Analysis Overview
SHA256
b8861b968bb930b800d7d51bd04355f7312144ee51d91c332ab36c7b845050dc
Threat Level: Known bad
The file Test.py was found to be: Known bad.
Malicious Activity Summary
Registers COM server for autorun
PlugX
PlugX Rat Payload
Suspicious use of NtCreateUserProcessOtherParentProcess
Downloads MZ/PE file
Blocklisted process makes network request
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Enumerates connected drives
Checks installed software on the system
Drops file in System32 directory
Drops file in Windows directory
Program crash
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Checks SCSI registry key(s)
Checks processor information in registry
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Modifies data under HKEY_USERS
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-03-30 11:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-03-22 18:16
Reported
2022-03-22 18:46
Platform
win7-20220310-en
Max time kernel
785s
Max time network
1703s
Command Line
Signatures
PlugX
PlugX Rat Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Checks installed software on the system
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000_Classes\Local Settings | C:\Windows\system32\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2932610838-281738825-1127631353-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache | C:\Windows\system32\rundll32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Test.py
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Test.py
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7004f50,0x7fef7004f60,0x7fef7004f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1048 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1272 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1688 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3044 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3300 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3364 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4320 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4020 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3668 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4048 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3636 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2416 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4276 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4552 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4544 /prefetch:8
C:\Users\Admin\Downloads\python-3.10.3-amd64.exe
"C:\Users\Admin\Downloads\python-3.10.3-amd64.exe"
C:\Windows\Temp\{BA8497CE-CEE1-4270-AA46-D3BBC962410D}\.cr\python-3.10.3-amd64.exe
"C:\Windows\Temp\{BA8497CE-CEE1-4270-AA46-D3BBC962410D}\.cr\python-3.10.3-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.10.3-amd64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4064 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1560 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4340 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4476 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1876 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1540 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=532 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1468 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4300 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4340 /prefetch:8
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=PY6f8CD6Lah1JWsOCC/Te1gKZTxisnqz+0MSqGbi --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=NewCleanerUIExperiment
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=99.279.200 --initial-client-data=0x160,0x164,0x168,0x134,0x16c,0x13f3c25a0,0x13f3c25b0,0x13f3c25c0
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_2832_MSCUAIKTDPQSZZSZ" --sandboxed-process-id=2 --init-done-notifier=476 --sandbox-mojo-pipe-token=6258576873058767232 --mojo-platform-channel-handle=452 --engine=2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1540 /prefetch:8
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_2832_MSCUAIKTDPQSZZSZ" --sandboxed-process-id=3 --init-done-notifier=640 --sandbox-mojo-pipe-token=6995603285757643253 --mojo-platform-channel-handle=636
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=780 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3276 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3348 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1484 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1708 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2032 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1028,1124451235975202647,6704869488444180036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3220 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 172.217.168.237:443 | accounts.google.com | tcp |
| NL | 142.250.179.174:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| NL | 172.217.168.193:443 | clients2.googleusercontent.com | udp |
| NL | 172.217.168.193:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 142.250.179.142:443 | apis.google.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 138.197.63.241:80 | tcp | |
| US | 138.197.63.241:80 | python.org | tcp |
| US | 138.197.63.241:443 | python.org | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 151.101.36.223:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 142.251.39.99:80 | www.gstatic.com | tcp |
| NL | 142.250.179.131:443 | ssl.gstatic.com | tcp |
| NL | 151.101.36.223:443 | tcp | |
| NL | 151.101.36.223:443 | tcp | |
| NL | 151.101.36.223:443 | www.python.org | tcp |
| NL | 151.101.36.223:443 | tcp | |
| US | 188.114.97.0:443 | media.ethicalads.io | tcp |
| NL | 142.251.36.42:443 | ajax.googleapis.com | tcp |
| NL | 142.251.36.42:443 | udp | |
| NL | 142.250.179.200:443 | ssl.google-analytics.com | tcp |
| US | 138.197.63.241:443 | console.python.org | tcp |
| IE | 52.215.192.131:443 | tcp | |
| NL | 142.250.179.200:443 | udp | |
| US | 142.250.102.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.251.39.110:443 | sb-ssl.google.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.163:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.131:443 | beacons.gcp.gvt2.com | tcp |
| NL | 142.250.179.131:443 | udp | |
| NL | 142.250.179.163:443 | udp | |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.202:443 | safebrowsing.googleapis.com | tcp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 35.241.29.71:443 | tcp | |
| US | 35.241.29.71:443 | udp | |
| US | 35.241.29.71:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 172.217.168.195:443 | b1.nel.goog | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.163:443 | udp | |
| NL | 172.217.168.195:443 | udp | |
| NL | 172.217.168.195:443 | udp | |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| NL | 172.217.168.195:443 | udp | |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 172.217.168.195:443 | udp | |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp |
Files
memory/1452-54-0x000007FEFC121000-0x000007FEFC123000-memory.dmp
\??\pipe\crashpad_1944_SCETNNUYBFPSMIND
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/3036-82-0x0000000075A31000-0x0000000075A33000-memory.dmp
C:\Users\Admin\Downloads\python-3.10.3-amd64.exe
| MD5 | 9ea305690dbfd424a632b6a659347c1e |
| SHA1 | ebe0abda063d772ff812a2f07e7acccf52d7cd6b |
| SHA256 | 48aea4b9f6315a6544f82480b2caf1e29fd6687abb5b756930ad98a1e9b9a847 |
| SHA512 | 7bbacee4fbe785597116edc93daf8ddbf52ccf6fb4806f90be8675149407b7853ca90315f79f8ef54aac7377666055611efb8a425f61ff2fce6af611d4a806b5 |
C:\Users\Admin\Downloads\python-3.10.3-amd64.exe
| MD5 | 9ea305690dbfd424a632b6a659347c1e |
| SHA1 | ebe0abda063d772ff812a2f07e7acccf52d7cd6b |
| SHA256 | 48aea4b9f6315a6544f82480b2caf1e29fd6687abb5b756930ad98a1e9b9a847 |
| SHA512 | 7bbacee4fbe785597116edc93daf8ddbf52ccf6fb4806f90be8675149407b7853ca90315f79f8ef54aac7377666055611efb8a425f61ff2fce6af611d4a806b5 |
\Windows\Temp\{BA8497CE-CEE1-4270-AA46-D3BBC962410D}\.cr\python-3.10.3-amd64.exe
| MD5 | 12975d7249f9c5df0820b0a9ef3a7ea7 |
| SHA1 | 1148bcf4bfe56455e275e044b815fd2d41955f9a |
| SHA256 | fd088482a4d7dcd1f3bea7a12e47d8474fc1699f164e538e5d2d5d56fe4fe38f |
| SHA512 | d5f7145ce1132b147319266806e6897fbaa18dad7140e4e453ddde89cf7610d529229d77fb55491e82fce375b077cde21a1636d9c1942baa12b65e27a681cf8e |
C:\Windows\Temp\{BA8497CE-CEE1-4270-AA46-D3BBC962410D}\.cr\python-3.10.3-amd64.exe
| MD5 | 12975d7249f9c5df0820b0a9ef3a7ea7 |
| SHA1 | 1148bcf4bfe56455e275e044b815fd2d41955f9a |
| SHA256 | fd088482a4d7dcd1f3bea7a12e47d8474fc1699f164e538e5d2d5d56fe4fe38f |
| SHA512 | d5f7145ce1132b147319266806e6897fbaa18dad7140e4e453ddde89cf7610d529229d77fb55491e82fce375b077cde21a1636d9c1942baa12b65e27a681cf8e |
C:\Windows\Temp\{BA8497CE-CEE1-4270-AA46-D3BBC962410D}\.cr\python-3.10.3-amd64.exe
| MD5 | 12975d7249f9c5df0820b0a9ef3a7ea7 |
| SHA1 | 1148bcf4bfe56455e275e044b815fd2d41955f9a |
| SHA256 | fd088482a4d7dcd1f3bea7a12e47d8474fc1699f164e538e5d2d5d56fe4fe38f |
| SHA512 | d5f7145ce1132b147319266806e6897fbaa18dad7140e4e453ddde89cf7610d529229d77fb55491e82fce375b077cde21a1636d9c1942baa12b65e27a681cf8e |
\Windows\Temp\{7592AE88-3589-4DD4-8D62-06ACAB317811}\.ba\PythonBA.dll
| MD5 | f0de7f1a8fcc825d5d32cf804e44a0dc |
| SHA1 | 35bdc53a3782e3f820c2ebd715009fb6a328cc3b |
| SHA256 | e9f560f381826f2ada40d1e9d422601b4e35fe293940be29e631be11e1c34c7a |
| SHA512 | dcb83fa0734614232ca0ff8c1cefadaf4902a0c945f793675afb7b08d0e594f71dfc643bbbd0c37c569be1cee7437b5b6aabe8859190654b2d99d61a2d446c7b |
memory/2172-89-0x00000000747D1000-0x00000000747D3000-memory.dmp
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
| MD5 | 3dcd45838971b3e51d01e62c09d36e08 |
| SHA1 | 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a |
| SHA256 | d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81 |
| SHA512 | 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
| MD5 | 3dcd45838971b3e51d01e62c09d36e08 |
| SHA1 | 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a |
| SHA256 | d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81 |
| SHA512 | 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
| MD5 | 3dcd45838971b3e51d01e62c09d36e08 |
| SHA1 | 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a |
| SHA256 | d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81 |
| SHA512 | 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa |
\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat
| MD5 | 43ffbf78d39650b194f764033825ae45 |
| SHA1 | 5ed5e03facddabab65cbf51f38edbc94eb298339 |
| SHA256 | ac0990b139498ed325989214e4ed3fc9394fdf7546c7d81c84e77093e64cdce3 |
| SHA512 | b41b78602c5cf2571a965465f5a8ccb37f1033f9a323bc28a81fb90c4ad516ad30670f517ef0df03d55e42499c791e3a7622587426e6aa4ba7605d476e0625ac |
memory/2868-113-0x000000013F3C7000-0x000000013F3C8000-memory.dmp
memory/2868-111-0x000000013F3C7000-0x000000013F3C8000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe
| MD5 | 3dcd45838971b3e51d01e62c09d36e08 |
| SHA1 | 9884fc2f1ed03043d5a6aa5f59625b7a0cad4c2a |
| SHA256 | d7081c02c19718ed94ef3154ede0d045c50ba7d9e7653b7b5c589ac1a0b36f81 |
| SHA512 | 6e2b5e3b75bd872bd01c6b8feaea76aea733f75320e4b88877ef1aae061d37ac0de82943502c2c575f67dcd77961bba506d5f16489bd33b8aa621e472fe648fa |
\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat
| MD5 | 43ffbf78d39650b194f764033825ae45 |
| SHA1 | 5ed5e03facddabab65cbf51f38edbc94eb298339 |
| SHA256 | ac0990b139498ed325989214e4ed3fc9394fdf7546c7d81c84e77093e64cdce3 |
| SHA512 | b41b78602c5cf2571a965465f5a8ccb37f1033f9a323bc28a81fb90c4ad516ad30670f517ef0df03d55e42499c791e3a7622587426e6aa4ba7605d476e0625ac |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\edls_64.dll
| MD5 | e9a7c44d7bda10b5b7a132d46fcdaf35 |
| SHA1 | 5217179f094c45ba660777cfa25c7eb00b5c8202 |
| SHA256 | 35351366369a7774f9f30f38dc8aa3cd5e087acd8eae79e80c24526cd40e95a1 |
| SHA512 | e76308eee65bf0bf31e58d754e07b63092a4109ef3d44df7b746da99d44be6112bc5f970123c4e82523b6d301392e09c2cfc490e304550b42d152cdb0757e774 |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em001_64.dll
| MD5 | 7adcb76ec34d774d1435b477e8625c47 |
| SHA1 | ec4ba0ad028c45489608c6822f3cabb683a07064 |
| SHA256 | a55be2be943078157b7d1cfb52febd4a95e4c7a37995bb75b19b079cc1ee5b9d |
| SHA512 | c1af669ee971b4f4a3bb057fe423a63376cfc19026650036b29d77fed73458d235889a662ac5e12c871c3e77f6fbdb1fa29c0dfa488a4a40fa045d79eb61e7c4 |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em000_64.dll
| MD5 | d0cf72186dbaea05c5a5bf6594225fc3 |
| SHA1 | 0e69efd78dc1124122dd8b752be92cb1cbc067a1 |
| SHA256 | 225d4f7e3ab4687f05f817435b883f6c3271b6c4d4018d94fe4398a350d74907 |
| SHA512 | 8122a9a9205cfa67ff87cb4755089e5ed1acf8f807467216c98f09f94704f98497f7aa57ad29e255efa4d7206c577c4cf7fed140afb046499fc2e57e03f55285 |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em002_64.dll
| MD5 | 5913dc18fc2a5dd49ba064655ac75c24 |
| SHA1 | d941ea7f6a7aa6c8b7dbc65fa37b6bf41dcd9069 |
| SHA256 | 090b958bd2806e2571198847fad60ba446282b783d2da44efe3a879d0507701f |
| SHA512 | d71edd1d2a5fa643f22fe0947c5910cf6b796845f6a782dd8503907babce49055175010296fbd890ff9ce0b3dd5df7ebfe7b8fb079c0ae4b7e562099d6e84197 |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em003_64.dll
| MD5 | ced50723c5ae960adfd3fc726b34cdb1 |
| SHA1 | 962a477d168b786b3d1a301793ab91e1a850f376 |
| SHA256 | 5a9dc132339862cc79f38c1b17db4c0fafa58eec396608ac1583784f1b3b6532 |
| SHA512 | ad70cac1f0a65362f4c2d1c221564c23fc2beecc9842aeb513a1448f2820d987e014af0557a30d50ae136d0bea83b8254ba871937576d3097fce567add578bee |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em004_64.dll
| MD5 | 6e1f355a54cf57047647beb9f5aca079 |
| SHA1 | 529f42911634143507f28d4ea0b6757d6f17af65 |
| SHA256 | 10a6c06788b110c0bfd26603d1dc4e3aec48ba917d4d80dac9fb34f83808eee6 |
| SHA512 | 5ca0bbd9d2337c2e0019969725e904c1ab829dde36d4b35235cc6175d86996dabd2542914d7be0378ed298b758c9e542e059107db8ab7e3de424ac48b8d3aa74 |
\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\em005_64.dll
| MD5 | 169a2ef320119891cf3189aa3fd23b0e |
| SHA1 | de51c936101ef79bbc0f1d3c800cf832d221eef8 |
| SHA256 | 1072d49da0a70640fb9716cb894f4834ff621ca96d4aea1f478754edf4d0f780 |
| SHA512 | 7fe27d360bbf6d410ea9d33d6003ab455cd8b9e5521c00db9bb6c44a7472ccf2083d51034bab5ffc5aef85db36fc758c76b02fa31f0d0024c9d532548a2bf9ca |
memory/568-143-0x000000013F3C7000-0x000000013F3C8000-memory.dmp
memory/568-141-0x000000013F3C7000-0x000000013F3C8000-memory.dmp
memory/2868-145-0x0000000000520000-0x0000000000560000-memory.dmp
memory/2868-146-0x0000000000560000-0x00000000005A0000-memory.dmp
memory/2868-147-0x0000000000520000-0x0000000000560000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-03-22 18:16
Reported
2022-03-22 18:46
Platform
win10v2004-20220310-en
Max time kernel
1801s
Max time network
1775s
Command Line
Signatures
Registers COM server for autorun
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 4480 created 2348 | N/A | C:\Windows\ImmersiveControlPanel\SystemSettings.exe | C:\Windows\system32\sihost.exe |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\python-3.10.3-amd64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe | N/A |
| N/A | N/A | C:\Windows\Temp\{F97E91C2-DC29-4BA4-8F9A-F3AC593DA41A}\.be\python-3.10.3-amd64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Python\Python310\pythonw.exe | N/A |
| N/A | N/A | C:\Windows\py.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe | N/A |
| N/A | N/A | C:\Windows\py.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe | N/A |
| N/A | N/A | C:\Windows\py.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Programs\Python\Python310\pythonw.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce | C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{a5de448a-5723-4bc4-a20d-26f83f96e00f} = "\"C:\\Users\\Admin\\AppData\\Local\\Package Cache\\{a5de448a-5723-4bc4-a20d-26f83f96e00f}\\python-3.10.3-amd64.exe\" /burn.runonce" | C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{8261D867-F3AD-4ADA-81F3-4A2A09E48C1B}.catalogItem | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{800A6F77-FC1E-44FD-9E41-157DA8CA6F01}.catalogItem | C:\Windows\System32\svchost.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\1d04d0c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d10.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{0E222A50-70D1-440A-BC74-10158262BC44} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\1d04d25.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{90E2CFF3-9887-4445-8E43-FF6F323776A6}\ARPIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\1d04d29.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d05.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\1d04d05.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{48DDC543-0D8E-4367-A04E-405665C6070D} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI516A.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d09.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\1d04d1d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{47F4BC1B-055D-4B6A-87DC-686AD8E49837} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d14.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d15.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d20.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d24.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5544.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{9ECE9691-5C18-47E7-BC38-3A78E32BA47B} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d18.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{F3D911AB-9754-4EF5-B3C4-1060BA8B4B16} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d08.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d1d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIAD7B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI5A08.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\1d04d19.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\pyshellext.amd64.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\pyw.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d28.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE73C.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\1d04d09.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d0d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d11.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{90E2CFF3-9887-4445-8E43-FF6F323776A6}\ARPIcon | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{53DF49EB-7DDD-480C-8947-CCBD9E28F8E6} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\1d04d21.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIB972.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{90E2CFF3-9887-4445-8E43-FF6F323776A6} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d29.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\1d04d0d.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d1c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d25.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE6DD.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\1d04d11.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\1d04d15.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d19.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d2c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{198AE6B9-9F59-47C8-8147-65DEFBDA8AF4} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI6728.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{2DA27E5B-F889-4FD1-B168-DECC92E8A1CB} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE43D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\rescache\_merged\1910676589\1186399007.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{3E14D489-CB72-4198-AC28-B1256B64A158} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\1d04d21.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI89D4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIA973.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\py.exe | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Mfg | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0004 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0058 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Mfg | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 | C:\Windows\system32\svchost.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\ImmersiveControlPanel\SystemSettings.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 | C:\Windows\ImmersiveControlPanel\SystemSettings.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\ImmersiveControlPanel\SystemSettings.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\ | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055 | C:\Windows\system32\svchost.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\System32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\ImmersiveControlPanel\SystemSettings.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\ImmersiveControlPanel\SystemSettings.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\ImmersiveControlPanel\SystemSettings.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\System32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Windows\ImmersiveControlPanel\SystemSettings.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.ECApp_8wekyb3d8bbwe%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.CallingShellApp_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoftWindows.Client.CBS_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.BioEnrollment_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5Cmicrosoft.creddialoghost_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CParentalControls_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CImmersiveControlPanel%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.CloudExperienceHost_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.LockApp_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5Cmicrosoft.windows.narratorquickstart_8wekyb3d8bbwe%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.PeopleExperienceHost_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.XboxGameCallableUI_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.FilePicker_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Win32WebViewHost_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.ContentDeliveryManager_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.XGpuEjectDialog_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.AccountsControl_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.AppRep.ChxApp_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CWindows.CBSPreview_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.AppResolverUX_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CPrintDialog%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.FileExplorer_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.AsyncTextService_8wekyb3d8bbwe%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.Search_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CShellExperienceHost_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.AAD.BrokerPlugin_cw5n1h2txyewy%5Cresources.pri | C:\Windows\system32\compattelrunner.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Python.CompiledFile\shell | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DomStorageState | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\CE0A86B13DD4431548E03758B480361F | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1044" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "2864" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Installer\Dependencies\{2DA27E5B-F889-4FD1-B168-DECC92E8A1CB} | C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Python.File\shellex | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Python.NoConArchiveFile\shell | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\bing.com | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1077" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.pyzw | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{BEA218D2-6950-497B-9434-61683EC065FE} | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3FFC2E0978895444E834FFF62373676A\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1077" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1077" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Python.ArchiveFile | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Installer | C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Installer\Dependencies\{0E222A50-70D1-440A-BC74-10158262BC44} | C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Python.CompiledFile | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Installer\Dependencies\{198AE6B9-9F59-47C8-8147-65DEFBDA8AF4}\DisplayName = "Python 3.10.3 Executables (64-bit)" | C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Installer\Dependencies\{2DA27E5B-F889-4FD1-B168-DECC92E8A1CB}\Version = "3.10.3150.0" | C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "8844" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Installer\Dependencies\CPython-3.10\Version = "3.10.3150.0" | C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Python.File\Shell\editwithidle\MUIVerb = "&Edit with IDLE" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Python.NoConFile | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\.pyc | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pyo\ = "Python.CompiledFile" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "2864" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "4685" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "3810" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Python.ArchiveFile\shell\open\command | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Python.CompiledFile\shell\open | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1077" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3FFC2E0978895444E834FFF62373676A\ProductIcon = "C:\\Windows\\Installer\\{90E2CFF3-9887-4445-8E43-FF6F323776A6}\\ARPIcon" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1077" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Installer\Dependencies\{198AE6B9-9F59-47C8-8147-65DEFBDA8AF4}\Version = "3.10.3150.0" | C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Python.NoConFile\shell\open\command | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Python.NoConArchiveFile\DefaultIcon | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1044" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pyw\Content Type = "text/x-python" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\.pyd\ = "Python.Extension" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Python.NoConArchiveFile\shellex\DropHandler | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "9052" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Installer\Dependencies\{47F4BC1B-055D-4B6A-87DC-686AD8E49837}\Dependents | C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3FFC2E0978895444E834FFF62373676A\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "2864" | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Python.ArchiveFile\shell\open | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2403053463-4052593947-3703345493-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.search_cw5n1h2txyewy\Internet Explorer\DOMStorage | C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3FFC2E0978895444E834FFF62373676A\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Test.py
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa39544f50,0x7ffa39544f60,0x7ffa39544f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffa39544f50,0x7ffa39544f60,0x7ffa39544f70
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1584,13836367056779738415,9383613397410331532,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1596 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1928 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1584,13836367056779738415,9383613397410331532,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1988 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4440 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4540 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4568 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4696 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4540 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5716 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5852 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5940 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5728 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5844 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5852 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3956 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3816 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.DateAndTime
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\System32\shell32.dll,Control_RunDLL C:\Windows\System32\timedate.cpl
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:8
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4396 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3648 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2948 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2972 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3588 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2944 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3392 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2236 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3616 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2892 /prefetch:8
C:\Users\Admin\Downloads\python-3.10.3-amd64.exe
"C:\Users\Admin\Downloads\python-3.10.3-amd64.exe"
C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe
"C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.10.3-amd64.exe" -burn.filehandle.attached=560 -burn.filehandle.self=556
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3792 /prefetch:8
C:\Windows\Temp\{F97E91C2-DC29-4BA4-8F9A-F3AC593DA41A}\.be\python-3.10.3-amd64.exe
"C:\Windows\Temp\{F97E91C2-DC29-4BA4-8F9A-F3AC593DA41A}\.be\python-3.10.3-amd64.exe" -q -burn.elevated BurnPipe.{619E3FCF-C815-4299-90E6-4BB280DF627E} {316237C3-4E03-4045-A125-E42FAA1DC8B5} 2000
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4772 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2624 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2612 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4712 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s DsmSvc
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:8
C:\Windows\system32\compattelrunner.exe
C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding BA3D189CC71E7CB14AEE6776143767EA
C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe
"C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe" -E -s -m ensurepip -U --default-pip
C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe
C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe -W ignore::DeprecationWarning -c " import runpy import sys sys.path = ['C:\\Users\\Admin\\AppData\\Local\\Temp\\tmps34xqc6m\\setuptools-58.1.0-py3-none-any.whl', 'C:\\Users\\Admin\\AppData\\Local\\Temp\\tmps34xqc6m\\pip-22.0.4-py3-none-any.whl'] + sys.path sys.argv[1:] = ['install', '--no-cache-dir', '--no-index', '--find-links', 'C:\\Users\\Admin\\AppData\\Local\\Temp\\tmps34xqc6m', '--upgrade', 'setuptools', 'pip'] runpy.run_module(\"pip\", run_name=\"__main__\", alter_sys=True) "
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6476 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
C:\Users\Admin\AppData\Local\Programs\Python\Python310\pythonw.exe
"C:\Users\Admin\AppData\Local\Programs\Python\Python310\pythonw.exe" -c "import winreg; winreg.SetValueEx(winreg.CreateKey(winreg.HKEY_LOCAL_MACHINE, r'SYSTEM\CurrentControlSet\Control\FileSystem'), 'LongPathsEnabled', None, winreg.REG_DWORD, 1)"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8372 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8860 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9636 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9284 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8832 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9272 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10388 /prefetch:1
C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\48c6381d929b429998853e362bd8f31b /t 3580 /p 3540
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7792 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9552 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9544 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 184 -p 5920 -ip 5920
C:\Windows\py.exe
"C:\Windows\py.exe" "C:\Users\Admin\Downloads\Test.py"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5920 -s 4048
C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe
C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe "C:\Users\Admin\Downloads\Test.py"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6640 /prefetch:8
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 516 -p 3152 -ip 3152
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3152 -s 3948
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\py.exe
"C:\Windows\py.exe" "C:\Users\Admin\Downloads\Test.py"
C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe
C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe "C:\Users\Admin\Downloads\Test.py"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 5536 -ip 5536
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5536 -s 2632
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 480 -p 2856 -ip 2856
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2856 -s 3924
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 456 -p 5380 -ip 5380
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5380 -s 4020
C:\Windows\py.exe
"C:\Windows\py.exe" "C:\Users\Admin\Downloads\Test.py"
C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe
C:\Users\Admin\AppData\Local\Programs\Python\Python310\python.exe "C:\Users\Admin\Downloads\Test.py"
C:\Users\Admin\AppData\Local\Programs\Python\Python310\pythonw.exe
"C:\Users\Admin\AppData\Local\Programs\Python\Python310\pythonw.exe" -m idlelib "C:\Users\Admin\Downloads\Test.py"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 524 -p 3992 -ip 3992
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3992 -s 4400
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 528 -p 3880 -ip 3880
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3880 -s 4120
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 580 -p 3508 -ip 3508
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3508 -s 4128
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 452 -p 5352 -ip 5352
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5352 -s 4176
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 464 -p 5692 -ip 5692
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5692 -s 3928
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 472 -p 6008 -ip 6008
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 6008 -s 3992
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault65b84859hbe51h433eha76ah2045dfd3f8a2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa3f0446f8,0x7ffa3f044708,0x7ffa3f044718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5473358884075486545,17958046945897949375,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5473358884075486545,17958046945897949375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5473358884075486545,17958046945897949375,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=11656 /prefetch:8
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\0dd2b27e120c4154a4fc43c624b6f5b8 /t 3760 /p 3860
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4692 /prefetch:8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=976 /prefetch:8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5476 /prefetch:8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4864 /prefetch:8
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,7666855044337270177,2660865203344038143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5452 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | licensing.mp.microsoft.com | udp |
| US | 20.96.63.25:443 | licensing.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | storesdk.dsx.mp.microsoft.com | udp |
| NL | 104.80.225.205:443 | storesdk.dsx.mp.microsoft.com | tcp |
| US | 20.96.63.25:443 | licensing.mp.microsoft.com | tcp |
| US | 20.96.63.25:443 | licensing.mp.microsoft.com | tcp |
| US | 20.96.63.25:443 | licensing.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.msn.com | udp |
| US | 204.79.197.203:443 | api.msn.com | tcp |
| US | 8.238.20.254:80 | tcp | |
| US | 8.238.20.254:80 | tcp | |
| US | 8.238.20.254:80 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 172.217.168.237:443 | accounts.google.com | udp |
| NL | 142.250.179.174:443 | clients2.google.com | udp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| NL | 172.217.168.193:443 | clients2.googleusercontent.com | udp |
| NL | 172.217.168.193:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 142.250.179.142:443 | apis.google.com | tcp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 138.197.63.241:80 | python.org | tcp |
| US | 138.197.63.241:80 | tcp | |
| US | 138.197.63.241:443 | tcp | |
| NL | 142.251.39.99:80 | www.gstatic.com | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 138.197.63.241:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.163:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 142.250.179.163:443 | udp | |
| US | 138.197.63.241:443 | python.org | tcp |
| US | 138.197.63.241:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 151.101.36.223:443 | www.python.org | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 172.217.168.234:443 | ajax.googleapis.com | tcp |
| US | 188.114.96.0:443 | media.ethicalads.io | tcp |
| NL | 172.217.168.234:443 | udp | |
| NL | 142.251.39.104:443 | tcp | |
| US | 138.197.63.241:443 | console.python.org | tcp |
| IE | 52.215.192.132:443 | tcp | |
| NL | 142.251.39.104:443 | udp | |
| US | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.251.39.110:443 | sb-ssl.google.com | tcp |
| NL | 142.251.39.110:443 | udp | |
| NL | 142.250.179.163:443 | udp | |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 67.199.248.11:80 | bit.ly | tcp |
| US | 67.199.248.11:80 | tcp | |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| US | 13.107.21.200:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 204.79.197.222:443 | fp.msedge.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 152.199.19.161:443 | fp-vp-nocache.azureedge.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 13.107.6.254:443 | b-ring.msedge.net | tcp |
| US | 151.101.128.223:443 | pypi.org | tcp |
| US | 151.101.128.223:443 | tcp | |
| US | 151.101.2.91:443 | www.fastly-insights.com | tcp |
| US | 3.130.98.160:443 | tcp | |
| US | 3.130.98.160:443 | tcp | |
| US | 3.130.98.160:443 | tcp | |
| US | 3.130.98.160:443 | tcp | |
| US | 3.130.98.160:443 | tcp | |
| US | 3.130.98.160:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 151.101.66.91:443 | fastly-insights.com | tcp |
| NL | 151.101.38.91:443 | 65249bcc-5d0e-4ba8-a1e5-32b2a825e64e-pdata-v4.unique.k.fastly-insights.com | tcp |
| US | 151.101.130.91:443 | 65249bcc-5d0e-4ba8-a1e5-32b2a825e64e.eu.u.fastly-insights.com | tcp |
| IT | 151.101.242.91:443 | mxp-v4.pops.fastly-insights.com | tcp |
| DE | 151.101.14.91:443 | fra-v4.pops.fastly-insights.com | tcp |
| CO | 199.232.50.91:443 | bog-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| JP | 151.101.90.91:443 | itm-v4.pops.fastly-insights.com | tcp |
| NL | 151.101.38.91:443 | bare-v4.pops.fastly-insights.com | tcp |
| US | 151.101.114.91:443 | hhn-v4.pops.fastly-insights.com | tcp |
| GB | 199.232.58.91:443 | lon-v4.pops.fastly-insights.com | tcp |
| PH | 146.75.22.91:443 | mnl-v4.pops.fastly-insights.com | tcp |
| PH | 146.75.22.91:443 | tcp | |
| US | 151.101.2.67:443 | quic-v4.pops.fastly-insights.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 172.217.168.206:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 172.217.168.193:443 | clients2.googleusercontent.com | udp |
| US | 188.114.97.0:80 | tcp | |
| US | 188.114.97.0:80 | speedtest.org | tcp |
| US | 188.114.97.0:443 | speedtest.org | tcp |
| US | 104.16.18.94:443 | tcp | |
| US | 104.16.18.94:443 | tcp | |
| US | 52.216.10.93:443 | tcp | |
| NL | 52.222.137.28:443 | static.hotjar.com | tcp |
| US | 172.67.146.243:443 | www.speedcheckercdn.com | tcp |
| NL | 13.227.219.3:443 | script.hotjar.com | tcp |
| NL | 13.227.219.93:443 | vars.hotjar.com | tcp |
| NL | 216.58.208.98:443 | partner.googleadservices.com | tcp |
| US | 142.250.102.156:443 | udp | |
| NL | 142.251.39.97:443 | tpc.googlesyndication.com | tcp |
| NL | 142.251.39.97:443 | udp | |
| US | 52.216.10.93:443 | tcp | |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 151.101.194.219:443 | tcp | |
| US | 151.101.194.219:443 | tcp | |
| NL | 23.72.254.148:443 | zdstatic.speedtest.net | tcp |
| NL | 52.222.142.111:443 | c.amazon-adsystem.com | tcp |
| NL | 104.80.224.197:443 | tcp | |
| US | 151.101.2.219:443 | tcp | |
| NL | 184.29.194.19:443 | tcp | |
| NL | 52.222.142.111:443 | c.amazon-adsystem.com | tcp |
| NL | 216.58.208.98:443 | securepubads.g.doubleclick.net | tcp |
| NL | 216.58.208.98:443 | securepubads.g.doubleclick.net | tcp |
| FR | 46.105.202.126:443 | cdn.id5-sync.com | tcp |
| NL | 23.73.0.179:443 | cdn.static.zdbb.net | tcp |
| NL | 52.222.137.105:443 | sb.scorecardresearch.com | tcp |
| US | 3.210.49.210:443 | tcp | |
| NL | 216.58.208.98:443 | udp | |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| NL | 216.58.214.10:443 | content-autofill.googleapis.com | tcp |
| DE | 35.157.246.167:443 | tcp | |
| DE | 35.157.246.167:443 | tcp | |
| DE | 35.157.246.167:443 | c2shb.ssp.yahoo.com | tcp |
| DE | 35.157.246.167:443 | tcp | |
| DE | 35.157.246.167:443 | tcp | |
| IE | 79.125.2.154:443 | tcp | |
| NL | 23.0.250.243:443 | tcp | |
| NL | 213.19.162.61:443 | tcp | |
| NL | 213.19.162.61:443 | tcp | |
| NL | 213.19.162.61:443 | tcp | |
| NL | 213.19.162.61:443 | tcp | |
| NL | 213.19.162.61:443 | tcp | |
| NL | 185.64.189.112:443 | tcp | |
| DE | 37.252.172.38:443 | tcp | |
| DE | 37.252.172.38:443 | tcp | |
| US | 34.98.64.218:443 | tcp | |
| US | 34.228.209.86:443 | tcp | |
| NL | 142.251.39.110:443 | analytics.google.com | tcp |
| IE | 213.233.154.130:8080 | speedtest.vodafone.ie.prod.hosts.ooklaserver.net | tcp |
| IE | 50.7.5.4:8080 | lg-dub.fdcservers.net | tcp |
| IE | 193.95.147.42:8080 | roadrunner.cwt.btireland.net.prod.hosts.ooklaserver.net | tcp |
| IE | 85.91.4.65:8080 | speedtest.magnet.ie.prod.hosts.ooklaserver.net | tcp |
| US | 34.228.209.86:443 | tcp | |
| IE | 80.233.113.44:8080 | speedtest.three.ie.prod.hosts.ooklaserver.net | tcp |
| IE | 77.107.210.47:8080 | tcp | |
| IE | 80.93.16.26:8080 | speedtest.digiweb.ie.prod.hosts.ooklaserver.net | tcp |
| IE | 89.101.177.178:8080 | speedtest.iptel.co.prod.hosts.ooklaserver.net | tcp |
| IE | 83.71.124.105:8080 | ngaweb00.eircom.net.prod.hosts.ooklaserver.net | tcp |
| IE | 78.153.202.240:8080 | speedtest1.blacknight.ie.prod.hosts.ooklaserver.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 34.194.37.39:443 | tcp | |
| NL | 23.1.120.69:443 | tcp | |
| IE | 52.211.255.37:443 | tcp | |
| US | 151.101.2.133:443 | tcp | |
| NL | 104.80.225.228:443 | stags.bluekai.com | tcp |
| DE | 3.127.157.8:443 | tcp | |
| NL | 104.80.225.228:443 | stags.bluekai.com | tcp |
| IE | 52.17.188.72:443 | tcp | |
| NL | 52.222.137.100:443 | cdn-gl.imrworldwide.com | tcp |
| NL | 52.222.137.100:443 | cdn-gl.imrworldwide.com | tcp |
| IE | 52.30.46.140:443 | tcp | |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| NL | 142.250.179.193:443 | b5ae1b4dbcd77bd4000a19878a61112a.safeframe.googlesyndication.com | tcp |
| NL | 13.227.219.82:443 | dbzu21ke7qjbgmuzwavikeevvimf31647973271.nuid.imrworldwide.com | tcp |
| NL | 142.250.179.161:443 | tcp | |
| NL | 142.250.179.161:443 | tcp | |
| NL | 142.250.179.161:443 | tcp | |
| NL | 142.250.179.161:443 | tcp | |
| NL | 142.250.179.161:443 | tcp | |
| IE | 99.81.135.85:443 | tcp | |
| NL | 104.80.224.240:443 | tcp | |
| NL | 104.80.224.240:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 52.222.137.90:443 | static.adsafeprotected.com | tcp |
| US | 52.0.125.185:443 | tcp | |
| US | 52.0.125.185:443 | tcp | |
| US | 52.0.125.185:443 | tcp | |
| NL | 104.109.249.82:443 | sync.teads.tv | tcp |
| NL | 142.250.179.166:443 | s0.2mdn.net | tcp |
| NL | 142.250.179.166:443 | udp | |
| NL | 142.251.36.34:443 | googleads4.g.doubleclick.net | tcp |
| NL | 142.251.36.34:443 | udp | |
| NL | 23.2.211.147:443 | eus.rubiconproject.com | tcp |
| US | 151.101.1.108:443 | tcp | |
| NL | 142.251.39.110:443 | udp | |
| NL | 2.21.43.236:443 | tcp | |
| US | 13.107.246.52:443 | tcp | |
| US | 52.223.40.198:443 | tcp | |
| IE | 77.107.210.47:8080 | tcp | |
| IE | 99.80.137.87:443 | tcp | |
| IE | 52.31.243.45:443 | tcp | |
| IE | 52.31.233.74:443 | tcp | |
| NL | 198.47.127.19:443 | tcp | |
| US | 69.169.86.38:443 | tcp | |
| NL | 185.33.221.89:443 | tcp | |
| DE | 18.185.12.233:443 | tcp | |
| US | 64.74.236.255:443 | tcp | |
| US | 52.200.181.105:443 | tcp | |
| IE | 52.212.34.180:443 | tcp | |
| US | 34.232.92.67:443 | tcp | |
| US | 193.122.128.135:443 | tcp | |
| US | 169.197.150.7:443 | match.deepintent.com | tcp |
| US | 64.202.112.127:443 | tcp | |
| US | 69.169.85.7:443 | tcp | |
| IE | 63.35.139.163:443 | tcp | |
| CH | 185.29.132.241:443 | tcp | |
| US | 151.101.2.49:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 213.19.147.45:443 | tcp | |
| US | 198.148.27.140:443 | bh.contextweb.com | tcp |
| IE | 54.216.63.116:443 | tcp | |
| US | 67.202.105.23:443 | ssc-cms.33across.com | tcp |
| DE | 3.125.70.222:443 | tcp | |
| US | 67.202.105.32:443 | de.tynt.com | tcp |
| NL | 185.33.221.89:443 | tcp | |
| NL | 23.2.211.147:443 | secure-assets.rubiconproject.com | tcp |
| NL | 213.19.162.80:443 | tcp | |
| DE | 18.195.155.181:443 | tcp | |
| JP | 124.146.215.49:443 | tcp | |
| NL | 185.184.8.65:443 | creativecdn.com | tcp |
| DE | 18.195.155.181:443 | tcp | |
| FR | 185.86.139.104:443 | ssbsync.smartadserver.com | tcp |
| IE | 77.107.210.47:8080 | tcp | |
| IE | 80.93.16.26:8080 | speedtest.digiweb.ie.prod.hosts.ooklaserver.net | tcp |
| IE | 78.153.202.240:8080 | speedtest1.blacknight.ie.prod.hosts.ooklaserver.net | tcp |
| IE | 50.7.5.4:8080 | lg-dub.fdcservers.net | tcp |
| DE | 3.64.119.154:443 | tcp | |
| IE | 77.107.210.47:8080 | tcp | |
| US | 67.202.105.24:443 | pixel.33across.com | tcp |
| DE | 51.89.9.254:443 | onetag-sys.com | tcp |
| IE | 80.93.16.26:8080 | speedtest.digiweb.ie.prod.hosts.ooklaserver.net | tcp |
| NL | 104.80.228.240:443 | tcp | |
| DE | 18.195.155.181:443 | tcp | |
| IE | 77.107.210.47:8080 | tcp | |
| IE | 77.107.210.47:8080 | tcp | |
| IE | 80.93.16.26:8080 | speedtest.digiweb.ie.prod.hosts.ooklaserver.net | tcp |
| IE | 80.93.16.26:8080 | speedtest.digiweb.ie.prod.hosts.ooklaserver.net | tcp |
| IE | 78.153.202.240:8080 | speedtest1.blacknight.ie.prod.hosts.ooklaserver.net | tcp |
| IE | 78.153.202.240:8080 | speedtest1.blacknight.ie.prod.hosts.ooklaserver.net | tcp |
| IE | 50.7.5.4:8080 | lg-dub.fdcservers.net | tcp |
| IE | 50.7.5.4:8080 | lg-dub.fdcservers.net | tcp |
| US | 64.74.236.255:443 | tcp | |
| US | 209.54.177.54:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 64.202.112.127:443 | tcp | |
| IE | 18.203.96.202:443 | sync.crwdcntrl.net | tcp |
| US | 192.132.33.46:443 | tcp | |
| NL | 72.251.249.14:443 | ce.lijit.com | tcp |
| IE | 78.153.202.240:8080 | speedtest1.blacknight.ie.prod.hosts.ooklaserver.net | tcp |
| DE | 18.195.155.181:443 | tcp | |
| NL | 216.52.2.48:443 | ap.lijit.com | tcp |
| NL | 193.0.160.128:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| IE | 77.107.210.47:8080 | tcp | |
| IE | 50.7.5.4:8080 | lg-dub.fdcservers.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 178.162.133.149:443 | sync.go.sonobi.com | tcp |
| US | 147.75.38.124:443 | prebid.a-mo.net | tcp |
| DE | 18.156.0.31:443 | ups.analytics.yahoo.com | tcp |
| US | 145.40.89.200:443 | tcp | |
| DE | 18.156.0.31:443 | ups.analytics.yahoo.com | tcp |
| IE | 80.93.16.26:8080 | speedtest.digiweb.ie.prod.hosts.ooklaserver.net | tcp |
| IE | 78.153.202.240:8080 | speedtest1.blacknight.ie.prod.hosts.ooklaserver.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| IE | 50.7.5.4:8080 | lg-dub.fdcservers.net | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| IE | 52.31.243.45:443 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| US | 54.159.218.116:443 | rtb.adentifi.com | tcp |
| NL | 169.50.137.182:443 | um.simpli.fi | tcp |
| NL | 104.80.224.240:443 | tcp | |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 169.50.137.182:443 | um.simpli.fi | tcp |
| US | 54.159.218.116:443 | rtb.adentifi.com | tcp |
| IE | 77.107.210.47:8080 | tcp | |
| DK | 37.157.4.23:443 | tcp | |
| NL | 142.250.179.162:443 | tcp | |
| DK | 37.157.4.23:443 | tcp | |
| DE | 37.252.172.38:443 | tcp | |
| FR | 141.94.170.77:443 | pixel.onaudience.com | tcp |
| NL | 142.250.179.162:443 | tcp | |
| DE | 91.228.74.226:443 | tcp | |
| NL | 46.228.164.11:443 | ad.turn.com | tcp |
| NL | 159.65.197.210:443 | match.adsby.bidtheatre.com | tcp |
| NL | 89.207.16.137:443 | tcp | |
| SE | 213.155.156.165:443 | d5p.de17a.com | tcp |
| NL | 142.250.179.162:443 | tcp | |
| NL | 178.250.2.151:443 | dis.criteo.com | tcp |
| DE | 85.114.159.118:443 | tcp | |
| IE | 52.31.243.45:443 | tcp | |
| DE | 23.88.75.189:443 | csync.loopme.me | tcp |
| GB | 185.64.190.80:443 | tcp | |
| US | 198.148.27.140:443 | bh.contextweb.com | tcp |
| NL | 142.250.179.162:443 | udp | |
| US | 96.46.186.59:443 | ads.betweendigital.com | tcp |
| NL | 198.47.127.20:443 | tcp | |
| NL | 198.47.127.20:443 | tcp | |
| NL | 185.64.189.110:443 | tcp | |
| IE | 77.107.210.47:8080 | tcp | |
| IE | 77.107.210.47:8080 | tcp | |
| IE | 77.107.210.47:8080 | tcp | |
| IE | 77.107.210.47:8080 | tcp | |
| US | 8.8.8.8:53 | dns.google | udp |
| IE | 77.107.210.47:8080 | tcp | |
| FR | 141.94.170.77:443 | pixel.onaudience.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| FR | 185.86.137.110:443 | rtb-csync.smartadserver.com | tcp |
| FR | 185.86.137.110:443 | rtb-csync.smartadserver.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 23.222.19.168:443 | tags.bluekai.com | tcp |
| NL | 23.222.19.168:443 | tags.bluekai.com | tcp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.251.39.110:443 | udp | |
| NL | 216.58.214.10:443 | udp | |
| US | 169.197.150.7:443 | match.deepintent.com | tcp |
| DE | 52.58.249.203:443 | tcp | |
| US | 38.27.122.101:443 | tcp | |
| DE | 37.252.172.38:443 | tcp | |
| NL | 23.0.250.243:443 | tcp | |
| DE | 35.157.246.167:443 | c2shb.ssp.yahoo.com | tcp |
| DE | 37.252.172.38:443 | tcp | |
| NL | 216.58.208.98:443 | udp | |
| US | 34.232.92.67:443 | tcp | |
| US | 35.227.208.19:443 | cr.frontend.weborama.fr | tcp |
| NL | 142.251.39.97:443 | udp | |
| DK | 37.157.2.239:443 | tcp | |
| US | 151.101.1.229:443 | cdn.jsdelivr.net | tcp |
| NL | 142.250.179.161:443 | udp | |
| NL | 216.58.208.98:443 | udp | |
| DK | 37.157.2.247:443 | tcp | |
| DE | 195.201.152.90:443 | tcp | |
| NL | 213.19.162.37:443 | tcp | |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| IE | 54.239.37.45:443 | tcp | |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| NL | 213.19.162.80:443 | pixel.rubiconproject.com | tcp |
| NL | 142.250.179.166:443 | udp | |
| NL | 172.217.168.234:443 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 13.107.6.254:443 | b-ring.msedge.net | tcp |
| DK | 37.157.2.247:443 | tcp | |
| US | 216.239.38.117:443 | beacons2.gvt2.com | tcp |
| US | 216.239.38.117:443 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 3.220.57.224:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 104.23.99.190:443 | pastebin.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 13.107.6.254:443 | b-ring.msedge.net | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 3.220.57.224:443 | api.ipify.org | tcp |
| US | 104.23.99.190:443 | pastebin.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 13.107.6.254:443 | b-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 13.107.6.254:443 | b-ring.msedge.net | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 13.107.6.254:443 | b-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 3.220.57.224:443 | api.ipify.org | tcp |
| AU | 34.129.38.245:443 | e2c11.gcp.gvt2.com | tcp |
| US | 104.23.99.190:443 | pastebin.com | tcp |
| AU | 34.129.38.245:443 | tcp | |
| US | 162.159.128.233:443 | discord.com | tcp |
| NL | 172.217.168.227:443 | beacons.gvt2.com | tcp |
| NL | 172.217.168.227:443 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 13.107.6.254:443 | b-ring.msedge.net | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 13.107.6.254:443 | b-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 23.0.87.20:443 | cxcs.microsoft.net | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 13.107.6.254:443 | b-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 13.107.6.254:443 | b-ring.msedge.net | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 13.107.6.254:443 | b-ring.msedge.net | tcp |
| US | 204.79.197.200:443 | www.bing.com | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 152.199.19.161:443 | fp-vs.azureedge.net | tcp |
| US | 13.107.6.254:443 | b-ring.msedge.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| IE | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| NL | 20.73.130.64:443 | smartscreen-prod.microsoft.com | tcp |
| NL | 20.73.130.64:443 | smartscreen-prod.microsoft.com | tcp |
| NL | 20.73.130.64:443 | smartscreen-prod.microsoft.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.147:443 | udp | |
| NL | 142.250.179.147:443 | udp | |
| NL | 142.250.179.147:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 172.217.168.227:443 | udp | |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.8.8:443 | dns.google | udp |
| DK | 37.157.2.236:443 | tcp | |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | udp | |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.163:443 | tcp | |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 107.178.242.165:443 | beacons.gcp.gvt2.com | tcp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| NL | 142.250.179.163:443 | udp | |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| NL | 142.250.179.163:443 | udp | |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
Files
memory/2304-134-0x000001B57DB60000-0x000001B57DB70000-memory.dmp
memory/2304-135-0x000001B57E460000-0x000001B57E470000-memory.dmp
memory/2304-136-0x000001B57E7C0000-0x000001B57E7C4000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 821c1122f0d1d5d9da13bb3a9b2bbe19 |
| SHA1 | f571758a82487d499a3a594073d5d03860002a97 |
| SHA256 | 496c5a4bf9c2b9f82d5eed099129e60fd705da43a30511b7f7ac1c02513013d0 |
| SHA512 | 06b00209546e4f13b569191dfc36334c114e0a4b6bc4375e18b4927360e47582900694a10f8de7914ca20090ddc5a688d0907a054579ae961d572c3b5c2b2a38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 821c1122f0d1d5d9da13bb3a9b2bbe19 |
| SHA1 | f571758a82487d499a3a594073d5d03860002a97 |
| SHA256 | 496c5a4bf9c2b9f82d5eed099129e60fd705da43a30511b7f7ac1c02513013d0 |
| SHA512 | 06b00209546e4f13b569191dfc36334c114e0a4b6bc4375e18b4927360e47582900694a10f8de7914ca20090ddc5a688d0907a054579ae961d572c3b5c2b2a38 |
\??\pipe\crashpad_2704_RLGNCVMUMRSOWKZS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\crashpad_2588_XCLHPNMANBJLFWRG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | 821c1122f0d1d5d9da13bb3a9b2bbe19 |
| SHA1 | f571758a82487d499a3a594073d5d03860002a97 |
| SHA256 | 496c5a4bf9c2b9f82d5eed099129e60fd705da43a30511b7f7ac1c02513013d0 |
| SHA512 | 06b00209546e4f13b569191dfc36334c114e0a4b6bc4375e18b4927360e47582900694a10f8de7914ca20090ddc5a688d0907a054579ae961d572c3b5c2b2a38 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 92db333673e76da2820e3dce30b2b67e |
| SHA1 | ec2be0e499b5ae538d696abd0abc6a6a158d3e81 |
| SHA256 | f0d1f8aa33f0ab94bb8ab3a5039a691935f72f507a91ca38d2eecf096b4c6376 |
| SHA512 | edeee7f24cbaaae33f7965bfee4fb24f0bcb90f80770bd852540beb11b014736edd63ebfa2481f277e0542c2e4c76450b6103d7fb243e0e3bfd306231acf5efc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\chrome_BITS_2704_1446996795\gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.34.0_all_acb7qksdc2wjznjioir7p6lt3dwq.crx3
| MD5 | c919be360bcc277412b08aaf36831db4 |
| SHA1 | 7c33e8f1f9b245aec0e0e4168a54350615f52d9d |
| SHA256 | 93823a4e71e764b932ee22dfcf84c24429867a440c5e480e55be527ac30de1ae |
| SHA512 | aa82748a902db51d80c6b4c0395d108e1067693d3ef031f599be6f7567bb80d2e76d66932c2e85a6708533e6d1fbbe45c514275be98069fbe887039037038a2c |
C:\Users\Admin\Downloads\python-3.10.3-amd64.exe
| MD5 | 9ea305690dbfd424a632b6a659347c1e |
| SHA1 | ebe0abda063d772ff812a2f07e7acccf52d7cd6b |
| SHA256 | 48aea4b9f6315a6544f82480b2caf1e29fd6687abb5b756930ad98a1e9b9a847 |
| SHA512 | 7bbacee4fbe785597116edc93daf8ddbf52ccf6fb4806f90be8675149407b7853ca90315f79f8ef54aac7377666055611efb8a425f61ff2fce6af611d4a806b5 |
C:\Users\Admin\Downloads\python-3.10.3-amd64.exe
| MD5 | 9ea305690dbfd424a632b6a659347c1e |
| SHA1 | ebe0abda063d772ff812a2f07e7acccf52d7cd6b |
| SHA256 | 48aea4b9f6315a6544f82480b2caf1e29fd6687abb5b756930ad98a1e9b9a847 |
| SHA512 | 7bbacee4fbe785597116edc93daf8ddbf52ccf6fb4806f90be8675149407b7853ca90315f79f8ef54aac7377666055611efb8a425f61ff2fce6af611d4a806b5 |
C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe
| MD5 | 12975d7249f9c5df0820b0a9ef3a7ea7 |
| SHA1 | 1148bcf4bfe56455e275e044b815fd2d41955f9a |
| SHA256 | fd088482a4d7dcd1f3bea7a12e47d8474fc1699f164e538e5d2d5d56fe4fe38f |
| SHA512 | d5f7145ce1132b147319266806e6897fbaa18dad7140e4e453ddde89cf7610d529229d77fb55491e82fce375b077cde21a1636d9c1942baa12b65e27a681cf8e |
C:\Windows\Temp\{4039F549-C230-40C0-841C-DCD6EA8B918D}\.cr\python-3.10.3-amd64.exe
| MD5 | 12975d7249f9c5df0820b0a9ef3a7ea7 |
| SHA1 | 1148bcf4bfe56455e275e044b815fd2d41955f9a |
| SHA256 | fd088482a4d7dcd1f3bea7a12e47d8474fc1699f164e538e5d2d5d56fe4fe38f |
| SHA512 | d5f7145ce1132b147319266806e6897fbaa18dad7140e4e453ddde89cf7610d529229d77fb55491e82fce375b077cde21a1636d9c1942baa12b65e27a681cf8e |
C:\Users\Admin\AppData\Local\Temp\chrome_BITS_2704_886969075\obedbbhbpmojnkanicioggnmelmoomoc_20220222.432047118_all_ENUS500000_hbwjwk7bommr565nn72etjdnwe.crx3
| MD5 | a75cd4f42d1c9dbdaf22b31e06c0fe44 |
| SHA1 | dfea9712224315d809cf432b1d84128dfa11ada5 |
| SHA256 | 191e8d0245ef4a9e9fac8966c175ae9b3943d70cfe949de9e33d3c6a19b7c840 |
| SHA512 | d7b54e94a2a42697a7b25fb287fae12d7342acde89a482dd00c37edbe5234f2c8f899732dd519a0fdff15c1f04cb21bbd618e78df4102e61878aad22a8826449 |
C:\Windows\Temp\{F97E91C2-DC29-4BA4-8F9A-F3AC593DA41A}\.ba\PythonBA.dll
| MD5 | f0de7f1a8fcc825d5d32cf804e44a0dc |
| SHA1 | 35bdc53a3782e3f820c2ebd715009fb6a328cc3b |
| SHA256 | e9f560f381826f2ada40d1e9d422601b4e35fe293940be29e631be11e1c34c7a |
| SHA512 | dcb83fa0734614232ca0ff8c1cefadaf4902a0c945f793675afb7b08d0e594f71dfc643bbbd0c37c569be1cee7437b5b6aabe8859190654b2d99d61a2d446c7b |
C:\Windows\Temp\{F97E91C2-DC29-4BA4-8F9A-F3AC593DA41A}\.be\python-3.10.3-amd64.exe
| MD5 | 12975d7249f9c5df0820b0a9ef3a7ea7 |
| SHA1 | 1148bcf4bfe56455e275e044b815fd2d41955f9a |
| SHA256 | fd088482a4d7dcd1f3bea7a12e47d8474fc1699f164e538e5d2d5d56fe4fe38f |
| SHA512 | d5f7145ce1132b147319266806e6897fbaa18dad7140e4e453ddde89cf7610d529229d77fb55491e82fce375b077cde21a1636d9c1942baa12b65e27a681cf8e |
C:\Windows\Temp\{F97E91C2-DC29-4BA4-8F9A-F3AC593DA41A}\.be\python-3.10.3-amd64.exe
| MD5 | 12975d7249f9c5df0820b0a9ef3a7ea7 |
| SHA1 | 1148bcf4bfe56455e275e044b815fd2d41955f9a |
| SHA256 | fd088482a4d7dcd1f3bea7a12e47d8474fc1699f164e538e5d2d5d56fe4fe38f |
| SHA512 | d5f7145ce1132b147319266806e6897fbaa18dad7140e4e453ddde89cf7610d529229d77fb55491e82fce375b077cde21a1636d9c1942baa12b65e27a681cf8e |
memory/3152-163-0x0000028A77768000-0x0000028A77770000-memory.dmp
memory/2304-204-0x000001B57ED10000-0x000001B57ED14000-memory.dmp
memory/2304-205-0x000001B57ED00000-0x000001B57ED01000-memory.dmp
memory/2304-206-0x000001B57E7F0000-0x000001B57E7F4000-memory.dmp
memory/2304-207-0x000001B57E7E0000-0x000001B57E7E1000-memory.dmp
memory/2304-208-0x000001B57E7E0000-0x000001B57E7E4000-memory.dmp
memory/2304-209-0x000001B57E6E0000-0x000001B57E6E1000-memory.dmp
memory/4604-216-0x00007FFA564B0000-0x00007FFA564B1000-memory.dmp
memory/5416-221-0x0000026357F50000-0x0000026357F54000-memory.dmp
memory/5416-222-0x0000026358240000-0x0000026358244000-memory.dmp
memory/5416-223-0x0000026358230000-0x0000026358231000-memory.dmp
memory/5416-224-0x0000026357F80000-0x0000026357F84000-memory.dmp
memory/5416-225-0x0000026357F70000-0x0000026357F71000-memory.dmp
memory/5416-226-0x0000026357F70000-0x0000026357F74000-memory.dmp
memory/5416-227-0x0000026357E70000-0x0000026357E71000-memory.dmp
memory/2344-230-0x0000017EB2600000-0x0000017EB2604000-memory.dmp
memory/2344-231-0x0000017EB2900000-0x0000017EB2904000-memory.dmp
memory/2344-232-0x0000017EB28F0000-0x0000017EB28F1000-memory.dmp
memory/2344-233-0x0000017EB2630000-0x0000017EB2634000-memory.dmp
memory/2344-234-0x0000017EB2620000-0x0000017EB2621000-memory.dmp
memory/2344-235-0x0000017EB2620000-0x0000017EB2624000-memory.dmp
memory/2344-236-0x0000017EB0320000-0x0000017EB0321000-memory.dmp
memory/2652-239-0x000001D9547E0000-0x000001D9547E4000-memory.dmp
memory/2652-240-0x000001D956D40000-0x000001D956D44000-memory.dmp
memory/2652-241-0x000001D956D30000-0x000001D956D31000-memory.dmp
memory/2652-242-0x000001D956A70000-0x000001D956A74000-memory.dmp
memory/2652-243-0x000001D956A60000-0x000001D956A61000-memory.dmp
memory/2652-244-0x000001D956A60000-0x000001D956A64000-memory.dmp
memory/2652-245-0x000001D954760000-0x000001D954761000-memory.dmp
memory/1984-248-0x000001B70AEF0000-0x000001B70AEF4000-memory.dmp
memory/1984-249-0x000001B70B1F0000-0x000001B70B1F4000-memory.dmp
memory/1984-250-0x000001B70B1E0000-0x000001B70B1E1000-memory.dmp
memory/1984-251-0x000001B70AF20000-0x000001B70AF24000-memory.dmp
memory/1984-252-0x000001B70AF10000-0x000001B70AF11000-memory.dmp
memory/1984-253-0x000001B70AF10000-0x000001B70AF14000-memory.dmp
memory/1984-254-0x000001B70AE10000-0x000001B70AE11000-memory.dmp
memory/3880-257-0x000001C461860000-0x000001C461864000-memory.dmp
memory/3880-258-0x000001C461B60000-0x000001C461B64000-memory.dmp
memory/3880-259-0x000001C461B50000-0x000001C461B51000-memory.dmp
memory/3880-260-0x000001C461890000-0x000001C461894000-memory.dmp
memory/3880-261-0x000001C461880000-0x000001C461881000-memory.dmp
memory/3880-262-0x000001C461880000-0x000001C461884000-memory.dmp
memory/3880-263-0x000001C45F580000-0x000001C45F581000-memory.dmp
memory/6096-266-0x0000021231F10000-0x0000021231F14000-memory.dmp
memory/6096-267-0x0000021232200000-0x0000021232204000-memory.dmp
memory/6096-268-0x00000212321F0000-0x00000212321F1000-memory.dmp
memory/6096-269-0x0000021231F40000-0x0000021231F44000-memory.dmp
memory/6096-270-0x0000021231F30000-0x0000021231F31000-memory.dmp