin\Documents\OneNote Notebooks\My Notebook\Ṕ@ṨṨḴḙyĦīṥẏḛ_Ṕ@ṨṨḴḙy_Setup3\Full!!_!!Install_Ṕ@ṨṨḴḙy_Setup\@#Setup-Password-123\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:9016
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\SysWOW64\cmd.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
8f3843a9da63a7c396a894b5865b2f67

SHA1
2e7f9776d1ba8b15aea00d84eff977929ed70022

SHA256
76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a

SHA512
06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8bad0d4ab09817004f71942a4ec6da8d

SHA1
739902d8abc1475426e278776fdc370d6b3cbc6f

SHA256
5fe824812fcbf05a5774738502e81890607d3b9247597b14ceb1855295b062bb

SHA512
60a07656f1696b0c8f50674e529f9de24f106b64e71df238bae19bc0c8669a8501e135c1a5c94cdaf4d37df9e55428a94e8afbe9cceaabfd106e356495e6b7ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
823bcbf31752b9e553a4c31fb1ae608b

SHA1
0ec2303f252fb774117e3f3af3f518e421462e7c

SHA256
2ec5853e4bbdd2823deeace4e18cab4e9d50b2cda90228b2e346f698129aee9c

SHA512
28cc54f0d95efe08a922257ff7b9c07053ad243f1d6671a6318b4d9df12a29706d0dd5499870e67c108f9691d2fc8c76e7d47e88e9119001c2410b9db40a882e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\28689094-5df4-4304-9a88-f584dc45b889.tmp

Filesize
5KB

MD5
44e9700cab806a4893f9405348a3ec20

SHA1
e444247072f9fa4807d426eb54bbbae6a60da427

SHA256
80a9c732d16de6cc15faa5ce7fd884c41ef8374941619118abed731defcba805

SHA512
a00c0bfb9aad8be6702af19bc09b387685772bb469bc1383c56267efc04955574f1cbe46a621d6eb7f3b6236d1077c7a2aaef6764bf572429605f06a56a0a723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
a507ea4ffe42b805d0c5a2b7a7241179

SHA1
2b006e4db528431612a3946cd4db250967f44ee9

SHA256
2308c2bce0c3e463339f9b488de3d761bc04073bc7c983dbcc83dab5d797aabd

SHA512
3f34932902c59e0935664b9e584861e9fe228d984aeeafe3208ae68555cca6c619c041d76983fb0d9fa0331712f8da754a86864781306fe1819338341fcb3c10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
aced4afdc9ea5b8e126c1a36ad2c7e91

SHA1
5da05ca834ac1eb9134992b90ccf0da0b2f1f054

SHA256
0c83cf139bbade56885a9118cf3d4ed2cffa500ad0622a84cce51b8618724155

SHA512
20178ada4f93abf068d25bb4fdc46e5107ccdad0fae73d05d988a08185b29f0ec22fc39487e5ccf65718d1bf90704da01a8210526cefffd7182e5de967fee52b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4f2a346605dbb35ddad044fce143148f

SHA1
b26520dd5991baa531650eb1dccd9aa6b276e6a8

SHA256
6bc20a02b205533455206e89ced5e9508c00f5eabca6fdb8e49050eef2da92ee

SHA512
2ae08929fba28d417cacba6ffc02b47f04d0c4c33f9abb9d8b767e01f0bcadf00b178ab184b9d4552d7cffa02291f39a3779ca986085bbfbe6306cddc669b8a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9544f114f408ab7fa897602b8e98dae7

SHA1
5a1f603d3ba195baba41b5e1c51c1c8fda4957c3

SHA256
1e47db8bea75808795376134d9a7a10f1465b84a3602541f3583bf23e5c5d55d

SHA512
32eee81709376835ad6ef7126dc7fd2611c3bde9c9add6e03f3c8fd64821bfbbafd82434e3e04acd938b36bc1394e2f9b49cd3e84700eefd0c9566f6e4082119

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d2a720251f46f02addc3f7e43811efed

SHA1
fabf53c76492faf31733c413e16ceb28e03a9ade

SHA256
38eefcaa3484d2e7efc7f27350b86222dbb15ebaa177f2b00200682e59f3c34d

SHA512
e90c47fba429296f6f8d1008c7773a8cac23739c39125e08e637157387798eefde0114d53a9b4b0f5e5efd38b53f1163a9de002a290c05aa201ab49bb7cb25f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e3c0d317356eddd4e296bc3fd9c64803

SHA1
826ce83bbbc498f04b7afb1f2b7252122c282e86

SHA256
bcb302531bce2e6a5eac664e719c4d0c73943c78f409007bc20119ccd22beeb1

SHA512
e36a7dd1e76671b4350fb9694e20966b0c998caf9d443360176f5e68bfbb63f5f5b1ba2367f481a23adc2e6c946fd1999fb5435d1bff3730523a968aaaeab9a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3ad80f0e51a352f56ddb4ae0cd2b9f43

SHA1
f7e3c43060cf78a1afa967e4c6645f82afa6315d

SHA256
215fb2c46b83397bced81e198350770ff1c5c041764c13db9463d0bd682d4050

SHA512
9557964dd94aa78ea39ddeda1ddd0b853e984bf2d84c7288a4e49ab37030aa5db0e7e16bac1bb5c05993b082e8dfd85fd9287db7a64254c785ce54a14d67e2fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0e516e7aaa0457367352382e4fff61f8

SHA1
55d13ce3998de13d6bfb2fe348438e983a777c89

SHA256
1fb172958489bb77d4f2b7230225ec8ff23cc6291685468c086dbc45d8d4a278

SHA512
6b47ebe93e3c2910545bdd688fd1be5f3041ec9dfd1bc038473d2efa2781565d67f86485c3c4765d57ac47ec6612c0692a0e787dfddf32553456f3a961c4b863

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
922ed6a618e00a30fd03f30573f98307

SHA1
c29f280a6e0f6cd88c71260c594f8a196a27fe39

SHA256
82c1d72102ee73111f6c1a5c3a583b6268f0de363f8db34a95b3e48460c76cf0

SHA512
d43626af2cc378e864ec29fdfb0838f2303807addb77a9f4f6350e8742994f56a824a8590e5f7c7fbf5cb947e63e28523fb7ff5947933a9fb96b4240862d042e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
531ed59321a6919ee4233c8958e1a702

SHA1
987698ca15b956a39856b89466e441dca9ef46d5

SHA256
b4cffaecb5220706eb955ff88675ee238f175da8f3a8e0ab8a327161ffa0225f

SHA512
7ce73ac726bf94a3203ed0b3d1ffb5115c768701f5008ef3aed81ed3195f1883d3f9561b8bc7d3cffe9c445d4beae3590730875a511f793a89cb55fdfe1bd88f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Onco\ASUS_WMI.dll

Filesize
6.6MB

MD5
7d7c0151c44d3cdf5405e8e0e7cfe807

SHA1
a3ed73669b36ce95b1e79b2065f71e7f44441121

SHA256
5fbfebd4a6b0721ab1bffe0d3a3c6cb28f39d652a6faa220a912eaf981ace204

SHA512
5acfcacbc3f06906cc78b6d77789f4a9d27e0cef230169682850b82624150c30f93e8f0ee150c6ecbcbf7c282067e9e5000afd126b03da96a7ec045a9efc91e2

Download Submit
C:\Users\Admin\AppData\Roaming\Onco\ATKEX.dll

Filesize
84KB

MD5
e68562f63265e1a70881446b4b9dc455

SHA1
da16ef9367bde3ce892b1a0e33bc179d8acdceb3

SHA256
c8b16f1c6883a23021da37d9116a757f971fe919d64ef8f9dba17a7d8dd39adb

SHA512
6bedea10a5b50f6e93e8566c18970c8ad1b8dfc7d5961069fc5d5216dcdded0b2a2ad8dd91f4ad80f8604d573a343c126df238ee5c448cdc26b899077957a674

Download Submit
C:\Users\Admin\AppData\Roaming\Onco\AsIO.dll

Filesize
120KB

MD5
3e2c867b129165acdb3a457e131b90bc

SHA1
f538fa5705229da2c4403830d8c9f13e3a885f73

SHA256
e1bb63ccac541b38266228acd3d77a141efc468a69c3f821bfcc06330ce86815

SHA512
8a6574138f43e263f045bf5b1f2b0fb495fb0d424c403a0fd5a19959bfc970243b43c46f4dff86091d34980d3be9bf07034d9f3478ac7043ef0bbf5e2ed365bf

Download Submit
C:\Users\Admin\AppData\Roaming\Onco\beard.css

Filesize
6.0MB

MD5
4579ded02f573a7b07d46db3b54e4149

SHA1
ffdda35db4842133d35aae9f2b17e8403323c3d1

SHA256
68effab2bb2b8bba6bf9f290d6464b3d83dfdf41f61b5cfad8dce30e3f1ebfe0

SHA512
3946c3406384102bcf8d4dd68841daf109d8846a838e0e1b95bcf781d698458aa850b33addf18486669d92d405c89fbc2a2de5acfbc40eef4e671870f8fc32aa

Download Submit
memory/1112-667-0x00007FFF4AAE0000-0x00007FFF4ACBB000-memory.dmp

Filesize
1.9MB

Download
memory/1112-665-0x0000000000BA0000-0x00000000012E1000-memory.dmp

Filesize
7.3MB

Download
memory/5068-666-0x00007FFF4AAE0000-0x00007FFF4ACBB000-memory.dmp

Filesize
1.9MB

Download
memory/7216-410-0x0000000072E60000-0x0000000072FDB000-memory.dmp

Filesize
1.5MB

Download
memory/7216-416-0x0000000072E60000-0x0000000072FDB000-memory.dmp

Filesize
1.5MB

Download
memory/7216-411-0x00007FFF4AAE0000-0x00007FFF4ACBB000-memory.dmp

Filesize
1.9MB

Download
memory/7348-643-0x0000000072E60000-0x0000000072FDB000-memory.dmp

Filesize
1.5MB

Download
memory/7348-635-0x00007FFF4AAE0000-0x00007FFF4ACBB000-memory.dmp

Filesize
1.9MB

Download
memory/7348-634-0x0000000072E60000-0x0000000072FDB000-memory.dmp

Filesize
1.5MB

Download
memory/7384-641-0x0000000072E60000-0x0000000072FDB000-memory.dmp

Filesize
1.5MB

Download
memory/7384-633-0x00007FFF4AAE0000-0x00007FFF4ACBB000-memory.dmp

Filesize
1.9MB

Download
memory/8784-649-0x00007FFF4AAE0000-0x00007FFF4ACBB000-memory.dmp

Filesize
1.9MB

Download
memory/8804-651-0x0000000001200000-0x0000000001941000-memory.dmp

Filesize
7.3MB

Download
memory/8804-650-0x00007FFF4AAE0000-0x00007FFF4ACBB000-memory.dmp

Filesize
1.9MB

Download
memory/8804-648-0x0000000001200000-0x0000000001941000-memory.dmp

Filesize
7.3MB

Download
memory/9016-652-0x0000000072E60000-0x0000000072FDB000-memory.dmp

Filesize
1.5MB

Download
memory/9016-653-0x00007FFF4AAE0000-0x00007FFF4ACBB000-memory.dmp

Filesize
1.9MB

Download
memory/9016-659-0x0000000072E60000-0x0000000072FDB000-memory.dmp

Filesize
1.5MB

Download