Analysis Overview
SHA256
721c6344039504a039421662f0c681147aa140f3ee5598ce17491ec60cd21dab
Threat Level: Known bad
The file 721c6344039504a039421662f0c681147aa140f3ee5598ce17491ec60cd21dab was found to be: Known bad.
Malicious Activity Summary
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
Socelars payload
Process spawned unexpected child process
Detects LgoogLoader payload
LgoogLoader
Socelars
Detect rhadamanthys stealer shellcode
GCleaner
Checks for common network interception software
Drops file in Drivers directory
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
VMProtect packed file
Reads user/profile data of web browsers
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Drops file in Program Files directory
Program crash
Enumerates physical storage devices
Modifies registry class
Kills process with taskkill
Checks SCSI registry key(s)
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Script User-Agent
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Modifies system certificate store
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-02-20 15:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-02-20 15:05
Reported
2023-02-20 15:07
Platform
win10v2004-20220812-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Detect rhadamanthys stealer shellcode
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects LgoogLoader payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
GCleaner
LgoogLoader
Process spawned unexpected child process
| Description | Indicator | Process | Target |
| Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process | N/A | C:\Windows\system32\rundll32.exe |
Rhadamanthys
Socelars
Socelars payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 5884 created 2572 | N/A | C:\Users\Admin\AppData\Local\Temp\bnsmcmqt.cce\JavHa.exe | C:\Windows\system32\taskhostw.exe |
Checks for common network interception software
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\system32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\is-51GG0.tmp\fITNESS.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\05-4e150-b47-68482-9e158ca281ed9\Legesyshuky.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\5mvu5fve.dne\chenp.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\4isivvca.2fg\gcleaner.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-51GG0.tmp\fITNESS.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-DBFQ0.tmp\721c6344039504a039421662f0c681147aa140f3ee5598ce17491ec60cd21dab.tmp | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\bnsmcmqt.cce\JavHa.exe | N/A |
Reads user/profile data of web browsers
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\system recover = "\"C:\\Program Files (x86)\\Microsoft\\Husilalego.exe\"" | C:\Users\Admin\AppData\Local\Temp\is-51GG0.tmp\fITNESS.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Suspicious use of NtSetInformationThreadHideFromDebugger
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\fontview.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\fontview.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\fontview.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5884 set thread context of 7000 | N/A | C:\Users\Admin\AppData\Local\Temp\bnsmcmqt.cce\JavHa.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Husilalego.exe.config | C:\Users\Admin\AppData\Local\Temp\is-51GG0.tmp\fITNESS.exe | N/A |
| File created | C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js | C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c6b4faef-7137-4540-ae7b-c101c172f05f.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File created | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6312_759168882\ChromeRecoveryCRX.crx | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File created | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6312_759168882\ChromeRecovery.exe | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File created | C:\Program Files (x86)\Microsoft\Husilalego.exe | C:\Users\Admin\AppData\Local\Temp\is-51GG0.tmp\fITNESS.exe | N/A |
| File created | C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png | C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe | N/A |
| File created | C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js | C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe | N/A |
| File created | C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json | C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe | N/A |
| File opened for modification | C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js | C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe | N/A |
| File created | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6312_759168882\manifest.json | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File created | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6312_759168882\_metadata\verified_contents.json | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6312_759168882\_metadata\verified_contents.json | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File created | C:\Program Files\Windows Defender\CVKZAARXXP\poweroff.exe | C:\Users\Admin\AppData\Local\Temp\is-51GG0.tmp\fITNESS.exe | N/A |
| File created | C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html | C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe | N/A |
| File created | C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js | C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe | N/A |
| File created | C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js | C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230220160545.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6312_759168882\ChromeRecovery.exe | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
| File created | C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js | C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe | N/A |
| File created | C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js | C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6312_759168882\manifest.json | C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\SysWOW64\fontview.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\SysWOW64\fontview.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\SysWOW64\fontview.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Windows\SysWOW64\fontview.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID | C:\Windows\SysWOW64\fontview.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Temp\05-4e150-b47-68482-9e158ca281ed9\Legesyshuky.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Temp\05-4e150-b47-68482-9e158ca281ed9\Legesyshuky.exe | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5mvu5fve.dne\chenp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5mvu5fve.dne\chenp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5mvu5fve.dne\chenp.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\5mvu5fve.dne\chenp.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
C:\Users\Admin\AppData\Local\Temp\721c6344039504a039421662f0c681147aa140f3ee5598ce17491ec60cd21dab.exe
"C:\Users\Admin\AppData\Local\Temp\721c6344039504a039421662f0c681147aa140f3ee5598ce17491ec60cd21dab.exe"
C:\Users\Admin\AppData\Local\Temp\is-DBFQ0.tmp\721c6344039504a039421662f0c681147aa140f3ee5598ce17491ec60cd21dab.tmp
"C:\Users\Admin\AppData\Local\Temp\is-DBFQ0.tmp\721c6344039504a039421662f0c681147aa140f3ee5598ce17491ec60cd21dab.tmp" /SL5="$C003E,140559,56832,C:\Users\Admin\AppData\Local\Temp\721c6344039504a039421662f0c681147aa140f3ee5598ce17491ec60cd21dab.exe"
C:\Users\Admin\AppData\Local\Temp\is-51GG0.tmp\fITNESS.exe
"C:\Users\Admin\AppData\Local\Temp\is-51GG0.tmp\fITNESS.exe" /S /UID=95
C:\Users\Admin\AppData\Local\Temp\85-67870-69c-3f0b0-4d45c9be7505e\Legesyshuky.exe
"C:\Users\Admin\AppData\Local\Temp\85-67870-69c-3f0b0-4d45c9be7505e\Legesyshuky.exe"
C:\Users\Admin\AppData\Local\Temp\05-4e150-b47-68482-9e158ca281ed9\Legesyshuky.exe
"C:\Users\Admin\AppData\Local\Temp\05-4e150-b47-68482-9e158ca281ed9\Legesyshuky.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.profitabletrustednetwork.com/e2q8zu9hu?key=a971bbe4a40a7216a1a87d8f455f71e6
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff237046f8,0x7fff23704708,0x7fff23704718
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\4isivvca.2fg\gcleaner.exe /mixfive & exit
C:\Users\Admin\AppData\Local\Temp\4isivvca.2fg\gcleaner.exe
C:\Users\Admin\AppData\Local\Temp\4isivvca.2fg\gcleaner.exe /mixfive
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4280 -ip 4280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 452
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe & exit
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe
C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4280 -ip 4280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 764
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\5mvu5fve.dne\chenp.exe & exit
C:\Users\Admin\AppData\Local\Temp\5mvu5fve.dne\chenp.exe
C:\Users\Admin\AppData\Local\Temp\5mvu5fve.dne\chenp.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 4280 -ip 4280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 772
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4932 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4280 -ip 4280
C:\Users\Admin\AppData\Local\Temp\5mvu5fve.dne\chenp.exe
"C:\Users\Admin\AppData\Local\Temp\5mvu5fve.dne\chenp.exe" -h
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 796
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\v2hvjhmn.mix\pb1117.exe & exit
C:\Windows\SysWOW64\cmd.exe
cmd.exe /c taskkill /f /im chrome.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im chrome.exe
C:\Users\Admin\AppData\Local\Temp\v2hvjhmn.mix\pb1117.exe
C:\Users\Admin\AppData\Local\Temp\v2hvjhmn.mix\pb1117.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 4280 -ip 4280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 824
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\bnsmcmqt.cce\JavHa.exe & exit
C:\Users\Admin\AppData\Local\Temp\bnsmcmqt.cce\JavHa.exe
C:\Users\Admin\AppData\Local\Temp\bnsmcmqt.cce\JavHa.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4280 -ip 4280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 852
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /k C:\Users\Admin\AppData\Local\Temp\dvlxwzp3.l0w\360.exe & exit
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\db.dll",open
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\db.dll",open
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 6064 -ip 6064
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4280 -ip 4280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 600
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 844
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 4280 -ip 4280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 1220
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c taskkill /im "gcleaner.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\4isivvca.2fg\gcleaner.exe" & exit
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4280 -ip 4280
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 1376
C:\Windows\SysWOW64\taskkill.exe
taskkill /im "gcleaner.exe" /f
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff21874f50,0x7fff21874f60,0x7fff21874f70
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5224 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1624 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2008 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2356 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2868 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
C:\Windows\SysWOW64\fontview.exe
"C:\Windows\SYSWOW64\fontview.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6e77a5460,0x7ff6e77a5470,0x7ff6e77a5480
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4724 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4720 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5000 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5656 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5448 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5944 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5884 -ip 5884
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 492
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 5884 -ip 5884
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 820
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2676 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1356 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4100 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,621872606042804491,3820603236457454230,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2316 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1600,953970384965647837,3147880118936200041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:8
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6312_759168882\ChromeRecovery.exe
"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir6312_759168882\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={add96de2-f27a-4e61-9be5-88f1345b22aa} --system
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | s3.eu-central-1.wasabisys.com | udp |
| NL | 130.117.252.28:80 | s3.eu-central-1.wasabisys.com | tcp |
| US | 8.8.8.8:53 | connectini.net | udp |
| GB | 37.230.138.123:443 | connectini.net | tcp |
| US | 8.8.8.8:53 | s3.eu-central-1.wasabisys.com | udp |
| US | 8.8.8.8:53 | wewewe.s3.eu-central-1.amazonaws.com | udp |
| US | 8.8.8.8:53 | n8w5.c12.e2-1.dev | udp |
| NL | 130.117.252.11:443 | s3.eu-central-1.wasabisys.com | tcp |
| DE | 52.219.72.85:443 | wewewe.s3.eu-central-1.amazonaws.com | tcp |
| NL | 130.117.252.11:443 | s3.eu-central-1.wasabisys.com | tcp |
| US | 8.8.8.8:53 | 360devtracking.com | udp |
| GB | 37.230.138.66:80 | 360devtracking.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| NL | 142.251.39.100:80 | www.google.com | tcp |
| US | 8.8.8.8:53 | connectini.net | udp |
| GB | 37.230.138.123:443 | connectini.net | tcp |
| GB | 37.230.138.123:443 | connectini.net | tcp |
| GB | 37.230.138.66:80 | 360devtracking.com | tcp |
| NL | 45.12.253.74:80 | 45.12.253.74 | tcp |
| US | 8.8.8.8:53 | iplogger.org | udp |
| DE | 148.251.234.83:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | htagzdownload.pw | udp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| US | 8.8.8.8:53 | www.wohilife.com | udp |
| US | 104.21.38.254:80 | www.wohilife.com | tcp |
| US | 8.8.8.8:53 | www.countlist.top | udp |
| US | 8.8.8.8:53 | a.dowgmua.com | udp |
| US | 188.114.97.0:443 | a.dowgmua.com | tcp |
| US | 8.8.8.8:53 | www.ippfinfo.top | udp |
| DE | 178.18.252.110:443 | www.ippfinfo.top | tcp |
| US | 8.8.8.8:53 | b.dowgmub.com | udp |
| US | 104.21.70.228:443 | b.dowgmub.com | tcp |
| US | 8.8.8.8:53 | www.profitabletrustednetwork.com | udp |
| US | 8.8.8.8:53 | ocsp.trust-provider.cn | udp |
| US | 173.233.137.52:443 | www.profitabletrustednetwork.com | tcp |
| US | 173.233.137.52:443 | www.profitabletrustednetwork.com | tcp |
| NL | 47.246.48.208:80 | ocsp.trust-provider.cn | tcp |
| BE | 2.17.107.98:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | grt.eiwaggee.com | udp |
| US | 188.114.96.0:443 | grt.eiwaggee.com | tcp |
| DE | 148.251.234.83:443 | iplogger.org | tcp |
| US | 8.8.8.8:53 | simplewebanalysis.com | udp |
| IN | 35.154.34.168:443 | simplewebanalysis.com | tcp |
| US | 8.8.8.8:53 | aribberoviromy.com | udp |
| NL | 85.17.80.5:443 | aribberoviromy.com | tcp |
| US | 8.8.8.8:53 | xv.yxzgamen.com | udp |
| US | 188.114.96.0:443 | xv.yxzgamen.com | tcp |
| US | 8.8.8.8:53 | be2.com | udp |
| DE | 93.104.242.20:80 | be2.com | tcp |
| NL | 109.206.241.33:80 | 109.206.241.33 | tcp |
| US | 8.8.8.8:53 | www.be2.com | udp |
| US | 104.18.139.241:443 | www.be2.com | tcp |
| US | 8.8.8.8:53 | iplogger.com | udp |
| DE | 148.251.234.93:443 | iplogger.com | tcp |
| US | 8.8.8.8:53 | www.isurucabs.lk | udp |
| US | 8.8.8.8:53 | app2.be2.com | udp |
| US | 69.46.7.194:443 | www.isurucabs.lk | tcp |
| DE | 62.245.131.116:443 | app2.be2.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 131.253.33.239:443 | edge.microsoft.com | tcp |
| DE | 62.245.131.116:443 | app2.be2.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| SG | 40.90.184.82:443 | nav.smartscreen.microsoft.com | tcp |
| SG | 40.90.184.82:443 | nav.smartscreen.microsoft.com | tcp |
| SG | 40.90.184.82:443 | nav.smartscreen.microsoft.com | tcp |
| SG | 40.90.184.82:443 | nav.smartscreen.microsoft.com | tcp |
| SG | 40.90.184.82:443 | nav.smartscreen.microsoft.com | tcp |
| SG | 40.90.184.82:443 | nav.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | irut7kviyq7.xnoy2yzcmqnfijkmtup8tstv2h0y | udp |
| NL | 45.12.253.56:80 | 45.12.253.56 | tcp |
| US | 8.8.8.8:53 | smartscreen-prod.microsoft.com | udp |
| SG | 40.90.184.73:443 | smartscreen-prod.microsoft.com | tcp |
| SG | 40.90.184.73:443 | smartscreen-prod.microsoft.com | tcp |
| SG | 40.90.184.73:443 | smartscreen-prod.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| SG | 40.90.184.73:443 | smartscreen-prod.microsoft.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 131.253.33.203:443 | tcp | |
| SG | 40.90.184.82:443 | nav.smartscreen.microsoft.com | tcp |
| SG | 40.90.184.73:443 | smartscreen-prod.microsoft.com | tcp |
| NL | 95.101.74.139:443 | assets.msn.com | tcp |
| NL | 95.101.74.139:443 | tcp | |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 131.253.33.239:443 | edge.microsoft.com | tcp |
| NL | 95.101.74.139:443 | tcp | |
| NL | 95.101.74.139:443 | assets.msn.com | tcp |
| NL | 95.101.74.142:443 | tcp | |
| NL | 95.101.74.204:443 | tcp | |
| HK | 20.205.115.81:443 | tcp | |
| US | 204.79.197.200:443 | tcp | |
| US | 18.65.39.70:443 | tcp | |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| SG | 40.90.184.73:443 | smartscreen-prod.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | iueg.aappatey.com | udp |
| US | 45.66.159.142:80 | iueg.aappatey.com | tcp |
| US | 8.8.8.8:53 | siaoheg.aappatey.com | udp |
| US | 45.66.159.142:80 | siaoheg.aappatey.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | m.facebook.com | udp |
| US | 8.8.8.8:53 | hyhjuer.s3.eu-west-3.amazonaws.com | udp |
| NL | 172.217.168.238:443 | clients2.google.com | tcp |
| NL | 142.251.36.45:443 | accounts.google.com | tcp |
| FR | 52.95.154.90:443 | hyhjuer.s3.eu-west-3.amazonaws.com | tcp |
| US | 157.240.24.35:443 | m.facebook.com | tcp |
| US | 8.8.8.8:53 | www.omhroc.com | udp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| US | 104.21.19.234:80 | www.omhroc.com | tcp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| US | 8.8.8.8:53 | secure.facebook.com | udp |
| US | 157.240.24.15:443 | secure.facebook.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.201.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.208.110:443 | apis.google.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 131.253.33.203:443 | tcp | |
| US | 13.107.42.14:443 | tcp | |
| US | 151.101.1.44:443 | trc.taboola.com | tcp |
| US | 64.74.236.95:443 | tcp | |
| IE | 52.210.115.48:443 | tcp | |
| NL | 173.223.112.20:443 | hbx.media.net | tcp |
| US | 8.8.8.8:53 | smartscreen-prod.microsoft.com | udp |
| NL | 20.86.249.62:443 | smartscreen-prod.microsoft.com | tcp |
| US | 104.19.132.78:443 | cm.mgid.com | tcp |
| US | 104.19.132.78:443 | udp | |
| US | 76.223.111.18:443 | tcp | |
| SG | 103.43.90.179:443 | tcp | |
| SG | 103.43.90.179:443 | tcp | |
| NL | 185.184.8.90:443 | creativecdn.com | tcp |
| SG | 172.241.51.68:443 | tcp | |
| FR | 185.255.84.153:443 | visitor.omnitagjs.com | tcp |
| US | 35.208.249.213:443 | trace.mediago.io | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| JP | 35.213.89.133:443 | trace.popin.cc | tcp |
| JP | 35.213.89.133:443 | tcp | |
| DE | 37.252.173.215:443 | tcp | |
| DE | 37.252.173.215:443 | tcp | |
| US | 20.127.253.7:443 | sync.inmobi.com | tcp |
| DE | 141.95.33.111:443 | id5-sync.com | tcp |
| NL | 95.101.74.142:443 | th.bing.com | tcp |
| GB | 216.58.208.99:443 | ssl.gstatic.com | tcp |
| NL | 23.42.192.20:443 | ecn.dev.virtualearth.net | tcp |
| US | 93.184.220.29:80 | tcp | |
| US | 93.184.220.29:80 | tcp | |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| US | 131.253.33.239:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| NL | 104.109.143.13:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| NL | 142.250.179.163:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| US | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| NL | 104.80.225.205:443 | tcp | |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| BE | 35.205.61.67:80 | htagzdownload.pw | tcp |
| US | 8.8.8.8:53 | www.listfcbt.top | udp |
| US | 8.8.8.8:53 | www.typefdq.xyz | udp |
| DE | 142.250.185.163:443 | beacons.gcp.gvt2.com | tcp |
| NL | 172.217.168.195:443 | beacons3.gvt2.com | tcp |
| US | 8.8.8.8:53 | www.rqckdpt.top | udp |
| US | 93.184.220.29:80 | tcp |
Files
memory/5012-132-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5012-134-0x0000000000400000-0x0000000000414000-memory.dmp
memory/4604-135-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\is-DBFQ0.tmp\721c6344039504a039421662f0c681147aa140f3ee5598ce17491ec60cd21dab.tmp
| MD5 | ffcf263a020aa7794015af0edee5df0b |
| SHA1 | bce1eb5f0efb2c83f416b1782ea07c776666fdab |
| SHA256 | 1d07cfb7104b85fc0dffd761f6848ad176117e146bbb4079fe993efa06b94c64 |
| SHA512 | 49f2b062adfb99c0c7f1012c56f0b52a8850d9f030cc32073b90025b372e4eb373f06a351e9b33264967427b8174c060c8a6110979f0eaf0872f7da6d5e4308a |
C:\Users\Admin\AppData\Local\Temp\is-51GG0.tmp\idp.dll
| MD5 | 8f995688085bced38ba7795f60a5e1d3 |
| SHA1 | 5b1ad67a149c05c50d6e388527af5c8a0af4343a |
| SHA256 | 203d7b61eac96de865ab3b586160e72c78d93ab5532b13d50ef27174126fd006 |
| SHA512 | 043d41947ab69fc9297dcb5ad238acc2c35250d1172869945ed1a56894c10f93855f0210cbca41ceee9efb55fd56a35a4ec03c77e252409edc64bfb5fb821c35 |
memory/4976-138-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\is-51GG0.tmp\fITNESS.exe
| MD5 | 979b43969b68215796eb62e1c7504f05 |
| SHA1 | 5fa0a2eb63ff05bf18133485aaee0e9b30633044 |
| SHA256 | b4dadd22c7029e20fd178e150ee69a2b6987503e53085ae6b752012bfd5e277d |
| SHA512 | 2c7284361ddb5d5b3fe0957e51f7e4daf1dbc5235c46006989c5da78058c3a4ea45a7311d04e850cdff71378f88c9f0543867dce7a94e3546644522c8af3e001 |
C:\Users\Admin\AppData\Local\Temp\is-51GG0.tmp\fITNESS.exe
| MD5 | 979b43969b68215796eb62e1c7504f05 |
| SHA1 | 5fa0a2eb63ff05bf18133485aaee0e9b30633044 |
| SHA256 | b4dadd22c7029e20fd178e150ee69a2b6987503e53085ae6b752012bfd5e277d |
| SHA512 | 2c7284361ddb5d5b3fe0957e51f7e4daf1dbc5235c46006989c5da78058c3a4ea45a7311d04e850cdff71378f88c9f0543867dce7a94e3546644522c8af3e001 |
memory/4976-141-0x0000000000910000-0x0000000000960000-memory.dmp
memory/4976-142-0x00007FFF25660000-0x00007FFF26121000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\05-4e150-b47-68482-9e158ca281ed9\Legesyshuky.exe
| MD5 | 454a14c95170b338bfe64373436d9d08 |
| SHA1 | 6922e008fca13eea545a3493f5622f9e52704aac |
| SHA256 | f98703de486679d9651a619c0b5972f69a0e1979525517f654c8a1bcd7de8e28 |
| SHA512 | 0a90638db029d89837d45877d89b5d697903e45fb988e3aebe493d495654e636d969a1d361ba75a31ac0705e3b6e8b98a28060b2be4ac910adc91bb68d2a908c |
memory/2320-144-0x0000000000000000-mapping.dmp
memory/3684-143-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\05-4e150-b47-68482-9e158ca281ed9\Legesyshuky.exe.config
| MD5 | 98d2687aec923f98c37f7cda8de0eb19 |
| SHA1 | f6dcfcdcfe570340ecdbbd9e2a61f3cb4f281ba7 |
| SHA256 | 8a94163256a722ef8cc140bcd115a5b8f8725c04fe158b129d47be81cb693465 |
| SHA512 | 95c7290d59749df8df495e04789c1793265e0f34e0d091df5c0d4aefe1af4c8ac1f5460f1f198fc28c4c8c900827b8f22e2851957bbaea5914ea962b3a1d0590 |
C:\Users\Admin\AppData\Local\Temp\85-67870-69c-3f0b0-4d45c9be7505e\Legesyshuky.exe
| MD5 | 408fc3f0dbb084ec71fa91c3b00df744 |
| SHA1 | 818668581b2b8678a54acd7b78880f492310f3e1 |
| SHA256 | b783737d70b27aad0bed8ed7115f7a4a74e8f382ac736386baa68809594c1bdd |
| SHA512 | 986145133fdffa12ae75a25dce67236ef66bba0660d230694d56fe4ac1dee6eaf91b1d21d435fe0dd407313dece0b33d1b1b29403dee4f1b1b233297ffd35377 |
C:\Users\Admin\AppData\Local\Temp\85-67870-69c-3f0b0-4d45c9be7505e\Legesyshuky.exe.config
| MD5 | 98d2687aec923f98c37f7cda8de0eb19 |
| SHA1 | f6dcfcdcfe570340ecdbbd9e2a61f3cb4f281ba7 |
| SHA256 | 8a94163256a722ef8cc140bcd115a5b8f8725c04fe158b129d47be81cb693465 |
| SHA512 | 95c7290d59749df8df495e04789c1793265e0f34e0d091df5c0d4aefe1af4c8ac1f5460f1f198fc28c4c8c900827b8f22e2851957bbaea5914ea962b3a1d0590 |
C:\Users\Admin\AppData\Local\Temp\05-4e150-b47-68482-9e158ca281ed9\Legesyshuky.exe
| MD5 | 454a14c95170b338bfe64373436d9d08 |
| SHA1 | 6922e008fca13eea545a3493f5622f9e52704aac |
| SHA256 | f98703de486679d9651a619c0b5972f69a0e1979525517f654c8a1bcd7de8e28 |
| SHA512 | 0a90638db029d89837d45877d89b5d697903e45fb988e3aebe493d495654e636d969a1d361ba75a31ac0705e3b6e8b98a28060b2be4ac910adc91bb68d2a908c |
C:\Users\Admin\AppData\Local\Temp\85-67870-69c-3f0b0-4d45c9be7505e\Legesyshuky.exe
| MD5 | 408fc3f0dbb084ec71fa91c3b00df744 |
| SHA1 | 818668581b2b8678a54acd7b78880f492310f3e1 |
| SHA256 | b783737d70b27aad0bed8ed7115f7a4a74e8f382ac736386baa68809594c1bdd |
| SHA512 | 986145133fdffa12ae75a25dce67236ef66bba0660d230694d56fe4ac1dee6eaf91b1d21d435fe0dd407313dece0b33d1b1b29403dee4f1b1b233297ffd35377 |
memory/4976-151-0x00007FFF25660000-0x00007FFF26121000-memory.dmp
memory/5012-152-0x0000000000400000-0x0000000000414000-memory.dmp
memory/3684-153-0x00007FFF24670000-0x00007FFF250A6000-memory.dmp
memory/2320-154-0x00007FFF24670000-0x00007FFF250A6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\05-4e150-b47-68482-9e158ca281ed9\Kenessey.txt
| MD5 | 97384261b8bbf966df16e5ad509922db |
| SHA1 | 2fc42d37fee2c81d767e09fb298b70c748940f86 |
| SHA256 | 9c0d294c05fc1d88d698034609bb81c0c69196327594e4c69d2915c80fd9850c |
| SHA512 | b77fe2d86fbc5bd116d6a073eb447e76a74add3fa0d0b801f97535963241be3cdce1dbcaed603b78f020d0845b2d4bfc892ceb2a7d1c8f1d98abc4812ef5af21 |
memory/5804-156-0x0000000000000000-mapping.dmp
memory/4824-157-0x0000000000000000-mapping.dmp
memory/7528-158-0x0000000000000000-mapping.dmp
memory/4280-159-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\4isivvca.2fg\gcleaner.exe
| MD5 | c83367d3d10a57ebed92bcb72adbda76 |
| SHA1 | 7b31b6933cf19cd6b90cb590568a0ed47e758010 |
| SHA256 | 9df4f6288ad8618b53b6467b8668024f4de27eed61105f90c1200b59f0aff9de |
| SHA512 | 29ec057bbf3bccc4eee845ba2f1de0019fba675bb41e80042a30ed78619945c8180775f2001ce657b18e6122331b893256201c60cb92ce9f1b7b518c4af20a09 |
C:\Users\Admin\AppData\Local\Temp\4isivvca.2fg\gcleaner.exe
| MD5 | c83367d3d10a57ebed92bcb72adbda76 |
| SHA1 | 7b31b6933cf19cd6b90cb590568a0ed47e758010 |
| SHA256 | 9df4f6288ad8618b53b6467b8668024f4de27eed61105f90c1200b59f0aff9de |
| SHA512 | 29ec057bbf3bccc4eee845ba2f1de0019fba675bb41e80042a30ed78619945c8180775f2001ce657b18e6122331b893256201c60cb92ce9f1b7b518c4af20a09 |
memory/4280-162-0x0000000000628000-0x000000000064F000-memory.dmp
memory/4280-163-0x00000000021C0000-0x0000000002200000-memory.dmp
memory/4280-164-0x0000000000400000-0x0000000000576000-memory.dmp
memory/3480-166-0x0000000000000000-mapping.dmp
memory/856-167-0x0000000000000000-mapping.dmp
\??\pipe\LOCAL\crashpad_5804_XIXLDOIBKGIHHMXZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1556-169-0x0000000000000000-mapping.dmp
memory/1552-171-0x0000000000000000-mapping.dmp
memory/672-172-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe
| MD5 | 010ac78ef76556b3435bfed5c9b6492d |
| SHA1 | d4ca466111fe9075083dc25c9bddfdc6cf621bd2 |
| SHA256 | b4eb1e8e07da839c66a692f1c8879980cb23c8a29ac6f60243365afcafaf466c |
| SHA512 | 8d6fd09b5ae32a2aa82a6581cfd27f7c3e5e0cc637b831b0e851ff02b650a4f6928686fad60ee56e036fe835d2ebdc1b5fe4d2e401c2f1d3ff00e6866ddfc9cd |
C:\Users\Admin\AppData\Local\Temp\bldmswdv.dbd\handdiy_3.exe
| MD5 | 010ac78ef76556b3435bfed5c9b6492d |
| SHA1 | d4ca466111fe9075083dc25c9bddfdc6cf621bd2 |
| SHA256 | b4eb1e8e07da839c66a692f1c8879980cb23c8a29ac6f60243365afcafaf466c |
| SHA512 | 8d6fd09b5ae32a2aa82a6581cfd27f7c3e5e0cc637b831b0e851ff02b650a4f6928686fad60ee56e036fe835d2ebdc1b5fe4d2e401c2f1d3ff00e6866ddfc9cd |
memory/3948-176-0x0000000000000000-mapping.dmp
memory/1396-178-0x0000000000000000-mapping.dmp
memory/4920-179-0x0000000000000000-mapping.dmp
memory/5160-180-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\5mvu5fve.dne\chenp.exe
| MD5 | fff06a685dc118486b275737027b63ec |
| SHA1 | ff10af4b0a24abca8c4adaa4b02727391a8afb83 |
| SHA256 | 60b5c9855622f7bf71b6ed99afa605e65be1f664c014b67769c5eb1f7229e53c |
| SHA512 | 6b5c76de6c75d12020ed3b18eb5fa513600c58006b623c9df91e421a71b2f082b21fe5f0db9fd4b71c7ce2301a76e72dbadfdc0d632fa3a03e4ebc64309dc62a |
C:\Users\Admin\AppData\Local\Temp\5mvu5fve.dne\chenp.exe
| MD5 | fff06a685dc118486b275737027b63ec |
| SHA1 | ff10af4b0a24abca8c4adaa4b02727391a8afb83 |
| SHA256 | 60b5c9855622f7bf71b6ed99afa605e65be1f664c014b67769c5eb1f7229e53c |
| SHA512 | 6b5c76de6c75d12020ed3b18eb5fa513600c58006b623c9df91e421a71b2f082b21fe5f0db9fd4b71c7ce2301a76e72dbadfdc0d632fa3a03e4ebc64309dc62a |
memory/5300-184-0x0000000000000000-mapping.dmp
memory/5396-185-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\5mvu5fve.dne\chenp.exe
| MD5 | fff06a685dc118486b275737027b63ec |
| SHA1 | ff10af4b0a24abca8c4adaa4b02727391a8afb83 |
| SHA256 | 60b5c9855622f7bf71b6ed99afa605e65be1f664c014b67769c5eb1f7229e53c |
| SHA512 | 6b5c76de6c75d12020ed3b18eb5fa513600c58006b623c9df91e421a71b2f082b21fe5f0db9fd4b71c7ce2301a76e72dbadfdc0d632fa3a03e4ebc64309dc62a |
memory/5420-187-0x0000000000000000-mapping.dmp
memory/5480-188-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
| MD5 | ec8ff3b1ded0246437b1472c69dd1811 |
| SHA1 | d813e874c2524e3a7da6c466c67854ad16800326 |
| SHA256 | e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab |
| SHA512 | e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
| MD5 | 01b73e8aae46d9d57358dfc889f9e0ea |
| SHA1 | e768c28240fe06c1fc58ae68f7b9953f49d2b115 |
| SHA256 | 72c501ca88b5c36c2853506408ce198ea26bd665a1f77e338a5f1bb87ee7229d |
| SHA512 | 3ef6df287182a34aecd537a0264126ea41eab365c7c039ab41b1fc3de17e9b272c07f57ba7028ba03d8bddbd8051e2d99ad56fd6c07b0edff616e9692a4fcbc7 |
memory/5556-191-0x0000000000000000-mapping.dmp
memory/5636-192-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\v2hvjhmn.mix\pb1117.exe
| MD5 | b0b6107d070707ecb8676600fd80fb57 |
| SHA1 | 80483ae177f32245fcdd9307af6478f551d02f5c |
| SHA256 | 74db730bd2dfb2f2e794f33f7df0fa5e68e43520b109449508682df3017d7d26 |
| SHA512 | f12c2ef136e63f2322fd877184cccc5105e87b3064cdc2e78108562c3d5e5108828d2cd25635c7949553a4e6a443b5fc8c473efa4b6e96d57f0a3e8c000d7791 |
C:\Users\Admin\AppData\Local\Temp\v2hvjhmn.mix\pb1117.exe
| MD5 | b0b6107d070707ecb8676600fd80fb57 |
| SHA1 | 80483ae177f32245fcdd9307af6478f551d02f5c |
| SHA256 | 74db730bd2dfb2f2e794f33f7df0fa5e68e43520b109449508682df3017d7d26 |
| SHA512 | f12c2ef136e63f2322fd877184cccc5105e87b3064cdc2e78108562c3d5e5108828d2cd25635c7949553a4e6a443b5fc8c473efa4b6e96d57f0a3e8c000d7791 |
memory/5732-197-0x0000000000000000-mapping.dmp
memory/5748-196-0x0000000000000000-mapping.dmp
memory/5636-198-0x0000000140000000-0x000000014061B000-memory.dmp
memory/5884-202-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\bnsmcmqt.cce\JavHa.exe
| MD5 | 4a9c478915d8836d152b41f8f1a05930 |
| SHA1 | 959d322ecea15a5cb53149cf612f8cb60c50bacd |
| SHA256 | 899d409c8baf0c5b6ab18f435a752d4ab4749e628c4fb442edfe22fae5fcf073 |
| SHA512 | b083057687cfbe16749ad563dfc0005bf3ea039ca16785a371902d2d632ca3f380608b381f9f0f55aef49e1766b92bb178c6419c50830ed20976668803a8f845 |
C:\Users\Admin\AppData\Local\Temp\bnsmcmqt.cce\JavHa.exe
| MD5 | 4a9c478915d8836d152b41f8f1a05930 |
| SHA1 | 959d322ecea15a5cb53149cf612f8cb60c50bacd |
| SHA256 | 899d409c8baf0c5b6ab18f435a752d4ab4749e628c4fb442edfe22fae5fcf073 |
| SHA512 | b083057687cfbe16749ad563dfc0005bf3ea039ca16785a371902d2d632ca3f380608b381f9f0f55aef49e1766b92bb178c6419c50830ed20976668803a8f845 |
memory/5980-205-0x0000000000000000-mapping.dmp
memory/6064-207-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\db.dll
| MD5 | 1b20e998d058e813dfc515867d31124f |
| SHA1 | c9dc9c42a748af18ae1a8c882b90a2b9e3313e6f |
| SHA256 | 24a53033a2e89acf65f6a5e60d35cb223585817032635e81bf31264eb7dabd00 |
| SHA512 | 79849fbdb9a9e7f7684b570d14662448b093b8aa2b23dfd95856db3a78faf75a95d95c51b8aa8506c4fbecffebcc57cd153dda38c830c05b8cd38629fae673c6 |
C:\Users\Admin\AppData\Local\Temp\db.dll
| MD5 | 1b20e998d058e813dfc515867d31124f |
| SHA1 | c9dc9c42a748af18ae1a8c882b90a2b9e3313e6f |
| SHA256 | 24a53033a2e89acf65f6a5e60d35cb223585817032635e81bf31264eb7dabd00 |
| SHA512 | 79849fbdb9a9e7f7684b570d14662448b093b8aa2b23dfd95856db3a78faf75a95d95c51b8aa8506c4fbecffebcc57cd153dda38c830c05b8cd38629fae673c6 |
C:\Users\Admin\AppData\Local\Temp\db.dat
| MD5 | 76c3dbb1e9fea62090cdf53dadcbe28e |
| SHA1 | d44b32d04adc810c6df258be85dc6b62bd48a307 |
| SHA256 | 556fd54e5595d222cfa2bd353afa66d8d4d1fbb3003afed604672fceae991860 |
| SHA512 | de4ea57497cf26237430880742f59e8d2a0ac7e7a0b09ed7be590f36fbd08c9ced0ffe46eb69ec2215a9cff55720f24fffcae752cd282250b4da6b75a30b3a1b |
C:\Users\Admin\AppData\Local\Temp\dvlxwzp3.l0w\360.exe
| MD5 | 77c8c5a05189b38922ab5b88e319737b |
| SHA1 | ec3e6708dc8f067e57dc8a763cd20c88557acc18 |
| SHA256 | a729f8d5bb0507a9dad84f93e3d7d4326a66d429ef4c1a66260177ade5007d63 |
| SHA512 | f9e83afcf5a4dd923820d2a0d1de656588456d86287ff553d032f78604f2d58f239e74dce6e47ef471f14fe7b400e8746122c397b8f211c8859a1f656837b171 |
memory/5884-211-0x000000000304C000-0x00000000031BB000-memory.dmp
memory/5884-212-0x000000000B520000-0x000000000B81D000-memory.dmp
memory/6424-213-0x0000000000000000-mapping.dmp
memory/6492-214-0x0000000000000000-mapping.dmp
memory/5884-215-0x000000000B520000-0x000000000B81D000-memory.dmp
memory/4280-216-0x0000000000628000-0x000000000064F000-memory.dmp
memory/4280-217-0x0000000000400000-0x0000000000576000-memory.dmp
memory/6640-219-0x0000000000000000-mapping.dmp
memory/6672-221-0x0000000000000000-mapping.dmp
memory/6720-223-0x0000000000000000-mapping.dmp
\??\pipe\crashpad_6564_JMIQFAVHZERWLDTK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/7000-225-0x0000000000000000-mapping.dmp
memory/7000-226-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | e5220b36979d6c685be7daa42ef4ef09 |
| SHA1 | e3831a20c64db49a6166283bfe18d69b0b57cd3f |
| SHA256 | 6d346ca654bf71802c02db8be42efebcf184070872478cdfc275a50c5ad9040d |
| SHA512 | 183cf11556e9cf34a17646e8b76f48e586aacd3ccc539d2aaa93b45685831a58b338c0c07b0e5b257d68185bef4933ad1bb5d9469be2797da259dc5339862c65 |
C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\manifest.json
| MD5 | 05bfb082915ee2b59a7f32fa3cc79432 |
| SHA1 | c1acd799ae271bcdde50f30082d25af31c1208c3 |
| SHA256 | 04392a223cc358bc79fcd306504e8e834d6febbff0f3496f2eb8451797d28aa1 |
| SHA512 | 6feea1c8112ac33d117aef3f272b1cc42ec24731c51886ed6f8bc2257b91e4d80089e8ca7ce292cc2f39100a7f662bcc5c37e5622a786f8dc8ea46b8127152f3 |
memory/7000-229-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\icon.png
| MD5 | 362695f3dd9c02c83039898198484188 |
| SHA1 | 85dcacc66a106feca7a94a42fc43e08c806a0322 |
| SHA256 | 40cfea52dbc50a8a5c250c63d825dcaad3f76e9588f474b3e035b587c912f4ca |
| SHA512 | a04dc31a6ffc3bb5d56ba0fb03ecf93a88adc7193a384313d2955701bd99441ddf507aa0ddfc61dfc94f10a7e571b3d6a35980e61b06f98dd9eee424dc594a6f |
memory/7000-234-0x0000000000400000-0x0000000000437000-memory.dmp
C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\content.js
| MD5 | c31f14d9b1b840e4b9c851cbe843fc8f |
| SHA1 | 205e3a99dc6c0af0e2f4450ebaa49ebde8e76bb4 |
| SHA256 | 03601415885fd5d8967c407f7320d53f4c9ca2ec33bbe767d73a1589c5e36c54 |
| SHA512 | 2c3d7ed5384712a0013a2ebbc526e762f257e32199651192742282a9641946b6aea6235d848b1e8cb3b0f916f85d3708a14717a69cbcf081145bc634d11d75aa |
C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\jquery-3.3.1.min.js
| MD5 | a09e13ee94d51c524b7e2a728c7d4039 |
| SHA1 | 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae |
| SHA256 | 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef |
| SHA512 | f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a |
memory/7000-235-0x0000000000400000-0x0000000000437000-memory.dmp
memory/7000-236-0x0000000001720000-0x0000000001729000-memory.dmp
memory/7000-237-0x0000000001740000-0x000000000174D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\240573421.dll
| MD5 | 8596736c157f4e9d597e640b5fd272c2 |
| SHA1 | 52c13d50177761027cf834200909cb8871e2bfc0 |
| SHA256 | 7788d59ce9a3935ac67aadd1d6da93feb8a6c2c4ee8b53fba51b93a8f42b3a7a |
| SHA512 | ceb67ced3657617fbe6485642e92c44e672fc39f4c1770a92323bccee636aebeea3b788b9297787db1bb0945e194f2aa245e7f02743207577eca160488ca7d37 |
C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\background.html
| MD5 | 9ffe618d587a0685d80e9f8bb7d89d39 |
| SHA1 | 8e9cae42c911027aafae56f9b1a16eb8dd7a739c |
| SHA256 | a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e |
| SHA512 | a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12 |
C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\background.js
| MD5 | 9e3305c7e459cf4502fcd4945cdc750c |
| SHA1 | 580f681457c2e9d67762cf1aacebc4064e11c147 |
| SHA256 | a90e697b6d67623a22e71d0ee465c20482ecbd423987612dc6ba13ee6488744e |
| SHA512 | 0a3465a389b27d0a291aa01203cc35912c2961cd21541188db7e9bd206b6fddfce6fb70749bf624f6690316fdc32e64bc667b93d94a50257ab87172af43d7ca6 |
memory/7476-244-0x0000000000D20000-0x0000000000D53000-memory.dmp
C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\pad-nopadding.js
| MD5 | 0f26002ee3b4b4440e5949a969ea7503 |
| SHA1 | 31fc518828fe4894e8077ec5686dce7b1ed281d7 |
| SHA256 | 282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d |
| SHA512 | 4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11 |
memory/7476-245-0x0000000000000000-mapping.dmp
C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\mode-ecb.js
| MD5 | 23231681d1c6f85fa32e725d6d63b19b |
| SHA1 | f69315530b49ac743b0e012652a3a5efaed94f17 |
| SHA256 | 03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a |
| SHA512 | 36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2 |
C:\Program Files\nndannfdnoaiphfcbbpgkhodebpoiocf\js\aes.js
| MD5 | 4ff108e4584780dce15d610c142c3e62 |
| SHA1 | 77e4519962e2f6a9fc93342137dbb31c33b76b04 |
| SHA256 | fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a |
| SHA512 | d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2 |
memory/7476-246-0x0000000000D20000-0x0000000000D53000-memory.dmp
memory/7864-247-0x0000000000000000-mapping.dmp
memory/7932-248-0x0000000000000000-mapping.dmp
memory/3484-249-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
| MD5 | 39f578d7a6932982952bd7f2fd3b89a6 |
| SHA1 | 1395a5ec1adae2b54fb5a38c5f5b1844fae955ea |
| SHA256 | e1ca962cb2d039add275621955d08437ff6bc7170b3cb2bc35c331964afd2c5a |
| SHA512 | a75c6c0d74f56827c363ad4b7f6987d265c4b311c08cfb38ec90fd5cca33ef19b9dcef4d3dbed89381119b48f8e034107abb807ed7253e6be85049ab20706955 |
memory/5884-251-0x000000000304C000-0x00000000031BB000-memory.dmp
memory/5884-252-0x000000000B520000-0x000000000B81D000-memory.dmp
memory/7476-253-0x0000000000D20000-0x0000000000D53000-memory.dmp
memory/7476-254-0x00000000013C8000-0x00000000013E2000-memory.dmp
memory/7476-255-0x0000000001390000-0x00000000013AC000-memory.dmp
memory/7476-256-0x0000000002C70000-0x0000000003C70000-memory.dmp
memory/7476-257-0x0000000000D20000-0x0000000000D53000-memory.dmp
memory/7476-258-0x00000000013C8000-0x00000000013E2000-memory.dmp
memory/7476-259-0x0000000001390000-0x00000000013AC000-memory.dmp
memory/5884-260-0x000000000304C000-0x00000000031BB000-memory.dmp
memory/6040-262-0x0000000000000000-mapping.dmp
memory/6484-264-0x0000000000000000-mapping.dmp
memory/6176-265-0x0000000000000000-mapping.dmp
memory/1280-266-0x0000000000000000-mapping.dmp