Analysis
-
max time kernel
335s -
max time network
688s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-es -
resource tags
-
submitted
27-11-2022 16:14
General
-
Target
scammer.png
-
Size
110KB
-
MD5
ab1b7f8e9d319f0a9ab7a5e09d51176f
-
SHA1
2bb3ba8dc0407c6a80e9c7a7b757dfb33df11801
-
SHA256
1fe5c30f31f8c608a7f068beaf2d654349f2c4b1efb56b17afd0bcd879ee5f0d
-
SHA512
23ef4449936f5efdefa3bcbcf61f5701819a16a9f1e3fa0df0160f74934b8b6251a25fec7688bd13e49f641f612f42bad592218e560afa80d3aadb93a4035fb4
-
SSDEEP
3072:FIMFh5qv/moO9jn/HXEUtyI6SRLcH5EhcH5EDPqCCZD1MLy1M+AJpJ+:FILtYnv0UtyI15c2ciqV51l1mJ7+
Score
8/10
Malware Config
Signatures
-
Downloads MZ/PE file
-
Drops file in Drivers directory 3 IoCs
-
Executes dropped EXE 49 IoCs
-
Modifies Installed Components in the registry 2 TTPs 13 IoCs
-
Registers COM server for autorun 1 TTPs 23 IoCs
-
Sets file execution options in registry 2 TTPs 2 IoCs
-
Checks BIOS information in registry 2 TTPs 4 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 8 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 64 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unexpected DNS network traffic destination 4 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks for any installed AV software in registry 1 TTPs 4 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in System32 directory 31 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Launches sc.exe 63 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 2 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 9 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Delays execution with timeout.exe 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 9 IoCs
-
Modifies Internet Explorer start page 1 TTPs 1 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Modifies registry key 1 TTPs 13 IoCs
-
Modifies system certificate store 2 TTPs 15 IoCs
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: LoadsDriver 4 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\scammer.png1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xac,0x108,0x7ffa81254f50,0x7ffa81254f60,0x7ffa81254f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1612 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1964 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2368 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2880 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4408 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4528 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4544 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5216 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5240 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5228 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5252 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5740 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5620 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6080 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6068 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6044 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6032 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6012 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5212 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6432 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6516 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6428 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6712 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6024 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6712 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7176 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7508 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8496 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2308 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8500 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8484 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5704 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7536 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8836 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8724 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8348 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8948 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3112 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\bearshare525.exe"C:\Users\Admin\Downloads\bearshare525.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\GLBAB72.tmpC:\Users\Admin\AppData\Local\Temp\GLBAB72.tmp 4736 C:\Users\Admin\DOWNLO~1\BEARSH~1.EXE3⤵
- Executes dropped EXE
- Modifies Installed Components in the registry
- Checks computer location settings
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies data under HKEY_USERS
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\BearShare\RunMSC.dll"4⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\BearShare\BearShare.exe"C:\Program Files (x86)\BearShare\BearShare.exe" -firstlaunch4⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Loads dropped DLL
- Adds Run key to start application
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8588 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9736 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1084 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9704 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9708 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9912 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9716 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9632 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9768 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9016 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1472 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8384 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10112 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10000 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9760 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10208 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9284 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9424 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9580 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8456 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9284 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3128 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4828 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5944 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8648 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9472 /prefetch:82⤵
-
C:\Users\Admin\Downloads\frostwire-6.9.10.windows.exe"C:\Users\Admin\Downloads\frostwire-6.9.10.windows.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-JU9OR.tmp\frostwire-6.9.10.windows.tmp"C:\Users\Admin\AppData\Local\Temp\is-JU9OR.tmp\frostwire-6.9.10.windows.tmp" /SL5="$50236,1716697,917504,C:\Users\Admin\Downloads\frostwire-6.9.10.windows.exe"3⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\is-ENJKD.tmp\frostwire-6.9.10.windows.exe"C:\Users\Admin\AppData\Local\Temp\is-ENJKD.tmp\frostwire-6.9.10.windows.exe" /S4⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SysWOW64\Wbem\wmic.exewmic process where name='fwplayer.exe' delete5⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\Wbem\wmic.exewmic process where name='telluride.exe' delete5⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\Wbem\wmic.exewmic process where name='FrostWire.exe' delete5⤵
-
C:\Users\Admin\AppData\Local\Temp\is-ENJKD.tmp\prod0.exe"C:\Users\Admin\AppData\Local\Temp\is-ENJKD.tmp\prod0.exe" -ip:"dui=9be0bf4d-f8db-4af4-be85-dc38433c9501&dit=20221127171648&is_silent=true&oc=ZB_RAV_Cross_Tri_NCB&p=89fe&a=100&b=&se=true" -vp:"dui=9be0bf4d-f8db-4af4-be85-dc38433c9501&dit=20221127171648&oc=ZB_RAV_Cross_Tri_NCB&p=89fe&oip=26&ptl=7&dta=true&a=100" -dp:"dui=9be0bf4d-f8db-4af4-be85-dc38433c9501&dit=20221127171648&oc=ZB_RAV_Cross_Tri_NCB&p=89fe&a=100" -i -v -d -se=true4⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Temp\0k4l2t5t.exe"C:\Users\Admin\AppData\Local\Temp\0k4l2t5t.exe" /silent5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\nsnAF52.tmp\RAVAntivirus-installer.exe"C:\Users\Admin\AppData\Local\Temp\nsnAF52.tmp\RAVAntivirus-installer.exe" "C:\Users\Admin\AppData\Local\Temp\0k4l2t5t.exe" /silent6⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files\RAVAntivirus\x64\rsSyncSvc.exe"C:\Program Files\RAVAntivirus\x64\rsSyncSvc.exe" -i -rpn:RAVAntivirus -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v1/live -dt:107⤵
- Executes dropped EXE
-
\??\c:\windows\system32\rundll32.exe"c:\windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\RAVAntivirus\x64\ReasonCamFilter.inf7⤵
- Adds Run key to start application
-
C:\Windows\system32\runonce.exe"C:\Windows\system32\runonce.exe" -r8⤵
- Checks processor information in registry
-
C:\Windows\System32\grpconv.exe"C:\Windows\System32\grpconv.exe" -o9⤵
-
C:\Windows\SYSTEM32\fltmc.exe"fltmc.exe" load ReasonCamFilter7⤵
- Suspicious behavior: LoadsDriver
-
\??\c:\windows\system32\rundll32.exe"c:\windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\RAVAntivirus\x64\rsKernelEngine.inf7⤵
- Adds Run key to start application
-
C:\Windows\system32\runonce.exe"C:\Windows\system32\runonce.exe" -r8⤵
- Checks processor information in registry
-
C:\Windows\System32\grpconv.exe"C:\Windows\System32\grpconv.exe" -o9⤵
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" im C:\Program Files\RAVAntivirus\x64\rsKernelEngineEvents.xml7⤵
-
C:\Windows\SYSTEM32\fltmc.exe"fltmc.exe" load rsKernelEngine7⤵
- Suspicious behavior: LoadsDriver
-
C:\Windows\system32\wevtutil.exe"C:\Windows\system32\wevtutil.exe" im C:\Program Files\RAVAntivirus\elam\evntdrv.xml7⤵
-
C:\Program Files\RAVAntivirus\rsWSC.exe"C:\Program Files\RAVAntivirus\rsWSC.exe" -i7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies system certificate store
-
C:\Program Files\RAVAntivirus\rsClientSvc.exe"C:\Program Files\RAVAntivirus\rsClientSvc.exe" -i7⤵
- Executes dropped EXE
-
C:\Program Files\RAVAntivirus\rsEngineSvc.exe"C:\Program Files\RAVAntivirus\rsEngineSvc.exe" -i7⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies system certificate store
-
C:\Users\Admin\AppData\Local\Temp\4hbba5ae.exe"C:\Users\Admin\AppData\Local\Temp\4hbba5ae.exe" /silent5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\RAVVPN\RAVVPN-installer.exe"C:\Users\Admin\AppData\Local\Temp\RAVVPN\RAVVPN-installer.exe" "C:\Users\Admin\AppData\Local\Temp\4hbba5ae.exe" /silent6⤵
-
C:\Program Files\RAVVPN\ReasonVPNInstaller.exe"C:\Program Files\RAVVPN\ReasonVPNInstaller.exe" /install7⤵
-
C:\Program Files\RAVVPN\rsVPNSvc.exe"C:\Program Files\RAVVPN\rsVPNSvc.exe" -i8⤵
-
C:\Program Files\RAVVPN\rsVPNClientSvc.exe"C:\Program Files\RAVVPN\rsVPNClientSvc.exe" -i8⤵
-
C:\Users\Admin\AppData\Local\Temp\gshkewgg.exe"C:\Users\Admin\AppData\Local\Temp\gshkewgg.exe" /silent5⤵
-
C:\Users\Admin\AppData\Local\Temp\SaferWeb\SaferWeb-installer.exe"C:\Users\Admin\AppData\Local\Temp\SaferWeb\SaferWeb-installer.exe" "C:\Users\Admin\AppData\Local\Temp\gshkewgg.exe" /silent6⤵
-
C:\Program Files\SaferWeb\ReasonDNSInstaller.exe"C:\Program Files\SaferWeb\ReasonDNSInstaller.exe" /install7⤵
-
C:\Program Files\SaferWeb\rsDNSResolver.exe"C:\Program Files\SaferWeb\rsDNSResolver.exe" -service install8⤵
-
C:\Program Files\SaferWeb\rsDNSResolver.exe"C:\Program Files\SaferWeb\rsDNSResolver.exe" -service start8⤵
-
\??\c:\windows\system32\rundll32.exe"c:\windows\system32\rundll32.exe" setupapi.dll,InstallHinfSection DefaultInstall 128 C:\Program Files\SaferWeb\rsDwf.inf8⤵
-
C:\Windows\system32\runonce.exe"C:\Windows\system32\runonce.exe" -r9⤵
-
C:\Windows\System32\grpconv.exe"C:\Windows\System32\grpconv.exe" -o10⤵
-
C:\Program Files\SaferWeb\rsDNSSvc.exe"C:\Program Files\SaferWeb\rsDNSSvc.exe" -i8⤵
-
C:\Program Files\SaferWeb\rsDNSClientSvc.exe"C:\Program Files\SaferWeb\rsDNSClientSvc.exe" -i8⤵
-
C:\Users\Admin\AppData\Local\Temp\is-ENJKD.tmp\prod1_extract\avg_secure_browser_setup.exe"C:\Users\Admin\AppData\Local\Temp\is-ENJKD.tmp\prod1_extract\avg_secure_browser_setup.exe" /s /run_source=avg_ads_is_control /is_pixel_psh=BjYV4UB0PXW0kmwpUtQF4WYLHB8BmvT9GquMrf7aEtE97j9GkMh3DKbIUyxCxroLIAxGRBxeDS2tiQp /make-default4⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks computer location settings
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
- Checks SCSI registry key(s)
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\nsjA5DD.tmp\AVGBrowserUpdateSetup.exeAVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=es-ES&brand=9145&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome --private-browsing"5⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\GUMC615.tmp\AVGBrowserUpdate.exe"C:\Program Files (x86)\GUMC615.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=es-ES&brand=9145&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome --private-browsing"6⤵
- Executes dropped EXE
- Sets file execution options in registry
- Checks computer location settings
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver7⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserUpdateComRegisterShell64.exe"8⤵
- Executes dropped EXE
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserUpdateComRegisterShell64.exe"8⤵
- Executes dropped EXE
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserUpdateComRegisterShell64.exe"8⤵
- Executes dropped EXE
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTIwNy4yIiBzaGVsbF92ZXJzaW9uPSIxLjguMTIwNy4yIiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0ZDOTAwQTE5LTFBREUtNEY3Qy1CODA3LUEwRjI3REVGMzE3RH0iIGNlcnRfZXhwX2RhdGU9IjIwMjIxMDIwIiB1c2VyaWQ9Ins1MDdFQkEyQi05Q0JBLTQwRjQtQkRCNC04NDM0MUI3OTREM0F9IiB1c2VyaWRfZGF0ZT0iMjAyMjExMjciIG1hY2hpbmVpZD0iezAwMDA1OEQ0LUIyN0EtMDEyQi05RTNFLTQ1NDE0NzFFNkM2OX0iIG1hY2hpbmVpZF9kYXRlPSIyMDIyMTEyNyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntEQjJFREQ0Ri1FRTAwLTQyOUItQjAxMS0zRUU0RkY1RUIwQUN9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjQiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xMjA3LjIiIGxhbmc9ImVzLUVTIiBicmFuZD0iOTE0NSIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iNTY4MSIvPjwvYXBwPjwvcmVxdWVzdD47⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=es-ES&brand=9145&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome --private-browsing" /installsource otherinstallcmd /sessionid "{FC900A19-1ADE-4F7C-B807-A0F27DEF317D}" /silent7⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c timeout /nobreak /t 10 && del /F /Q C:\Users\Admin\AppData\Local\Temp\is-ENJKD.tmp\prod1_extract\avg_secure_browser_setup.exe && rmdir /Q C:\Users\Admin\AppData\Local\Temp\is-ENJKD.tmp\prod1_extract5⤵
-
C:\Windows\SysWOW64\timeout.exetimeout /nobreak /t 106⤵
- Delays execution with timeout.exe
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9508 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9532 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6836 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9040 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=10224 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2324 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7324 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6376 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7492 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9620 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8708 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=155 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9904 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=156 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6028 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=158 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=159 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=161 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9904 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3760 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5292 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4688 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6904 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6092 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8144 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=171 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=172 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=173 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8728 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6752 /prefetch:82⤵
- Checks for any installed AV software in registry
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3740 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9816 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7592 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7228 /prefetch:82⤵
-
C:\Users\Admin\Downloads\Hola-Browser-Agreed-Inst-C-Amb3.exe"C:\Users\Admin\Downloads\Hola-Browser-Agreed-Inst-C-Amb3.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\Hola-Browser-Agreed-Inst-C-Amb3.exe"C:\Users\Admin\Downloads\Hola-Browser-Agreed-Inst-C-Amb3.exe" --monitor 19163⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 17164⤵
- Program crash
-
C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.203.908.exe"C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.203.908.exe" --silent --agree --app browser --campaign amb3 --no-run-uis --no-rmt-conf --no-updater --no-hola-cr --track-download 63838dff7ef198598731032f --hola-domain holavpninstaller.com3⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files\Hola\app\net_updater64.exe"C:\Program Files\Hola\app\net_updater64.exe" --install win_hola.browser.hola.org4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.203.908.exe"C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.203.908.exe" --silent --agree --app browser --campaign amb3 --no-run-uis --no-rmt-conf --no-updater --no-svc --hola-cr-path "C:\\Users\\Admin\\AppData\\Local\\Temp\\chromium-103.0.5060.114.12.zip" --track-download 63838dff7ef198598731032f --hola-domain holavpninstaller.com3⤵
-
C:\Program Files\Hola\app\7za.exe"C:\Program Files\Hola\app\7za.exe" x -o"C:\Program Files\Hola\temp" "C:\\Users\\Admin\\AppData\\Local\\Temp\\chromium-103.0.5060.114.12.zip" "chromium"4⤵
-
C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.203.908.exe"C:\Users\Admin\AppData\Local\Temp\Hola-Setup-x64-1.203.908.exe" --post-install-run --no-rmt-conf --app browser --track-download 63838dff7ef198598731032f3⤵
-
C:\Windows\explorer.exeexplorer "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hola Browser.lnk"4⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3760 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=180 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6904 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=182 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4784 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4932 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1488 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5512 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5552 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5748 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=10016 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=190 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=191 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /c "c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.b5749c7c0b5fe049 > \\.\pipe\chrome.nativeMessaging.out.b5749c7c0b5fe0492⤵
-
\??\c:\program files\ravantivirus\rsExtensionHost.exe"c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=03⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /c "c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.423ad02953995ce4 > \\.\pipe\chrome.nativeMessaging.out.423ad02953995ce42⤵
-
\??\c:\program files\ravantivirus\rsExtensionHost.exe"c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=03⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=192 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10128 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=193 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /c "c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.bea4dd307dc06a89 > \\.\pipe\chrome.nativeMessaging.out.bea4dd307dc06a892⤵
-
\??\c:\program files\ravantivirus\rsExtensionHost.exe"c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=03⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=194 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=195 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10208 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=196 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10064 /prefetch:12⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /c "c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.d27db8f660ad2547 > \\.\pipe\chrome.nativeMessaging.out.d27db8f660ad25472⤵
-
\??\c:\program files\ravantivirus\rsExtensionHost.exe"c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=03⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /c "c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.1d71d644d69797af > \\.\pipe\chrome.nativeMessaging.out.1d71d644d69797af2⤵
-
\??\c:\program files\ravantivirus\rsExtensionHost.exe"c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=03⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /c "c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.30255b2b60a8da5f > \\.\pipe\chrome.nativeMessaging.out.30255b2b60a8da5f2⤵
-
\??\c:\program files\ravantivirus\rsExtensionHost.exe"c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=03⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3152 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7648 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=199 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=200 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2388 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=201 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=316 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=202 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8836 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=203 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=205 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=204 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9876 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4796 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7608 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9460 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3436 /prefetch:82⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /c "c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.2ffcbe361c9a7e8b > \\.\pipe\chrome.nativeMessaging.out.2ffcbe361c9a7e8b2⤵
-
\??\c:\program files\ravantivirus\rsExtensionHost.exe"c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=03⤵
-
C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip ...exe"C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip ...exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\is-TA25R.tmp\File Marvels.SpiderMan.Miles.Morales.zip ...tmp"C:\Users\Admin\AppData\Local\Temp\is-TA25R.tmp\File Marvels.SpiderMan.Miles.Morales.zip ...tmp" /SL5="$3077C,24626888,780800,C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip ...exe"3⤵
-
C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip ...exe"C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip ...exe" /SILENT4⤵
-
C:\Users\Admin\AppData\Local\Temp\is-7I4G2.tmp\File Marvels.SpiderMan.Miles.Morales.zip ...tmp"C:\Users\Admin\AppData\Local\Temp\is-7I4G2.tmp\File Marvels.SpiderMan.Miles.Morales.zip ...tmp" /SL5="$30766,24626888,780800,C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip ...exe" /SILENT5⤵
-
C:\Users\Admin\AppData\Local\Temp\is-JN4PK.tmp\VC_redist.x64.exe"C:\Users\Admin\AppData\Local\Temp\is-JN4PK.tmp\VC_redist.x64.exe" /install /quiet6⤵
-
C:\Windows\Temp\{F4752329-5EAA-438F-BB9C-FE912F6ECA33}\.cr\VC_redist.x64.exe"C:\Windows\Temp\{F4752329-5EAA-438F-BB9C-FE912F6ECA33}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-JN4PK.tmp\VC_redist.x64.exe" -burn.filehandle.attached=540 -burn.filehandle.self=548 /install /quiet7⤵
-
C:\Windows\Temp\{78561BEE-DD97-4DC6-97A4-D97664D1CAA7}\.be\VC_redist.x64.exe"C:\Windows\Temp\{78561BEE-DD97-4DC6-97A4-D97664D1CAA7}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{371BB90B-0375-45DE-B515-B69643BCE091} {B6E2965A-A91C-496D-94E1-0FAC0B329F44} 34008⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /c "c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.601e90a6d0ed10e4 > \\.\pipe\chrome.nativeMessaging.out.601e90a6d0ed10e42⤵
-
\??\c:\program files\ravantivirus\rsExtensionHost.exe"c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=03⤵
-
C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip ...exe"C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip ...exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\is-OS5PD.tmp\File Marvels.SpiderMan.Miles.Morales.zip ...tmp"C:\Users\Admin\AppData\Local\Temp\is-OS5PD.tmp\File Marvels.SpiderMan.Miles.Morales.zip ...tmp" /SL5="$4077C,24626888,780800,C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip ...exe"3⤵
-
C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip ...exe"C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip ...exe" /SILENT4⤵
-
C:\Users\Admin\AppData\Local\Temp\is-T0P6M.tmp\File Marvels.SpiderMan.Miles.Morales.zip ...tmp"C:\Users\Admin\AppData\Local\Temp\is-T0P6M.tmp\File Marvels.SpiderMan.Miles.Morales.zip ...tmp" /SL5="$508A4,24626888,780800,C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip ...exe" /SILENT5⤵
-
C:\Users\Admin\AppData\Local\Temp\is-JVGKL.tmp\VC_redist.x64.exe"C:\Users\Admin\AppData\Local\Temp\is-JVGKL.tmp\VC_redist.x64.exe" /install /quiet6⤵
-
C:\Windows\Temp\{E7544645-5DBE-46ED-AA26-7CA2499BAA7D}\.cr\VC_redist.x64.exe"C:\Windows\Temp\{E7544645-5DBE-46ED-AA26-7CA2499BAA7D}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\is-JVGKL.tmp\VC_redist.x64.exe" -burn.filehandle.attached=532 -burn.filehandle.self=540 /install /quiet7⤵
-
C:\Windows\Temp\{84715882-E863-4CBB-B6D6-26C9585F75F4}\.be\VC_redist.x64.exe"C:\Windows\Temp\{84715882-E863-4CBB-B6D6-26C9585F75F4}\.be\VC_redist.x64.exe" -q -burn.elevated BurnPipe.{569CA6F1-0D62-4B4F-96E8-22707D05CEC8} {605A5B20-C227-4F3F-B929-FF86AAABEA6F} 60008⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=211 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=214 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8496 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=213 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=212 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7460 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8312 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=217 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7544 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=219 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=228 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11228 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=227 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11240 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=226 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11112 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=225 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10956 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=224 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10932 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=223 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10816 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=222 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10540 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=221 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10432 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=220 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11924 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11916 /prefetch:82⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /c "c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.23f8f62377bb3dc8 > \\.\pipe\chrome.nativeMessaging.out.23f8f62377bb3dc82⤵
-
\??\c:\program files\ravantivirus\rsExtensionHost.exe"c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=03⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=231 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=232 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10648 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=233 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=12324 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9608 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12204 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9520 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11868 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12476 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7136 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9868 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6828 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10324 /prefetch:82⤵
-
C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip .. (2).exe"C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip .. (2).exe"2⤵
-
C:\Users\Admin\AppData\Local\Temp\is-UQCSU.tmp\File Marvels.SpiderMan.Miles.Morales.zip .. (2).tmp"C:\Users\Admin\AppData\Local\Temp\is-UQCSU.tmp\File Marvels.SpiderMan.Miles.Morales.zip .. (2).tmp" /SL5="$40874,24626888,780800,C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip .. (2).exe"3⤵
-
C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip .. (2).exe"C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip .. (2).exe" /SILENT4⤵
-
C:\Users\Admin\AppData\Local\Temp\is-GPIRI.tmp\File Marvels.SpiderMan.Miles.Morales.zip .. (2).tmp"C:\Users\Admin\AppData\Local\Temp\is-GPIRI.tmp\File Marvels.SpiderMan.Miles.Morales.zip .. (2).tmp" /SL5="$20AC4,24626888,780800,C:\Users\Admin\Downloads\File Marvels.SpiderMan.Miles.Morales.zip .. (2).exe" /SILENT5⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8248 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8948 /prefetch:82⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /c "c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.48f31253351d70e0 > \\.\pipe\chrome.nativeMessaging.out.48f31253351d70e02⤵
-
\??\c:\program files\ravantivirus\rsExtensionHost.exe"c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=03⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /c "c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.ddecbf793a6080e7 > \\.\pipe\chrome.nativeMessaging.out.ddecbf793a6080e72⤵
-
\??\c:\program files\ravantivirus\rsExtensionHost.exe"c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=03⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /c "c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.c9ffcbb85720abdd > \\.\pipe\chrome.nativeMessaging.out.c9ffcbb85720abdd2⤵
-
\??\c:\program files\ravantivirus\rsExtensionHost.exe"c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=03⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /c "c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.59e22113273ae9bc > \\.\pipe\chrome.nativeMessaging.out.59e22113273ae9bc2⤵
-
\??\c:\program files\ravantivirus\rsExtensionHost.exe"c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=03⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7288 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10700 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1592,17653453979351239072,6444919817714647914,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10524 /prefetch:82⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /d /c "c:\program files\ravantivirus\rsExtensionHost.exe" chrome-extension://llbcnfanfmjhpedaedhbcnpgeepdnnok/ --parent-window=0 < \\.\pipe\chrome.nativeMessaging.in.3383acf0f87372dc > \\.\pipe\chrome.nativeMessaging.out.3383acf0f87372dc2⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f4 0x2f81⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\RAVAntivirus\x64\rsSyncSvc.exe"C:\Program Files\RAVAntivirus\x64\rsSyncSvc.exe" -rpn:ravantivirus -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v1/live -dt:101⤵
- Executes dropped EXE
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc1⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\AVGBrowserInstaller.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=1003 --default-search=bing.com --adblock-mode-default=0 --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --private-browsing --system-level2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\CR_EDB24.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\CR_EDB24.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\CR_EDB24.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=1003 --default-search=bing.com --adblock-mode-default=0 --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --private-browsing --system-level3⤵
- Executes dropped EXE
- Modifies Installed Components in the registry
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\CR_EDB24.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\CR_EDB24.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=107.0.19254.108 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff6519c9300,0x7ff6519c9310,0x7ff6519c93204⤵
- Executes dropped EXE
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\CR_EDB24.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\CR_EDB24.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\AVG\Browser\Temp\source3936_2063191603\Safer-bin\master_preferences" --create-shortcuts=0 --install-level=14⤵
- Executes dropped EXE
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\CR_EDB24.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\CR_EDB24.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=107.0.19254.108 --initial-client-data=0x270,0x274,0x278,0x250,0x27c,0x7ff6519c9300,0x7ff6519c9310,0x7ff6519c93205⤵
- Executes dropped EXE
-
C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 taskbarpin "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk"5⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 startpin "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk"5⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\CR_EDB24.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\CR_EDB24.tmp\setup.exe" --system-level --make-chrome-default-helper --user-data-dir="C:\Users\Admin\AppData\Local\AVG\Browser\User Data" --module-dir="C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\CR_EDB24.tmp" "AVG Secure Browser"4⤵
- Executes dropped EXE
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\CR_EDB24.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{1407C0BF-97EA-4E14-9B49-FE749E06E1F7}\CR_EDB24.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=107.0.19254.108 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff6519c9300,0x7ff6519c9310,0x7ff6519c93205⤵
- Executes dropped EXE
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserCrashHandler.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserCrashHandler.exe"2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserCrashHandler64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserCrashHandler64.exe"2⤵
- Executes dropped EXE
-
C:\Program Files\RAVAntivirus\rsWSC.exe"C:\Program Files\RAVAntivirus\rsWSC.exe"1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
-
C:\Program Files\RAVAntivirus\rsClientSvc.exe"C:\Program Files\RAVAntivirus\rsClientSvc.exe"1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\RAVAntivirus\rsEngineSvc.exe"C:\Program Files\RAVAntivirus\rsEngineSvc.exe"1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
-
\??\c:\program files\ravantivirus\rsHelper.exe"c:\program files\ravantivirus\rsHelper.exe"2⤵
- Executes dropped EXE
-
\??\c:\program files\ravantivirus\ui\RAVAntivirus.exe"c:\program files\ravantivirus\ui\RAVAntivirus.exe" --minimized --first-run2⤵
- Executes dropped EXE
-
\??\c:\program files\ravantivirus\ui\RAVAntivirus.exe"c:\program files\ravantivirus\ui\RAVAntivirus.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\rav-antivirus-client" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 --field-trial-handle=2256,i,9272288059272479224,17704475002630569010,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:23⤵
-
\??\c:\program files\ravantivirus\ui\RAVAntivirus.exe"c:\program files\ravantivirus\ui\RAVAntivirus.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\rav-antivirus-client" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --mojo-platform-channel-handle=2516 --field-trial-handle=2256,i,9272288059272479224,17704475002630569010,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:83⤵
-
\??\c:\program files\ravantivirus\ui\RAVAntivirus.exe"c:\program files\ravantivirus\ui\RAVAntivirus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\rav-antivirus-client" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="c:\program files\ravantivirus\ui\resources\app.asar" --enable-sandbox --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2724 --field-trial-handle=2256,i,9272288059272479224,17704475002630569010,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:13⤵
-
\??\c:\program files\ravantivirus\ui\RAVAntivirus.exe"c:\program files\ravantivirus\ui\RAVAntivirus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\rav-antivirus-client" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="c:\program files\ravantivirus\ui\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3792 --field-trial-handle=2256,i,9272288059272479224,17704475002630569010,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:13⤵
-
\??\c:\program files\ravantivirus\ui\RAVAntivirus.exe"c:\program files\ravantivirus\ui\RAVAntivirus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\rav-antivirus-client" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="c:\program files\ravantivirus\ui\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=4056 --field-trial-handle=2256,i,9272288059272479224,17704475002630569010,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:13⤵
-
\??\c:\program files\ravantivirus\ui\RAVAntivirus.exe"c:\program files\ravantivirus\ui\RAVAntivirus.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\rav-antivirus-client" --standard-schemes=mc --secure-schemes=mc --bypasscsp-schemes --cors-schemes --fetch-schemes --service-worker-schemes --streaming-schemes --app-path="c:\program files\ravantivirus\ui\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=4284 --field-trial-handle=2256,i,9272288059272479224,17704475002630569010,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:13⤵
-
\??\c:\program files\ravantivirus\ui\RAVAntivirus.exe"c:\program files\ravantivirus\ui\RAVAntivirus.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\rav-antivirus-client" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3620 --field-trial-handle=2256,i,9272288059272479224,17704475002630569010,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:23⤵
-
C:\program files\ravantivirus\rsLitmus.A.exe"C:\program files\ravantivirus\rsLitmus.A.exe"2⤵
-
C:\Program Files\Hola\app\net_updater64.exe"C:/Program Files/Hola/app/net_updater64.exe" --updater win_hola.browser.hola.org1⤵
-
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exeC:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe2⤵
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --service1⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v install_ts2⤵
- Modifies registry key
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --report-idle2⤵
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v install_appid2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v install_campaign2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v uuid2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v after_update2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD HKLM\Software\Hola /v after_update /t REG_SZ /d 1 /f2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v ui_last_premium2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v agree_ts2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v agree_sent2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD HKLM\Software\Hola /v agree_sent /t REG_SZ /d 1 /f2⤵
- Modifies registry key
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v svc_start_history2⤵
- Modifies registry key
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --report-idle2⤵
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe ADD HKLM\Software\Hola /v svc_start_history /t REG_SZ /d 1669569661242 /f2⤵
- Modifies registry key
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_and_vpn_agreed_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_and_vpn_agreed_sdk_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_free2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_free3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_pro_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_pro_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_agreed_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_agreed_sdk_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_agreed_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_agreed_sdk_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_and_vpn_auto_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_and_vpn_auto_sdk_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_ext_vpn_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_ext_vpn_sdk_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_opera_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_opera_sdk_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_firefox_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_firefox_sdk_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_edge_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_edge_sdk_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_chrome_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_chrome_sdk_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_com_hvpnmobile2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_com_hvpnmobile3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_play2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_play3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_huawei2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_huawei3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_samsung2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_samsung3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_amazon2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_amazon3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_prem2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_prem3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_hola2e2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_hola2e3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_browser_updater2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_browser_updater3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_mac_hola_svc_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_mac_hola_svc_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_org_hola_vpn2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_org_hola_vpn3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_ios_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_ios_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_and_vpn_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_and_vpn_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_and_vpn_noconsent_nopeer_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_and_vpn_noconsent_nopeer_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_and_vpn_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_and_vpn_noconsent_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_and_vpn_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_and_vpn_sdk_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_and_vpn_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_and_vpn_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_noconsent_nopeer_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_noconsent_nopeer_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_noconsent_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_sdk_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_browser_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_browser_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_h2ous_noconsent_nopeer_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_h2ous_noconsent_nopeer_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_h2o_noconsent_nopeer_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_h2o_noconsent_nopeer_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_h2ous_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_h2ous_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_h2o_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_h2o_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_svc_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_svc_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_noconsent_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_off_abtest_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_off_abtest_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_on_abtest_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_on_abtest_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_auto_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_auto_sdk_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_sdk_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_sdk_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_email_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_email_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_banner_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_banner_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_noconsent_nopeer_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_noconsent_nopeer_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_ext_vpn_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_ext_vpn_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_ext_vpn_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_ext_vpn_noconsent_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_opera_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_opera_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_opera_ext_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_opera_ext_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_firefox_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_firefox_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_firefox_ext_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_firefox_ext_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_edge_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_edge_agreed_noconsent_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_edge_ext_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_edge_ext_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_org_ext2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_org_ext3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_org_p22⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_org_p23⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_ext_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_ext_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_un_ext_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_un_ext_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_in_ext_hola_org2⤵
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_in_ext_hola_org3⤵
- Launches sc.exe
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_chrome_ext_hola_org2⤵
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_chrome_agreed_noconsent_hola_org2⤵
-
C:\Windows\system32\cmd.execmd /c sc query luminati_net_updater_win_hola_org2⤵
-
C:\Windows\system32\reg.exeC:\Windows\system32\reg.exe QUERY HKLM\Software\Hola /v lum_sdk_appid2⤵
- Modifies registry key
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --report-idle2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --report-idle2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
- Executes dropped EXE
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --report-idle2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Program Files\Hola\app\hola_svc.exe"C:\Program Files\Hola\app\hola_svc.exe" --report-idle2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Windows\system32\rasdial.exerasdial2⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"1⤵
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3524_409280029\ChromeRecovery.exe"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3524_409280029\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={607f0107-4840-4076-8cd0-343493bdc3f8} --system2⤵
-
C:\Program Files\RAVVPN\rsVPNClientSvc.exe"C:\Program Files\RAVVPN\rsVPNClientSvc.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\RAVVPN\rsVPNSvc.exe"C:\Program Files\RAVVPN\rsVPNSvc.exe"1⤵
-
\??\c:\program files\RAVVPN\ui\RAVVPN.exe"c:\program files\RAVVPN\ui\RAVVPN.exe" --minimized --focused --first-run2⤵
-
\??\c:\program files\RAVVPN\ui\RAVVPN.exe"c:\program files\RAVVPN\ui\RAVVPN.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\RAVVPN" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 --field-trial-handle=2288,i,775997511030436803,9167895234927203990,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:23⤵
-
\??\c:\program files\RAVVPN\ui\RAVVPN.exe"c:\program files\RAVVPN\ui\RAVVPN.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\RAVVPN" --mojo-platform-channel-handle=2536 --field-trial-handle=2288,i,775997511030436803,9167895234927203990,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:83⤵
-
\??\c:\program files\RAVVPN\ui\RAVVPN.exe"c:\program files\RAVVPN\ui\RAVVPN.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\RAVVPN" --app-path="c:\program files\RAVVPN\ui\resources\app.asar" --enable-sandbox --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2756 --field-trial-handle=2288,i,775997511030436803,9167895234927203990,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:13⤵
-
\??\c:\program files\RAVVPN\ui\RAVVPN.exe"c:\program files\RAVVPN\ui\RAVVPN.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\RAVVPN" --app-path="c:\program files\RAVVPN\ui\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3760 --field-trial-handle=2288,i,775997511030436803,9167895234927203990,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:13⤵
-
\??\c:\program files\RAVVPN\ui\RAVVPN.exe"c:\program files\RAVVPN\ui\RAVVPN.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\RAVVPN" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4088 --field-trial-handle=2288,i,775997511030436803,9167895234927203990,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:23⤵
-
C:\Program Files\Hola\app\net_updater64.exe"C:/Program Files/Hola/app/net_updater64.exe" --updater win_hola.browser.hola.org1⤵
-
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exeC:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe2⤵
-
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exeC:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exe --id 13890 --screen2⤵
-
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\temp\net_updater64.exe"C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\temp\net_updater64.exe" --install win_hola.browser.hola.org --remote2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Executes dropped EXE
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV11⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_chrome_ext_hola_org1⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_chrome_agreed_noconsent_hola_org1⤵
- Launches sc.exe
-
C:\Windows\system32\sc.exesc query luminati_net_updater_win_hola_org1⤵
- Launches sc.exe
-
C:\Users\Admin\Downloads\Hola-Browser-Agreed-Inst-C-Amb3.exe"C:\Users\Admin\Downloads\Hola-Browser-Agreed-Inst-C-Amb3.exe"1⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --no-default-browser-check --component-updater=fast-update --start-maximized --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile"2⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\Hola\chromium_profile /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\Hola\chromium_profile\Crashpad --annotation=plat=Win32 "--annotation=prod=Hola Browser" --annotation=ver=103.0.5060.114 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x69b60498,0x69b604a8,0x69b604b43⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=408 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:23⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=2108 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:83⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=1848 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:83⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=2912 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:83⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=3040 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=3048 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=3184 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:83⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=3924 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:83⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=3884 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:83⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=3016 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:83⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=4728 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:83⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=es --service-sandbox-type=utility --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=4828 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:83⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=5056 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5084 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5092 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5100 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5132 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5144 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=5384 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5392 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=5408 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=5172 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=5176 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3640 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:23⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=3060 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:83⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=5460 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:83⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=6064 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=6716 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=proxy_resolver.mojom.ProxyResolverFactory --lang=es --service-sandbox-type=service --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=6984 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:83⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=5924 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:83⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5896 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:23⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=es --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --mojo-platform-channel-handle=3044 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:83⤵
-
C:\Program Files\Hola\app\chromium\hola_cr.exe"C:\Program Files\Hola\app\chromium\hola_cr.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\Hola\chromium_profile" --extension-process --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=5996 --field-trial-handle=1924,i,16011403366777127017,2661755063564755309,131072 /prefetch:13⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 752 -ip 7521⤵
-
C:\Program Files\SaferWeb\rsDNSResolver.exe"C:\Program Files\SaferWeb\rsDNSResolver.exe"1⤵
-
C:\Program Files\Hola\app\net_updater64.exe"C:/Program Files/Hola/app/net_updater64.exe" --updater win_hola.browser.hola.org1⤵
-
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exeC:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\test_wpf.exe2⤵
-
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exeC:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exe --id 92924 --screen2⤵
-
C:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exeC:\ProgramData\BrightData\108a47921d08860d64656218998ab66204caf497\idle_report.exe --id 791852⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /c1⤵
- Checks computer location settings
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /cr2⤵
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserCrashHandler.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserCrashHandler.exe"2⤵
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserCrashHandler64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1207.2\AVGBrowserCrashHandler64.exe"2⤵
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ua /installsource scheduler1⤵
-
C:\Program Files\SaferWeb\rsDNSClientSvc.exe"C:\Program Files\SaferWeb\rsDNSClientSvc.exe"1⤵
-
C:\Program Files\SaferWeb\rsDNSSvc.exe"C:\Program Files\SaferWeb\rsDNSSvc.exe"1⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\??\pipe\crashpad_4996_IOTSMYYEXFIEJGYKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/752-309-0x0000000000000000-mapping.dmp
-
memory/1076-216-0x0000000000000000-mapping.dmp
-
memory/1152-318-0x0000000000000000-mapping.dmp
-
memory/1352-179-0x0000000000000000-mapping.dmp
-
memory/1376-253-0x0000000000000000-mapping.dmp
-
memory/1392-326-0x0000000000000000-mapping.dmp
-
memory/1416-136-0x0000000002F01000-0x0000000002F03000-memory.dmpFilesize
8KB
-
memory/1416-149-0x0000000004F71000-0x0000000004F73000-memory.dmpFilesize
8KB
-
memory/1416-147-0x0000000002251000-0x0000000002253000-memory.dmpFilesize
8KB
-
memory/1416-134-0x0000000000000000-mapping.dmp
-
memory/1428-224-0x0000000000000000-mapping.dmp
-
memory/1612-237-0x0000000000000000-mapping.dmp
-
memory/1708-186-0x0000000000000000-mapping.dmp
-
memory/1724-339-0x0000000000000000-mapping.dmp
-
memory/1788-204-0x0000000000000000-mapping.dmp
-
memory/2024-217-0x0000000000000000-mapping.dmp
-
memory/2056-263-0x00000215A3190000-0x00000215A33BA000-memory.dmpFilesize
2.2MB
-
memory/2056-254-0x0000000000000000-mapping.dmp
-
memory/2056-260-0x0000021587F20000-0x0000021587F7A000-memory.dmpFilesize
360KB
-
memory/2056-258-0x00000215A24F0000-0x00000215A2544000-memory.dmpFilesize
336KB
-
memory/2056-257-0x0000021588330000-0x0000021588356000-memory.dmpFilesize
152KB
-
memory/2056-256-0x00007FFA71570000-0x00007FFA72031000-memory.dmpFilesize
10.8MB
-
memory/2056-255-0x0000021587F20000-0x0000021587F7A000-memory.dmpFilesize
360KB
-
memory/2056-261-0x0000021589C70000-0x0000021589CA2000-memory.dmpFilesize
200KB
-
memory/2056-262-0x00000215A2B70000-0x00000215A3188000-memory.dmpFilesize
6.1MB
-
memory/2056-264-0x00007FFA71570000-0x00007FFA72031000-memory.dmpFilesize
10.8MB
-
memory/2268-133-0x0000000000000000-mapping.dmp
-
memory/2496-205-0x0000000000000000-mapping.dmp
-
memory/2588-178-0x0000000000000000-mapping.dmp
-
memory/2732-232-0x0000000000000000-mapping.dmp
-
memory/2760-227-0x0000000000000000-mapping.dmp
-
memory/2804-317-0x0000000000000000-mapping.dmp
-
memory/2844-236-0x0000000000000000-mapping.dmp
-
memory/3144-245-0x00007FFA71570000-0x00007FFA72031000-memory.dmpFilesize
10.8MB
-
memory/3144-238-0x0000000000000000-mapping.dmp
-
memory/3144-242-0x00000146DEC10000-0x00000146DEC1A000-memory.dmpFilesize
40KB
-
memory/3144-240-0x00007FFA71570000-0x00007FFA72031000-memory.dmpFilesize
10.8MB
-
memory/3144-239-0x00000146DE880000-0x00000146DE8AE000-memory.dmpFilesize
184KB
-
memory/3144-244-0x00000146F8D80000-0x00000146F8DBC000-memory.dmpFilesize
240KB
-
memory/3144-243-0x00000146E0540000-0x00000146E0552000-memory.dmpFilesize
72KB
-
memory/3144-241-0x00000146DE880000-0x00000146DE8AE000-memory.dmpFilesize
184KB
-
memory/3228-320-0x0000000000000000-mapping.dmp
-
memory/3400-135-0x0000000000000000-mapping.dmp
-
memory/3400-206-0x0000000000000000-mapping.dmp
-
memory/3408-315-0x0000000000000000-mapping.dmp
-
memory/3448-219-0x00007FFA90940000-0x00007FFA90950000-memory.dmpFilesize
64KB
-
memory/3448-218-0x0000000000000000-mapping.dmp
-
memory/3448-220-0x00007FFA90940000-0x00007FFA90950000-memory.dmpFilesize
64KB
-
memory/3500-274-0x0000000000000000-mapping.dmp
-
memory/3588-189-0x000001D5A9880000-0x000001D5A9902000-memory.dmpFilesize
520KB
-
memory/3588-215-0x000001D5C3FA0000-0x000001D5C3FBE000-memory.dmpFilesize
120KB
-
memory/3588-272-0x00007FFA71570000-0x00007FFA72031000-memory.dmpFilesize
10.8MB
-
memory/3588-201-0x000001D5C3EC0000-0x000001D5C3ECE000-memory.dmpFilesize
56KB
-
memory/3588-200-0x000001D5C4050000-0x000001D5C4152000-memory.dmpFilesize
1.0MB
-
memory/3588-207-0x000001D5C3FC0000-0x000001D5C4000000-memory.dmpFilesize
256KB
-
memory/3588-208-0x00007FFA71570000-0x00007FFA72031000-memory.dmpFilesize
10.8MB
-
memory/3588-188-0x0000000000000000-mapping.dmp
-
memory/3588-193-0x000001D5AB400000-0x000001D5AB40A000-memory.dmpFilesize
40KB
-
memory/3588-192-0x000001D5C3C20000-0x000001D5C3C4E000-memory.dmpFilesize
184KB
-
memory/3588-190-0x00007FFA71570000-0x00007FFA72031000-memory.dmpFilesize
10.8MB
-
memory/3588-191-0x000001D5AB410000-0x000001D5AB440000-memory.dmpFilesize
192KB
-
memory/3588-214-0x000001D5C4680000-0x000001D5C46F6000-memory.dmpFilesize
472KB
-
memory/3588-194-0x000001D5C3E40000-0x000001D5C3E78000-memory.dmpFilesize
224KB
-
memory/3588-198-0x000001D5C3E80000-0x000001D5C3EAE000-memory.dmpFilesize
184KB
-
memory/3700-235-0x0000000000000000-mapping.dmp
-
memory/3776-350-0x0000000000000000-mapping.dmp
-
memory/3776-226-0x0000000000000000-mapping.dmp
-
memory/3812-211-0x0000000000000000-mapping.dmp
-
memory/3840-182-0x0000000000000000-mapping.dmp
-
memory/3840-183-0x000001E9CB2F0000-0x000001E9CB2F8000-memory.dmpFilesize
32KB
-
memory/3840-184-0x000001E9E5B00000-0x000001E9E6028000-memory.dmpFilesize
5.2MB
-
memory/3840-185-0x00007FFA71570000-0x00007FFA72031000-memory.dmpFilesize
10.8MB
-
memory/3840-197-0x00007FFA71570000-0x00007FFA72031000-memory.dmpFilesize
10.8MB
-
memory/3852-328-0x0000000000000000-mapping.dmp
-
memory/3936-212-0x0000000000000000-mapping.dmp
-
memory/3956-230-0x0000000000000000-mapping.dmp
-
memory/4024-279-0x000001DACEC10000-0x000001DACEC76000-memory.dmpFilesize
408KB
-
memory/4024-273-0x000001DACE5A0000-0x000001DACE5CE000-memory.dmpFilesize
184KB
-
memory/4024-282-0x000001DACF320000-0x000001DACF38C000-memory.dmpFilesize
432KB
-
memory/4024-266-0x000001DAB5A60000-0x000001DAB5A84000-memory.dmpFilesize
144KB
-
memory/4024-280-0x000001DACEC80000-0x000001DACECBA000-memory.dmpFilesize
232KB
-
memory/4024-267-0x000001DACE320000-0x000001DACE352000-memory.dmpFilesize
200KB
-
memory/4024-284-0x000001DACF4D0000-0x000001DACF536000-memory.dmpFilesize
408KB
-
memory/4024-268-0x000001DACE470000-0x000001DACE4A2000-memory.dmpFilesize
200KB
-
memory/4024-269-0x000001DACE4B0000-0x000001DACE4E6000-memory.dmpFilesize
216KB
-
memory/4024-270-0x000001DACE530000-0x000001DACE568000-memory.dmpFilesize
224KB
-
memory/4024-271-0x000001DACE570000-0x000001DACE598000-memory.dmpFilesize
160KB
-
memory/4024-285-0x000001DACF7D0000-0x000001DACF80A000-memory.dmpFilesize
232KB
-
memory/4024-281-0x000001DACEBD0000-0x000001DACEBF6000-memory.dmpFilesize
152KB
-
memory/4024-265-0x00007FFA71570000-0x00007FFA72031000-memory.dmpFilesize
10.8MB
-
memory/4024-278-0x000001DACF540000-0x000001DACF7C6000-memory.dmpFilesize
2.5MB
-
memory/4024-277-0x00007FFA71570000-0x00007FFA72031000-memory.dmpFilesize
10.8MB
-
memory/4024-275-0x000001DACEB40000-0x000001DACEB9E000-memory.dmpFilesize
376KB
-
memory/4164-199-0x0000000000000000-mapping.dmp
-
memory/4260-247-0x0000000000000000-mapping.dmp
-
memory/4460-196-0x0000000000000000-mapping.dmp
-
memory/4500-233-0x0000000000000000-mapping.dmp
-
memory/4604-286-0x0000000000000000-mapping.dmp
-
memory/4760-246-0x0000000000000000-mapping.dmp
-
memory/4816-222-0x0000000000000000-mapping.dmp
-
memory/5108-202-0x0000000000000000-mapping.dmp
-
memory/5132-354-0x0000000000000000-mapping.dmp
-
memory/5160-195-0x0000000000000000-mapping.dmp
-
memory/5208-228-0x0000000000000000-mapping.dmp
-
memory/5228-173-0x0000000000400000-0x00000000004ED000-memory.dmpFilesize
948KB
-
memory/5228-169-0x0000000000400000-0x00000000004ED000-memory.dmpFilesize
948KB
-
memory/5228-168-0x0000000000000000-mapping.dmp
-
memory/5228-171-0x0000000000400000-0x00000000004ED000-memory.dmpFilesize
948KB
-
memory/5264-210-0x0000000000000000-mapping.dmp
-
memory/5296-283-0x00007FFA5E920000-0x00007FFA5F356000-memory.dmpFilesize
10.2MB
-
memory/5296-276-0x0000000000000000-mapping.dmp
-
memory/5320-234-0x0000000000000000-mapping.dmp
-
memory/5344-225-0x00007FFA90940000-0x00007FFA90950000-memory.dmpFilesize
64KB
-
memory/5344-221-0x0000000000000000-mapping.dmp
-
memory/5380-209-0x0000000000000000-mapping.dmp
-
memory/5808-174-0x00000000068C0000-0x00000000068CF000-memory.dmpFilesize
60KB
-
memory/5808-172-0x0000000000000000-mapping.dmp
-
memory/5852-203-0x0000000000000000-mapping.dmp
-
memory/5872-231-0x0000000000000000-mapping.dmp
-
memory/5884-187-0x0000000000000000-mapping.dmp
-
memory/5944-213-0x0000000000000000-mapping.dmp
-
memory/5968-352-0x0000000000000000-mapping.dmp
-
memory/6020-176-0x00000000023E1000-0x00000000023E5000-memory.dmpFilesize
16KB
-
memory/6020-175-0x0000000000000000-mapping.dmp
-
memory/6020-181-0x0000000006371000-0x0000000006375000-memory.dmpFilesize
16KB
-
memory/6032-166-0x0000000000400000-0x0000000000D6D000-memory.dmpFilesize
9.4MB
-
memory/6032-162-0x0000000000400000-0x0000000000D6D000-memory.dmpFilesize
9.4MB
-
memory/6032-156-0x0000000000400000-0x0000000000D6D000-memory.dmpFilesize
9.4MB
-
memory/6032-151-0x0000000000E90000-0x0000000000EF5000-memory.dmpFilesize
404KB
-
memory/6032-167-0x0000000000400000-0x0000000000D6D000-memory.dmpFilesize
9.4MB
-
memory/6032-165-0x0000000000400000-0x0000000000D6D000-memory.dmpFilesize
9.4MB
-
memory/6032-161-0x0000000000400000-0x0000000000D6D000-memory.dmpFilesize
9.4MB
-
memory/6032-159-0x0000000000400000-0x0000000000D6D000-memory.dmpFilesize
9.4MB
-
memory/6032-158-0x0000000000400000-0x0000000000D6D000-memory.dmpFilesize
9.4MB
-
memory/6032-157-0x0000000000E91000-0x0000000000EC6000-memory.dmpFilesize
212KB
-
memory/6032-148-0x0000000000000000-mapping.dmp
-
memory/6052-229-0x0000000000000000-mapping.dmp
-
memory/6064-177-0x0000000000000000-mapping.dmp
-
memory/6096-250-0x00000188FE080000-0x00000188FE1FC000-memory.dmpFilesize
1.5MB
-
memory/6096-248-0x00007FFA71570000-0x00007FFA72031000-memory.dmpFilesize
10.8MB
-
memory/6096-249-0x00000188FDD10000-0x00000188FE076000-memory.dmpFilesize
3.4MB
-
memory/6096-252-0x00000188E5190000-0x00000188E51B2000-memory.dmpFilesize
136KB
-
memory/6096-251-0x00000188E5130000-0x00000188E514A000-memory.dmpFilesize
104KB
-
memory/6096-259-0x00007FFA71570000-0x00007FFA72031000-memory.dmpFilesize
10.8MB
-
memory/7160-380-0x00007FFA5EAB0000-0x00007FFA5F4E6000-memory.dmpFilesize
10.2MB
-
memory/7844-553-0x0000000000400000-0x00000000004CC000-memory.dmpFilesize
816KB
-
memory/8264-567-0x0000000000400000-0x00000000004CC000-memory.dmpFilesize
816KB
-
memory/8696-549-0x0000000000400000-0x00000000004CC000-memory.dmpFilesize
816KB
-
memory/8736-541-0x0000000000400000-0x00000000004CC000-memory.dmpFilesize
816KB
-
memory/10016-547-0x0000000000400000-0x00000000004CC000-memory.dmpFilesize
816KB