vidar | hxxps://www[.]mediafire[.]com/file/49cvufrqqhv4gqo/Ṕ@ṨṨḴḙyĦīṥẏḛ_Ṕ@ṨṨḴḙy_Setup3[.]rar/file

Resubmissions

01-07-2024 01:15

240701-bmewza1hkh 10

01-07-2024 01:09

240701-bhv3dsvcpn 10

Analysis

max time kernel
105s
max time network
109s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01-07-2024 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/49cvufrqqhv4gqo/Ṕ@ṨṨḴḙyĦīṥẏḛ_Ṕ@ṨṨḴḙy_Setup3.rar/file

Score

10^/10

vidar c70f482a18aea356c95e9e64e49355be stealer

Malware Config

Extracted

Family

vidar

Version

7.7

Botnet

c70f482a18aea356c95e9e64e49355be

https://5.75.209.125

https://t.me/newagev

https://steamcommunity.com/profiles/76561199631487327

Attributes

profile_id_v2
c70f482a18aea356c95e9e64e49355be

Signatures

Detect Vidar Stealer 3 IoCs

stealer

Processes:

resource	yara_rule
behavioral1/memory/6824-495-0x0000000000F00000-0x0000000001641000-memory.dmp	family_vidar_v7
behavioral1/memory/8432-505-0x0000000001170000-0x00000000018B1000-memory.dmp	family_vidar_v7
behavioral1/memory/8472-511-0x0000000001100000-0x0000000001841000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Executes dropped EXE 3 IoCs

Processes:

Setup.exeSetup.exeSetup.exe

pid process

7532 Setup.exe
7720 Setup.exe
6116 Setup.exe
Loads dropped DLL 8 IoCs

Processes:

Setup.exeSetup.exeSetup.exePsExec.exePsExec.exe

pid process

7532 Setup.exe
7532 Setup.exe
7720 Setup.exe
7720 Setup.exe
6116 Setup.exe
6116 Setup.exe
6824 PsExec.exe
8432 PsExec.exe

pid	process
7532	Setup.exe
7720	Setup.exe
6116	Setup.exe

pid	process
7532	Setup.exe
7532	Setup.exe
7720	Setup.exe
7720	Setup.exe
6116	Setup.exe
6116	Setup.exe
6824	PsExec.exe
8432	PsExec.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

Setup.exeSetup.exeSetup.exe

description	pid	process	target process
PID 7532 set thread context of 8152	7532	Setup.exe	cmd.exe
PID 7720 set thread context of 9068	7720	Setup.exe	cmd.exe
PID 6116 set thread context of 9080	6116	Setup.exe	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642701819893174"	chrome.exe

Modifies registry class 1 IoCs

Processes:

OpenWith.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings OpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

Processes:

chrome.exeSetup.exeSetup.execmd.execmd.exeSetup.execmd.exe

pid	process
4076	chrome.exe
4076	chrome.exe
7532	Setup.exe
7532	Setup.exe
7532	Setup.exe
7720	Setup.exe
7720	Setup.exe
7720	Setup.exe
8152	cmd.exe
8152	cmd.exe
8152	cmd.exe
8152	cmd.exe
9068	cmd.exe
9068	cmd.exe
9068	cmd.exe
9068	cmd.exe
6116	Setup.exe
6116	Setup.exe
6116	Setup.exe
9080	cmd.exe
9080	cmd.exe
9080	cmd.exe
9080	cmd.exe

Suspicious behavior: MapViewOfSection 6 IoCs

Processes:

Setup.exeSetup.execmd.exeSetup.execmd.execmd.exe

pid process

7532 Setup.exe
7720 Setup.exe
8152 cmd.exe
6116 Setup.exe
9068 cmd.exe
9080 cmd.exe

pid	process
7532	Setup.exe
7720	Setup.exe
8152	cmd.exe
6116	Setup.exe
9068	cmd.exe
9080	cmd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe
Token: SeShutdownPrivilege	4076	chrome.exe
Token: SeCreatePagefilePrivilege	4076	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

chrome.exe7zG.exe7zG.exe

pid	process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
8808	7zG.exe
8972	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe
4076	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

6292 OpenWith.exe

pid	process
6292	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4076 wrote to memory of 3548	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 3548	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 5080	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 656	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 656	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe
PID 4076 wrote to memory of 4284	4076	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/49cvufrqqhv4gqo/Ṕ@ṨṨḴḙyĦīṥẏḛ_Ṕ@ṨṨḴḙy_Setup3.rar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc8b519758,0x7ffc8b519768,0x7ffc8b519778
2⤵
PID:3548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:2
2⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:8
2⤵
PID:656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1896 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:8
2⤵
PID:4284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2876 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:4000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2884 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5104 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4732 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:4060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5360 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4884 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:4912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5712 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5856 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:1476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6064 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6280 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:2280

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6468 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=7092 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:4516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6432 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:3920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6416 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6700 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:2716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7580 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:1404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7624 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:4224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7736 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:4896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7772 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:2252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7908 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7920 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:5104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=8768 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:5672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8900 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:5680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8924 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:5688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=9180 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:5696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=9196 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:5704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=10452 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=10656 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6420 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=10764 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=11140 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=11288 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=11108 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=11728 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=11548 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=11980 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=12004 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=12176 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=12436 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9468 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=12684 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=12832 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=12964 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=12992 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=13008 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=13024 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:5928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=13040 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:4560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=14096 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=14220 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:8076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=12956 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:8088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=13772 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:8096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=14244 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:8084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=12556 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:8112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=13728 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=14108 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:8
2⤵
PID:8120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=13028 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:8128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=13436 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13056 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:8
2⤵
PID:6100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=6364 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=6272 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7376 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:8
2⤵
PID:8140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=14004 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:5160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=13904 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=14064 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=13976 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6284

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=7312 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=14024 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=14076 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=6324 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=14032 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=14052 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=14048 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=9600 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=8448 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=8460 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=8516 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=14192 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=14168 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=8492 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=7360 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=9036 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=13528 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=7332 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=13952 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=13368 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=13520 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=12200 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:7864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=7352 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:5908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=13128 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:8056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=10172 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:6992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=10036 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:8228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=5140 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:8356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=6516 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:8464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=6616 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:8544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=6248 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:8620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=6536 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:8696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=10884 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:9108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=10268 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:9120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=10340 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:9132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=9108 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:9144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=6288 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:9156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=13476 --field-trial-handle=1844,i,12802154924101679091,14756489154288502628,131072 /prefetch:1
2⤵
PID:9168

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3300

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:8412

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap24401:116:7zEvent26831
1⤵
- Suspicious use of FindShellTrayWindow
PID:8808

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Full!!_!!Install_Ṕ@ṨṨḴḙy_Setup\" -an -ai#7zMap31176:164:7zEvent24788
1⤵
- Suspicious use of FindShellTrayWindow
PID:8972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6292

C:\Users\Admin\Downloads\Full!!_!!Install_Ṕ@ṨṨḴḙy_Setup\@#Setup-Password-123\Setup.exe
"C:\Users\Admin\Downloads\Full!!_!!Install_Ṕ@ṨṨḴḙy_Setup\@#Setup-Password-123\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:7532

C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:8152

C:\Users\Admin\AppData\Local\Temp\PsExec.exe
C:\Users\Admin\AppData\Local\Temp\PsExec.exe
3⤵
- Loads dropped DLL
PID:6824

C:\Users\Admin\Downloads\Full!!_!!Install_Ṕ@ṨṨḴḙy_Setup\@#Setup-Password-123\Setup.exe
"C:\Users\Admin\Downloads\Full!!_!!Install_Ṕ@ṨṨḴḙy_Setup\@#Setup-Password-123\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:7720

C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:9068

C:\Users\Admin\AppData\Local\Temp\PsExec.exe
C:\Users\Admin\AppData\Local\Temp\PsExec.exe
3⤵
- Loads dropped DLL
PID:8432

C:\Users\Admin\Downloads\Full!!_!!Install_Ṕ@ṨṨḴḙy_Setup\@#Setup-Password-123\Setup.exe
"C:\Users\Admin\Downloads\Full!!_!!Install_Ṕ@ṨṨḴḙy_Setup\@#Setup-Password-123\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:6116

C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:9080

C:\Users\Admin\AppData\Local\Temp\PsExec.exe
C:\Users\Admin\AppData\Local\Temp\PsExec.exe
3⤵
PID:8472

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
8f3843a9da63a7c396a894b5865b2f67

SHA1
2e7f9776d1ba8b15aea00d84eff977929ed70022

SHA256
76841dc7ebcb954ee1442bff5ef2356159574207e77f9b74b5303d298980b26a

SHA512
06c417f3f8a5010105ced178e9d478c82253cc2ffb08135827ea8a5b905101b684d532d7f6cd776adce49200d4e719242bf44b88311c5d3f7ccdb6bbcba200ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
48d7bf49e71bb5ab5ddc3b42bd8e507e

SHA1
aca8b5f113dc958097185e47c5b82ed76877d4a7

SHA256
8219dc8db310bd26a6dd70e84ed2c9b23628b9ada75dc60b531f9bc81c4913da

SHA512
96e0d0fcd0912fe68c12cd4065da79923ca93ed857f51c2eaa9be126ec9327f115453849c84737c3ce11426cb8b32b994eabe73ea3e62d8605d66da2b83a8ff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
20KB

MD5
3eba8bacccc443bf46575d148c39089f

SHA1
5ed3f1bfb2dea96ae30d16d70cf3fc7418eff754

SHA256
532bed6945c4df24d863b65c7c9cc6abac2c568800e491620df2373b0e531aad

SHA512
af90679ca39d8d53938da45425b61c70f38763b628bc7228ce935909a3d6f4645089067911ea69fdf1fe27d64263808155be5907ae2074168eaa713acb49d300

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
ee5dac6aed092d4127467bde603733c2

SHA1
2cc54cc24fb49545d46b947bff7a9fb4f32f638e

SHA256
9f128ac7948476a2549386d11e9fee2336cf8c9d985f5304b04bf99e1d26e1b5

SHA512
67c35a40b51967711e9c4f4c865c80354330244912296b9aeb944814c3289497319d4f26f24c7b652a5c673240c1661cfc9fb4f1bc038b4d6a7487f527cc646c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
bc459d91ff80a6752c2004dfe53f9970

SHA1
886f5691fd185a67575d7e051ac6819473ffee86

SHA256
a38cadf23855b2cd27a6824bc96032064879a23bd2304b1706f58f0b07c47b6a

SHA512
271e7b8605811fc6631bc5da78b52ddb8593359210d6a0e098a723b30a886514c6a65c4da3135b1b05e5fe6528fba6ae1edb6a5b214efa99a71ecf817a0d1622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
2f09b8f19600de9540ecea100d1d8fe1

SHA1
bb5976abd3e1986be255d229dbf25cf4405095ee

SHA256
697243ed1fad349ae264f2f9c8878353a30c5b7d5585d18a49e0340bfb62c391

SHA512
0a2b291ca6cbdc7d5f9a3b486469fafc266f1a585a70c68b531885e22f567df9102107f8e09f05b6177bc6e8542382cdc6da59fd9ce6420bbdb503620fd18b42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
6KB

MD5
7d3617f604af1408f6bfba9ee891cab4

SHA1
31bf780b617d95a38b25ca27f16c38665769d55a

SHA256
244ef5d5f84407bccfbab5685fad151ba4fb237b173d111605eb7664d0ca4a5c

SHA512
1481e8f69b9a88e54eff6b633c38c149078777dc73f7f4aac2afed5257a2e1efb59547e715e79df34a53fe2c9885d05d3edd5853bbde297d3da5b8d37d4d1179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
4a02d3dc8dea6377d661ceaf64cb10dc

SHA1
003ba2d168a0555027c4f6113946729a74dad87b

SHA256
d543a30d184af674730872a2289605ef700882246f8e7ea43ef062d35de106c4

SHA512
9d40c65360a06de92e3e5c002f9b85743d3c2f8f2e1cddd49b455e0a43eedf63d0bc5cddea2cf593011b8699d4bc4fb4ec041e66c086bc64ce07e79d7fb1599d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
fa5ce2c125e0ea52b14de49b73f6a15d

SHA1
731f12469fbec90a37ec5bcd7e10eca855f41397

SHA256
20f9d1466b8e231d935eeda14c3be0ee5ade0058f47180741508812a57580662

SHA512
46f27f936378d2d54d7bc853f3d90b2b56d3c42885d56e6bf60e520f44f19c842c74cdfefc2bbec37f8fea71e3116c4763c3a66831ceab3e8cd6b2a9c0df1812

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
136KB

MD5
e07d8e15474b796f31b9fba4dd33e629

SHA1
f0a82d92177c03e4f0bc45c1f23630e33ea2d787

SHA256
67f1cedfc0093dc5389597369a0baa027dfb45ddae2245485c667cbf3c7f12d0

SHA512
d1ebb4325909930246895ca7cde15c82a9b6121a4f279971268544c196ea33bed64a24925ce9bc13ce44291b4924939b68911eb33ee6353a8586093fb4d10b34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Onco\ASUS_WMI.dll
Filesize
6.6MB

MD5
7d7c0151c44d3cdf5405e8e0e7cfe807

SHA1
a3ed73669b36ce95b1e79b2065f71e7f44441121

SHA256
5fbfebd4a6b0721ab1bffe0d3a3c6cb28f39d652a6faa220a912eaf981ace204

SHA512
5acfcacbc3f06906cc78b6d77789f4a9d27e0cef230169682850b82624150c30f93e8f0ee150c6ecbcbf7c282067e9e5000afd126b03da96a7ec045a9efc91e2

Download Submit
C:\Users\Admin\AppData\Roaming\Onco\ATKEX.dll
Filesize
84KB

MD5
e68562f63265e1a70881446b4b9dc455

SHA1
da16ef9367bde3ce892b1a0e33bc179d8acdceb3

SHA256
c8b16f1c6883a23021da37d9116a757f971fe919d64ef8f9dba17a7d8dd39adb

SHA512
6bedea10a5b50f6e93e8566c18970c8ad1b8dfc7d5961069fc5d5216dcdded0b2a2ad8dd91f4ad80f8604d573a343c126df238ee5c448cdc26b899077957a674

Download Submit
C:\Users\Admin\AppData\Roaming\Onco\AsIO.dll
Filesize
120KB

MD5
3e2c867b129165acdb3a457e131b90bc

SHA1
f538fa5705229da2c4403830d8c9f13e3a885f73

SHA256
e1bb63ccac541b38266228acd3d77a141efc468a69c3f821bfcc06330ce86815

SHA512
8a6574138f43e263f045bf5b1f2b0fb495fb0d424c403a0fd5a19959bfc970243b43c46f4dff86091d34980d3be9bf07034d9f3478ac7043ef0bbf5e2ed365bf

Download Submit
C:\Users\Admin\AppData\Roaming\Onco\beard.css
Filesize
6.0MB

MD5
4579ded02f573a7b07d46db3b54e4149

SHA1
ffdda35db4842133d35aae9f2b17e8403323c3d1

SHA256
68effab2bb2b8bba6bf9f290d6464b3d83dfdf41f61b5cfad8dce30e3f1ebfe0

SHA512
3946c3406384102bcf8d4dd68841daf109d8846a838e0e1b95bcf781d698458aa850b33addf18486669d92d405c89fbc2a2de5acfbc40eef4e671870f8fc32aa

Download Submit
\??\pipe\crashpad_4076_ZEFBMPIMZYHTVKIH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/6116-487-0x00007FFC97260000-0x00007FFC9743B000-memory.dmp

Filesize
1.9MB

Download
memory/6116-496-0x00000000734A0000-0x000000007361B000-memory.dmp

Filesize
1.5MB

Download
memory/6116-483-0x00000000734A0000-0x000000007361B000-memory.dmp

Filesize
1.5MB

Download
memory/6824-501-0x00007FFC97260000-0x00007FFC9743B000-memory.dmp

Filesize
1.9MB

Download
memory/6824-495-0x0000000000F00000-0x0000000001641000-memory.dmp

Filesize
7.3MB

Download
memory/7532-466-0x00000000734A0000-0x000000007361B000-memory.dmp

Filesize
1.5MB

Download
memory/7532-452-0x00007FFC97260000-0x00007FFC9743B000-memory.dmp

Filesize
1.9MB

Download
memory/7532-451-0x00000000734A0000-0x000000007361B000-memory.dmp

Filesize
1.5MB

Download
memory/7720-473-0x00000000734A0000-0x000000007361B000-memory.dmp

Filesize
1.5MB

Download
memory/7720-480-0x00000000734A0000-0x000000007361B000-memory.dmp

Filesize
1.5MB

Download
memory/7720-474-0x00007FFC97260000-0x00007FFC9743B000-memory.dmp

Filesize
1.9MB

Download
memory/8152-485-0x00000000734A0000-0x000000007361B000-memory.dmp

Filesize
1.5MB

Download
memory/8152-479-0x00007FFC97260000-0x00007FFC9743B000-memory.dmp

Filesize
1.9MB

Download
memory/8432-505-0x0000000001170000-0x00000000018B1000-memory.dmp

Filesize
7.3MB

Download
memory/8432-507-0x00007FFC97260000-0x00007FFC9743B000-memory.dmp

Filesize
1.9MB

Download
memory/8472-511-0x0000000001100000-0x0000000001841000-memory.dmp

Filesize
7.3MB

Download
memory/9068-482-0x00007FFC97260000-0x00007FFC9743B000-memory.dmp

Filesize
1.9MB

Download
memory/9080-500-0x00007FFC97260000-0x00007FFC9743B000-memory.dmp

Filesize
1.9MB

Download