hxxps://www[.]mediafire[.]com/file/zyfjpuqb824twlt/TsunamiCCheat[.]rar/file

Analysis

max time kernel
134s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
01/08/2023, 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/zyfjpuqb824twlt/TsunamiCCheat.rar/file

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
6704	winrar-x64-622.exe
7028	winrar-x64-622.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe
5212	chrome.exe
5212	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 57 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe
Token: SeShutdownPrivilege	2712	chrome.exe
Token: SeCreatePagefilePrivilege	2712	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe
2712	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
6704	winrar-x64-622.exe
6704	winrar-x64-622.exe
6704	winrar-x64-622.exe
7028	winrar-x64-622.exe
7028	winrar-x64-622.exe
7028	winrar-x64-622.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2712 wrote to memory of 2224	2712	chrome.exe	84
PID 2712 wrote to memory of 2224	2712	chrome.exe	84
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 4372	2712	chrome.exe	89
PID 2712 wrote to memory of 2816	2712	chrome.exe	86
PID 2712 wrote to memory of 2816	2712	chrome.exe	86
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87
PID 2712 wrote to memory of 732	2712	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/zyfjpuqb824twlt/TsunamiCCheat.rar/file
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2c219758,0x7ffb2c219768,0x7ffb2c219778
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1284 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:2
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5116 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5508 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5068 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4948 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3084 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5836 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6276 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6396 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6436 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6740 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=7040 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7064 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7272 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7460 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6580 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7808 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7432 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=8248 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=8400 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=8372 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8732 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8712 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7592 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=9256 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=9448 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=9600 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7752 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:6288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6656 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:6412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8900 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:6520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6920 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8940 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1848 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:6464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7624 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:6612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8376 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:6624
- C:\Users\Admin\Downloads\winrar-x64-622.exe
  "C:\Users\Admin\Downloads\winrar-x64-622.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:6700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=908 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9060 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9320 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6872 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7808 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=7864 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8032 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8064 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6960 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8920 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7980 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9308 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9492 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=9344 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=8840 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=6436 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7604 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5760
- C:\Users\Admin\Downloads\winrar-x64-622.exe
  "C:\Users\Admin\Downloads\winrar-x64-622.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:7028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=7268 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7360 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9188 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:6664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=9912 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10044 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=10152 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=9492 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=9488 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=9864 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=7288 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=9900 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10212 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=8924 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:7052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7136 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=9828 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=9936 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=2260 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=884 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=8944 --field-trial-handle=1988,i,15886931550513330439,7457223766834968978,131072 /prefetch:1
  2⤵
  PID:6152

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3160

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\cba0d00032e34b6299f3ac17e19980f9 /t 6124 /p 6704
1⤵
PID:4808

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\ea5448ac4e4b4c5ab5e441c8b8f30c4f /t 5384 /p 7028
1⤵
PID:6688

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
06beb2b179ed8d7eb726106b134ac0a1

SHA1
3d846505e0eea78a861bb4401dba44e00baa96cc

SHA256
6c5c7555020fef6e7483274ca86461be0e2683744e8bd41e6b5f65af76e89ea6

SHA512
5bbe6a5b2659561dfdbda7261f9fa993fab1b84a4dab8b074178f8cbd1107cdd1955a72a7157b5c088a0e6f9b7a65751b895d71554386c11a17249ca3064c810

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
54KB

MD5
19856c0bc88c8b0fddbd9fadb5b2d63a

SHA1
6d48401c593e53200ac03a0f36409a1e66c4feff

SHA256
e7b9666f876a2db4da6693852fd59014dbed1f4e194a11d08b41f7de532c4068

SHA512
6a3b66403344d8375af1fad5ac7e7c121dbf789da7fa8ca45137ec62e30e3c6a16848c2b00f3f36a22e98d71a89be3ff45bcbf47829a623466c4e64493d120a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
034adafc4231e4d6cb9c4e7c3c493163

SHA1
b9a33d2f2711f6362761aa635e499f428fabca3b

SHA256
f4d037d5194ce83d7a9a2d020b4988e8b591c46568d2cfc33c12a8fb1ec4a0b7

SHA512
ea6a6046e454f7fa775d9867838b0a43a2b06327b044a833a83037fc9acee3138f740f681c8977e56927ed0e35bf1c4d4e9e7fe9db0303d9914eccb2d37dacb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
1aeb13a3562930d66e155524c0a9496e

SHA1
997392640d7a859adb24874ad989bf88c5ac4e6b

SHA256
70d2ae3d77086fb19ef89c8f1ed3762928d4683d4638b400ba90c4de5c151593

SHA512
39d7e4cfaf63bb5a1741435c182ee129f8e7819b0139b012a84b0193dc2b20889a5ac7be9a1aecedcb1e963fd25347dbd8a281c3c89fd369863ec9ec50d587e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
fd739e5f900e181b0ff4d9969a483f88

SHA1
03e87637e61cabbb4862d8a952ca09109dfb1a85

SHA256
05b54145552edf76534afc6bf1ec0a8dbe91f21ed741b208a533c8cae8d138ad

SHA512
b87afed3fe17db58a668958209b1b3ae93b836ee7459352c2adabb9efa8bcaee67a4680b3214d2c5b9228d665cecbc6329233dc3a254e8dadeea2550de9bd3d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
f5d5707c22f0dd01c3a44a01744b424b

SHA1
3b3439102de6e5c472fc5419c7e60ec18db88bc3

SHA256
61e76f0e3887caed8aed5dbafc3597013e2e0b43e98e6be126214fe1dca8d06f

SHA512
de39ac85b265c9c4b7c380d4d966616f39808ceb563097fb742e95d365ab2b1cde459b1e8a7a529c2922cef37669e7bb8f6bc52d78463aeee1530dcdfa808c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1aef93eaa257895b8310c8f7735572bf

SHA1
875717ef4e20c6d6fd02672ff43c5fa9cf28b332

SHA256
f790a3694c0816582eb75fc6a63090f7143df27b9402259d197a0e94f6adf585

SHA512
9c79a67eb0a0ce55f9deb52bd98b263adeb2450eaf8bc423699df5a84dfda7f95044e7544d91030191d89bd9f1a86f50839253c6eae838ba6ce15fbf94c152df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
341e5be75b83c95496d9c1f70d9104e8

SHA1
5258738232aa10632636ed87eba517c3f09b0440

SHA256
bb7b65d405e8de239db09180f428f34aff3992bcf839e43d13d4c8f1d2debece

SHA512
5278d784cf50536d6464c3eb52a11eddb528c842d457f4dfe7fc20de5a2de74403f21c06355696e59d637b48f6f1f6ed49dff3586b961dff8e28cddbfb75db71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
58c5da36eb19f43dff6c98cc587c7398

SHA1
ef8b35cd9210e41c86d8426fdf8da865d05a29f1

SHA256
bafbb3916adfad7a4caf75f25ffa1ce1439eda2938edfc102b3afcd8129f1a3e

SHA512
837afd76612b533c3ef594e7b3e20c491bf43b301e963af43f2851fd319c29e5fa3a2b3d05117c50db41ae887088ce6a12376348cb8474b2ed1f420a57bcdeb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
54e59c8ef504dbb7d7477e15ff2f31a7

SHA1
32dddbbfc31c3be04f4052c6af0382f0e5123eb4

SHA256
ce483ce0846e483dd966532625e110fa07a07788827fdcc61d707f663690070c

SHA512
17331f0b41323198b36c9331dcb62ed95dd0876e5dcd9961893979acf261147d6cb2fee6e5c0f0db27b48f421cede4322970d7f1337eae671275bb664daa4d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
71a8e1a8b4fa42963812c353f95e082f

SHA1
97e9e6e0c9cfe983222b07303d8db8046fc6ba15

SHA256
1c4a54d01b95dd204c7890abfb974ae24b3336185960dc23ae0a9b0ccb9e516b

SHA512
b06b862988bec867b80fd7f36b5efeeb69506c546622c274cdad3877809ac1d7c4b2c514b6f316e32c036f2261fa847358ce4ececf3c09da975a097ae4226be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
16d52ed97be076dbc0d9d63b6cef119a

SHA1
c8b2ee7ebe151089ec1f7b1fc35c9297732ce0c7

SHA256
7d5cd886f4528151c546646507df45e4bbfd9f35f356125346f7fa5f31e58702

SHA512
1ec67f080218e50c550cd4d75d8bf2bb5bfa23c64a3e5d5ebc6f7369a9090870b0c1287346364e2ffea1bb6f0e58b527b55adca4b896e09bdd7d94564fee7f36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1dc685c7f20d3169ee72ecaa015ef721

SHA1
e56518e8de6e2e6b7ee7a94576acbdff2d2cc1bb

SHA256
714aec3226f8dcca66b1544379f97f9bf9ddae1a9fe269822eeed59d3ec281e2

SHA512
17e473db69871175b3d42a45628d60aa6b9e3ae26c393101e4daf9916acd40f906c3b6802a286100ebc1bbcd4cd3f8885414d37b3ba09c942fd32838fa28adbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2590931e9fcadcc0dbf26bb969c5aca7

SHA1
80cba3ee69fa8fa0a3f78be098815eed20c31bc7

SHA256
bd7fb1c4c58c78f062bb29182a5384287fa8354596e232cfeb76ad2fdd130e4c

SHA512
53cea257ad7c218c8360aa393f6ec704b107d88c44597d7d093bf4bf0a27c5131079d04cb3e51b71f2ad2ea1cfad6b1cde70a88b8bf7e3b44e14a7159ab7a033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
96bd155aed96a79a03f2517b562bf07d

SHA1
3c1d38b3e8ae8285343910134b8d3911259a87e2

SHA256
f19091afa20fdd48ff2be03b1158b7c22efe3e14d2ce0bbf8b895be0fd4deb5e

SHA512
9b9d6af4ef2dc05c220ed8c81697a0c8d4929276df5fc26e210f9907d421ba04e7b1a9d45c022d7dce3de590b6d6eff25ba8f76b1af3a2c776dcaceb1ae45108

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e7e08a810e088d7c4d9793d74dfe4dd4

SHA1
4cb5b6a1f948ef9f974f008cd6f2c07a73e34562

SHA256
0b996faf6efd0e4c9ea87ae76ec4cca12cb62470bdc893af6cf92bf54e3a595e

SHA512
0498327a0d96db033e4580829623e461d9d9ff0938046070736ef0d6e09339fdca3d33d48dee6cbdf4a3edbb68b8a971b42d67564c116d31160d38604cfede14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Search Logos\logo

Filesize
16KB

MD5
b901a182020d9f5d94c2fbb425a98702

SHA1
8a13a0c1ffbbb2479e3506d9075f652a042cb9ae

SHA256
ede0a039ef3ad15a3145a8fdbc02a64812d38d1b50265822088aea0e0849ec4a

SHA512
c42a125894f0ac96f9bdcb31b8bf42fd7e7178cdf5ceb86171aacb04c36ec2f277633634abde5134edde4ae3c762b3d4d0b952a78ca233ee1ee19605fa3fc5a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
cd6f232bbb420105752c860fd829b682

SHA1
0d1278d6f4af7dc90d47c4a9ca45f47ed382ed8c

SHA256
739cce532336cb5192f4afff9ade5a1fefd9678f580388c30838d450d668acb1

SHA512
878bae2ed09a050f3b07ba857e6a5eeba2af6a632df155a53fe4acd8a55d309c9babb7136627e6b05946b9dda279c4b7c414875d168aee0fe52c5b0b57c4d5dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
eb79c26da4f6a13c016739ef2376646a

SHA1
fb8671a0072bcababc79176d2a7c4e703022a9f1

SHA256
273c48e48df75e379cb0dd65bac61823152e426cb20803193cbcbb9c365bedf9

SHA512
3076ec6added046040be978d10c56491dac27de8699ac341727f598f930a226fb60797315f4ddcb3dcbb681207a48e9a6e88b751b560f146d823f62d9fcf8401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
d76bbb47827d5f2a6c487a96f50aec3e

SHA1
2a594c9e694faa715c816239aa349133544de1af

SHA256
53242301527fe28352398da219bb868fbfef7817a941b433550680a67307b0db

SHA512
0cffcdce8a4307b1e7bb9796fe9b759639e17b2df4b9127f3ef7dd26fb20d36660f97dc58533daf65137e518f6d72aeafc7616ed088a74a52f8f3c8a9c6beafe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
e5a2c0404a41e95904e6a0f481726e23

SHA1
eb8dd9baded07a5dd3139ff43c6d2e064f1b38f3

SHA256
a2380b220ae14accf88b5edfb5e0221eafc0cc63195e5d731936136c4ae76303

SHA512
2e7c5d044875e7267e0dac799fc01c6dc5167613c88703253b6a8dd6f16edb61100669f63c98886b425d81d89bc9349ff96eb5346f0cff7658deee1ca4cc7f00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
118KB

MD5
c04b2bab7085f1701f0bef477a4bae57

SHA1
c63a6654886ab3750a0c9b3d2ed6fd1c32ff27b8

SHA256
03f9e011ec5db80257a9c34680068d68aa72e66cc93b8eac3dfe22d237e264cb

SHA512
735c95adcd3a73fbb82b9536677c637b96b475711959f110125384dc16b5f85bdd2dea4ba04b7d80089eb35ef66f7f010f3f1f3d14501ba49f9b495e9c32782f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe585213.TMP

Filesize
111KB

MD5
bd37fdfb0252ecaec9deda35def8811c

SHA1
3065d3b18abd5897580e38b50bed7b5e4cb3a286

SHA256
7a16e444a93f0993739a40cba951591b56d1c64eb4a0dbe5d4da6f2efa4d278b

SHA512
8a464a93d9db32b38ae11fb43f5b1dd56a532bd9271ca6f1199f0ce4b2af05ce4e7b0f65fb13fed609f730e13dbe5243f54bc8a9432c2b3e7d01a2f22072228d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\winrar-x64-622.exe

Filesize
3.4MB

MD5
8a3faa499854ea7ff1a7ea5dbfdfccfb

SHA1
e0c4e5f7e08207319637c963c439e60735939dec

SHA256
e5e9f54a55ad4b936adaed4cca5b4d29bd6f308f1a0136a7e3c0f5fb234e7fff

SHA512
4c7474353dd64e1a1568b93e17be3f2f0eaf24b7d520339c033f46a517b0e048e88bda1b5d5bcfe62353930d8d76a7037ec6200882df8afc310322a5d5fceb25

Download Submit
C:\Users\Admin\Downloads\winrar-x64-622.exe

Filesize
3.4MB

MD5
8a3faa499854ea7ff1a7ea5dbfdfccfb

SHA1
e0c4e5f7e08207319637c963c439e60735939dec

SHA256
e5e9f54a55ad4b936adaed4cca5b4d29bd6f308f1a0136a7e3c0f5fb234e7fff

SHA512
4c7474353dd64e1a1568b93e17be3f2f0eaf24b7d520339c033f46a517b0e048e88bda1b5d5bcfe62353930d8d76a7037ec6200882df8afc310322a5d5fceb25

Download Submit
C:\Users\Admin\Downloads\winrar-x64-622.exe

Filesize
3.4MB

MD5
8a3faa499854ea7ff1a7ea5dbfdfccfb

SHA1
e0c4e5f7e08207319637c963c439e60735939dec

SHA256
e5e9f54a55ad4b936adaed4cca5b4d29bd6f308f1a0136a7e3c0f5fb234e7fff

SHA512
4c7474353dd64e1a1568b93e17be3f2f0eaf24b7d520339c033f46a517b0e048e88bda1b5d5bcfe62353930d8d76a7037ec6200882df8afc310322a5d5fceb25

Download Submit
C:\Users\Admin\Downloads\winrar-x64-622.exe

Filesize
3.4MB

MD5
8a3faa499854ea7ff1a7ea5dbfdfccfb

SHA1
e0c4e5f7e08207319637c963c439e60735939dec

SHA256
e5e9f54a55ad4b936adaed4cca5b4d29bd6f308f1a0136a7e3c0f5fb234e7fff

SHA512
4c7474353dd64e1a1568b93e17be3f2f0eaf24b7d520339c033f46a517b0e048e88bda1b5d5bcfe62353930d8d76a7037ec6200882df8afc310322a5d5fceb25

Download Submit