Malware Analysis Report

2024-11-30 13:18

Sample ID 240620-xr5tvashnh
Target MetaBuilder.zip
SHA256 eed0c4edab3e751e754de654b8eff38c1d36b9e54d7354e20639503f312bae40
Tags
pyinstaller upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

eed0c4edab3e751e754de654b8eff38c1d36b9e54d7354e20639503f312bae40

Threat Level: Likely malicious

The file MetaBuilder.zip was found to be: Likely malicious.

Malicious Activity Summary

pyinstaller upx

Downloads MZ/PE file

Executes dropped EXE

UPX packed file

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Detects Pyinstaller

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Delays execution with timeout.exe

Suspicious use of SetWindowsHookEx

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Modifies registry class

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-20 19:06

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-20 19:06

Reported

2024-06-20 19:11

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

279s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\MetaBuilder\dnlib.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\MetaBuilder\dnlib.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 9.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-20 19:06

Reported

2024-06-20 19:11

Platform

win10v2004-20240508-en

Max time kernel

226s

Max time network

236s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MetaBuilder\localhost.exe"

Signatures

Enumerates physical storage devices

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\MetaBuilder\localhost.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1436 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\MetaBuilder\localhost.exe C:\Windows\SYSTEM32\cmd.exe
PID 1436 wrote to memory of 4620 N/A C:\Users\Admin\AppData\Local\Temp\MetaBuilder\localhost.exe C:\Windows\SYSTEM32\cmd.exe
PID 4620 wrote to memory of 3300 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\timeout.exe
PID 4620 wrote to memory of 3300 N/A C:\Windows\SYSTEM32\cmd.exe C:\Windows\system32\timeout.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MetaBuilder\localhost.exe

"C:\Users\Admin\AppData\Local\Temp\MetaBuilder\localhost.exe"

C:\Windows\SYSTEM32\cmd.exe

"cmd" /c timeout /t 1 && DEL /f localhost.exe

C:\Windows\system32\timeout.exe

timeout /t 1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1436-0-0x00007FF9FFBA3000-0x00007FF9FFBA5000-memory.dmp

memory/1436-1-0x0000018215BA0000-0x0000018215BAA000-memory.dmp

memory/1436-3-0x00007FF9FFBA0000-0x00007FFA00661000-memory.dmp

memory/1436-4-0x00007FF9FFBA0000-0x00007FFA00661000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 19:06

Reported

2024-06-20 19:17

Platform

win10v2004-20240611-en

Max time kernel

448s

Max time network

451s

Command Line

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\MetaBuilder.zip

Signatures

N/A

Processes

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\MetaBuilder.zip

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 19:06

Reported

2024-06-20 19:11

Platform

win10v2004-20240508-en

Max time kernel

276s

Max time network

285s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MaterialSkin.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MaterialSkin.dll,#1

Network

Country Destination Domain Proto
US 52.111.229.48:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-20 19:06

Reported

2024-06-20 19:20

Platform

win10v2004-20240611-en

Max time kernel

839s

Max time network

838s

Command Line

"C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe"

Signatures

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\main (1).exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633840598557764" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{0B7EDDF6-8214-4878-B34A-B88EFCBAF374} C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\Mode = "6" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe1100000013a8e9cc47bcda010bcbf3ce47bcda01298e28d047bcda0114000000 C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:FMTID = "{30C8EEF4-A832-41E2-AB32-E3C3CA28FD29}" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByDirection = "1" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{764897A4-DE0A-482E-A944-7EFD39E37B95} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3480 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3088 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 4772 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3480 wrote to memory of 3236 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe

"C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4244,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=1056 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcc802ab58,0x7ffcc802ab68,0x7ffcc802ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3956 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4352 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4880 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3304 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3192 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5136 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5164 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2088 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3168 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5200 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2472 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5480 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3220 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5600 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe

"C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5316 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3260 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4220,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:8

C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe

"C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe

"C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/ToxicExploit

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Toxicvirusmain

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=3780,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3892,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=4592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5104,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5440,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5480,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5520,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6124,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=5748,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5784,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6024,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6320,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffcc0014ef8,0x7ffcc0014f04,0x7ffcc0014f10

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4544 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2220,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=1980 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1868,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2520,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=2672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4260,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4260,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5580 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5828 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4748,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5092,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4820,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5460,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5608,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5748,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5676 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3140 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4884,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4564 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4876,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3464,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=2924 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5988 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4676,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4128,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4452 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6756 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8

C:\Users\Admin\Downloads\main (1).exe

"C:\Users\Admin\Downloads\main (1).exe"

C:\Users\Admin\Downloads\main (1).exe

"C:\Users\Admin\Downloads\main (1).exe"

C:\Users\Admin\Downloads\main (1).exe

"C:\Users\Admin\Downloads\main (1).exe"

C:\Users\Admin\Downloads\main (1).exe

"C:\Users\Admin\Downloads\main (1).exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Users\Admin\Desktop\main (1).exe

"C:\Users\Admin\Desktop\main (1).exe"

C:\Users\Admin\Desktop\main (1).exe

"C:\Users\Admin\Desktop\main (1).exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com udp
GB 142.250.187.238:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.109.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
GB 172.217.169.67:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
US 8.8.8.8:53 67.169.217.172.in-addr.arpa udp
GB 172.217.169.3:443 beacons.gvt2.com udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
BR 142.250.78.227:443 beacons2.gvt2.com tcp
BR 142.250.78.227:443 beacons2.gvt2.com tcp
BR 142.250.78.227:443 beacons2.gvt2.com udp
GB 172.217.169.67:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 227.78.250.142.in-addr.arpa udp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.213.3:443 beacons3.gvt2.com tcp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
GB 216.58.213.3:443 beacons3.gvt2.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 dosya.co udp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
DE 195.201.111.49:443 dosya.co tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
DE 195.201.111.49:443 dosya.co tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 mwlle.com udp
US 8.8.8.8:53 youradexchange.com udp
US 8.8.8.8:53 duvuerxuiw.com udp
US 104.21.72.31:443 mwlle.com tcp
GB 163.70.147.23:443 connect.facebook.net udp
US 172.67.177.214:443 youradexchange.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 64.233.166.157:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 104.21.72.31:443 mwlle.com tcp
US 8.8.8.8:53 49.111.201.195.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 214.177.67.172.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 pubtrky.com udp
US 8.8.8.8:53 www.facebook.com udp
US 104.21.8.108:443 pubtrky.com tcp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.bbml.site udp
US 104.21.8.108:443 pubtrky.com udp
US 172.67.141.21:80 www.bbml.site tcp
US 172.67.141.21:80 www.bbml.site tcp
US 8.8.8.8:53 31.72.21.104.in-addr.arpa udp
US 8.8.8.8:53 108.8.21.104.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 21.141.67.172.in-addr.arpa udp
US 172.67.177.214:443 youradexchange.com udp
US 8.8.8.8:53 rx.tycm.homes udp
US 104.21.69.10:80 rx.tycm.homes tcp
US 104.21.69.10:80 rx.tycm.homes tcp
US 104.21.69.10:80 rx.tycm.homes tcp
US 104.21.69.10:80 rx.tycm.homes tcp
US 104.21.69.10:80 rx.tycm.homes tcp
US 104.21.69.10:80 rx.tycm.homes tcp
US 8.8.8.8:53 10.69.21.104.in-addr.arpa udp
US 104.17.25.14:443 cdnjs.cloudflare.com udp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 server72.dosya.co udp
DE 116.202.229.248:443 server72.dosya.co tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 248.229.202.116.in-addr.arpa udp
US 8.8.8.8:53 4hl3i.bemobtrcks.com udp
IE 54.220.182.27:443 4hl3i.bemobtrcks.com tcp
IE 54.220.182.27:443 4hl3i.bemobtrcks.com tcp
US 8.8.8.8:53 iptil.rigelbetelgeuse.top udp
US 172.67.205.133:443 iptil.rigelbetelgeuse.top tcp
US 8.8.8.8:53 iptil.check-tl-ver-176-1.com udp
US 104.21.44.194:443 iptil.check-tl-ver-176-1.com tcp
US 8.8.8.8:53 27.182.220.54.in-addr.arpa udp
US 8.8.8.8:53 133.205.67.172.in-addr.arpa udp
US 104.21.44.194:443 iptil.check-tl-ver-176-1.com tcp
GB 216.58.201.106:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 194.44.21.104.in-addr.arpa udp
US 104.21.44.194:443 iptil.check-tl-ver-176-1.com udp
US 8.8.8.8:53 cdnstatic.check-tl-ver-176-1.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 t.me udp
US 8.8.8.8:53 t.me udp
US 8.8.8.8:53 t.me udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 t.me udp
NL 149.154.167.99:443 t.me tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 99.167.154.149.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 telegram.org udp
US 8.8.8.8:53 telegram.org udp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
US 8.8.8.8:53 cdn5.cdn-telegram.org udp
US 8.8.8.8:53 cdn5.cdn-telegram.org udp
US 34.111.108.175:443 cdn5.cdn-telegram.org tcp
US 34.111.108.175:443 cdn5.cdn-telegram.org tcp
NL 149.154.167.99:443 telegram.org tcp
US 8.8.8.8:53 t.me udp
US 8.8.8.8:53 business.bing.com udp
NL 149.154.167.99:443 telegram.org tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 175.108.111.34.in-addr.arpa udp
NL 149.154.167.99:443 telegram.org tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.21.189.233:443 www.microsoft.com tcp
US 8.8.8.8:53 t.me udp
GB 2.21.189.233:443 www.microsoft.com tcp
US 8.8.8.8:53 t.me udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 233.189.21.2.in-addr.arpa udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
NL 23.62.61.194:443 www.bing.com tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 104.21.44.194:443 cdnstatic.check-tl-ver-176-1.com udp
US 8.8.8.8:53 mataoransolda.com udp
NL 139.45.196.64:443 mataoransolda.com tcp
NL 139.45.196.64:443 mataoransolda.com tcp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 yonmewon.com udp
US 8.8.8.8:53 my.rtmark.net udp
US 13.107.246.64:443 edge-mobile-static.azureedge.net tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 139.45.197.236:443 yonmewon.com tcp
NL 139.45.195.8:443 my.rtmark.net tcp
US 8.8.8.8:53 64.196.45.139.in-addr.arpa udp
US 8.8.8.8:53 zeechoog.net udp
NL 139.45.197.242:443 zeechoog.net tcp
NL 139.45.197.242:443 zeechoog.net tcp
US 8.8.8.8:53 s.click.aliexpress.com udp
US 8.8.8.8:53 sr7pv7n5x.com udp
NL 212.117.190.201:443 sr7pv7n5x.com tcp
US 8.8.8.8:53 236.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 8.195.45.139.in-addr.arpa udp
US 8.8.8.8:53 242.197.45.139.in-addr.arpa udp
US 8.8.8.8:53 201.190.117.212.in-addr.arpa udp
CZ 23.73.141.158:443 s.click.aliexpress.com tcp
CZ 23.73.141.158:443 s.click.aliexpress.com tcp
US 8.8.8.8:53 campaign.aliexpress.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 assets.alicdn.com udp
US 8.8.8.8:53 ae01.alicdn.com udp
US 8.8.8.8:53 acs.aliexpress.com udp
US 8.8.8.8:53 www.aliexpress.com udp
US 8.8.8.8:53 158.141.73.23.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
BE 23.55.96.49:443 ae01.alicdn.com tcp
US 8.8.8.8:53 acs.aliexpress.ru udp
CZ 23.73.141.158:443 www.aliexpress.com tcp
CZ 23.73.141.158:443 www.aliexpress.com tcp
US 8.8.8.8:53 best.aliexpress.com udp
DE 47.246.146.105:443 acs.aliexpress.com tcp
US 8.8.8.8:53 ae.mmstat.com udp
US 8.8.8.8:53 bottom.campaign.aliexpress.com udp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dmtracking2.alibaba.com udp
US 8.8.8.8:53 fcmatch.google.com udp
US 8.8.8.8:53 fcmatch.youtube.com udp
US 8.8.8.8:53 fourier.taobao.com udp
US 8.8.8.8:53 49.96.55.23.in-addr.arpa udp
US 8.8.8.8:53 105.146.246.47.in-addr.arpa udp
US 8.8.8.8:53 gj.mmstat.com udp
US 8.8.8.8:53 hd.mmstat.com udp
US 8.8.8.8:53 pcookie.aliexpress.com udp
US 8.8.8.8:53 ae04.alicdn.com udp
US 8.8.8.8:53 is.alicdn.com udp
US 8.8.8.8:53 g.alicdn.com udp
US 8.8.8.8:53 time-ae.akamaized.net udp
BE 23.14.90.81:443 time-ae.akamaized.net tcp
SG 47.246.110.44:443 ae.mmstat.com tcp
GB 79.133.176.243:443 g.alicdn.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.google.com udp
GB 79.133.176.225:443 bottom.campaign.aliexpress.com tcp
US 8.8.8.8:53 login.aliexpress.ru udp
US 8.8.8.8:53 login.aliexpress.us udp
GB 79.133.176.243:443 g.alicdn.com tcp
NL 23.62.61.97:443 www.bing.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com udp
NL 23.62.61.139:443 ae04.alicdn.com tcp
US 8.8.8.8:53 81.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 243.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 225.176.133.79.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 139.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 aeis.alicdn.com udp
US 8.8.8.8:53 log.mmstat.com udp
CN 124.239.14.250:443 fourier.taobao.com tcp
RU 47.246.133.208:443 login.aliexpress.ru tcp
CN 124.239.14.250:443 fourier.taobao.com tcp
CN 59.82.33.224:443 log.mmstat.com tcp
US 8.8.8.8:53 208.133.246.47.in-addr.arpa udp
CN 59.82.33.224:443 log.mmstat.com tcp
CN 59.82.33.224:443 log.mmstat.com tcp
US 8.8.8.8:53 login.aliexpress.com udp
US 8.8.8.8:53 wp.aliexpress.com udp
DE 47.246.146.201:443 wp.aliexpress.com tcp
DE 47.246.146.201:443 wp.aliexpress.com tcp
US 8.8.8.8:53 de-wum.aliexpress.com udp
DE 47.246.146.199:443 de-wum.aliexpress.com tcp
US 8.8.8.8:53 us.ynuf.aliapp.org udp
US 8.8.8.8:53 201.146.246.47.in-addr.arpa udp
US 8.8.8.8:53 199.146.246.47.in-addr.arpa udp
US 8.8.8.8:53 img.alicdn.com udp
CN 124.239.14.250:443 fourier.taobao.com tcp
DE 47.246.146.52:443 us.ynuf.aliapp.org tcp
DE 47.246.146.52:443 us.ynuf.aliapp.org tcp
US 8.8.8.8:53 52.146.246.47.in-addr.arpa udp
CN 124.239.14.250:443 fourier.taobao.com tcp
US 8.8.8.8:53 fourier.aliexpress.com udp
CN 59.82.33.224:443 log.mmstat.com tcp
DE 47.246.146.223:443 fourier.aliexpress.com tcp
US 8.8.8.8:53 223.146.246.47.in-addr.arpa udp
US 8.8.8.8:53 7gmmaf.tdum.alibaba.com udp
DE 47.254.175.252:443 7gmmaf.tdum.alibaba.com tcp
DE 47.254.175.252:443 7gmmaf.tdum.alibaba.com tcp
US 8.8.8.8:53 ynuf.aliapp.org udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
CN 124.239.14.252:443 ynuf.aliapp.org tcp
US 8.8.8.8:53 252.175.254.47.in-addr.arpa udp
CN 124.239.14.253:443 ynuf.aliapp.org tcp
CN 124.239.14.253:443 ynuf.aliapp.org tcp

Files

memory/3620-0-0x0000000074EFE000-0x0000000074EFF000-memory.dmp

memory/3620-1-0x0000000000AE0000-0x0000000000B66000-memory.dmp

memory/3620-2-0x0000000005B30000-0x00000000060D4000-memory.dmp

memory/3620-3-0x0000000006760000-0x0000000006DD4000-memory.dmp

memory/3620-4-0x0000000005920000-0x00000000059B2000-memory.dmp

memory/3620-5-0x0000000005AC0000-0x0000000005ACA000-memory.dmp

memory/3620-6-0x0000000074EF0000-0x00000000756A0000-memory.dmp

memory/3620-7-0x0000000074EF0000-0x00000000756A0000-memory.dmp

memory/3620-8-0x0000000074EFE000-0x0000000074EFF000-memory.dmp

memory/3620-9-0x0000000074EF0000-0x00000000756A0000-memory.dmp

memory/3620-10-0x0000000074EF0000-0x00000000756A0000-memory.dmp

\??\pipe\crashpad_3480_HPKUMVGDGGYCHQBO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/3620-50-0x0000000074EF0000-0x00000000756A0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 539f8041f1b1fc31da1e33a995e5cbcc
SHA1 facff31ba96954d5b1450f228550e4143a860fb2
SHA256 3548941af997377481d9e950a4afc1cb037dd661fac7c9df997b10030337ba23
SHA512 8bb88b0daa13d6821ae5e14ec8b574cb568b564c8ed5f6bce5eb2479e537cdcd3437b2e1a74174ca40742161ce9de7839f2b597bea39d2d92c39bd1b5e9518c1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a025fbd491ae2304a20dd6656496dc5e
SHA1 ee752da596f2072fd0fda3969655caf01f3a210f
SHA256 5d292eb3c3a0fc25134f42eaa88656de1866e07e065ce22b66b41a39ef89bb40
SHA512 455af293dc901b957897a0c690d52cd40ae97ae1cf30f67719643a28b3f6d0bd19dc89e223eb39a99a9661b31aef37a4d59469af7ae0b7071a6a5a7a5ab02ad1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a1d448ac06ab555cea87d0ef04ea177c
SHA1 1c940197a50a8ff7e23967f36b67aae1816f1171
SHA256 5836ec14ed403a2f74b149e56eb441d1682c2d56e3937bbad08c088ba54e4508
SHA512 a9c1cddced79dcac88d6d479bc7ec03fe17cd4d39f07b02958c717a484b96e8bfd55186fcd9566b3b375c0df027ebcfc08b27c3e96f0d811d4ae9a7742f06316

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 e323e71daa5a212c92f7fddb36248414
SHA1 13f77b6038e2005494f9f8445c6c649bff781298
SHA256 3ea1802be49ca722ca350c94dd1eadf531ea7684359cb477084b3b3b5522a893
SHA512 4faf8a006a478e227ed3a009868552528ba466047c724d2191e19f53dc3738da939af2ca59ed63f2b221d41a77d0ab481b7f871f1bfe3ebb9b06513f61d2efd2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 47e3c843eb515309dd0103607bc87950
SHA1 92848964712151b329001f36f0836c9340e1e84b
SHA256 6adc7e3493941176f584dc96002dc5ad77dd2e2c5cc9f1f947d8db540c185c27
SHA512 4513a3819efee94e820bd07ca19fa6aaca9b2a203a9bdfb6fca9cb1cf29901e1f5d8ac77f386ffc75c6f7d5845a7c80bba43eb5620570692e1b133f5d670da91

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 47b6e3b9a667b9dbc766575634849645
SHA1 54c7e7189111bf33c933817d0a97cefe61fe9a6d
SHA256 302ed4f6c8ac4312d71205603c4c28dd2976fafe4c05533c0a08ab3bdb531aa3
SHA512 a12b74ff45f6f9e6abf459863c299e1fafe61dcf2bea8a7331ed9547de14ed29e2deba69b104c6960db93b458f83ba6a4ba454c5514105e7ffb96da96e26e612

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

MD5 b23078951d91c38ad508e190a81517a4
SHA1 8dec45198f7dde8f6f30155817b7b03ef6eb570c
SHA256 8f951f1e047ce385bb4a999785def042031f72f3039ea096c677393bfa918749
SHA512 18da7c34c40298ebaefc6ced9b0b4769181addc85f192f258c70ac98b0275119a4e6f1aa938ed779fb73c9037036224a8b07dea403b9a5071996f2e3fa759e0c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a14cb7cc-2518-4bb0-b574-05f3beae98fb.tmp

MD5 f859668102d9eacf8f61b46e369945fb
SHA1 f28b10b264d036b8a48720aa4ec03ed1051136b9
SHA256 517dc40b86404053eb88bd046dc876bc23c3dd34c806a9a3f91d0af4a88acbb8
SHA512 18e7e22a934fd1fd53669ccaad58f6e4c9d52a526d17607e2ea88467bcc8c5e0fb6a0322fa6fa7feba2942a575ac00b6bca01b57b34980cc4112bda89e761fc2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 46405a442be592f896cfd82837390f2a
SHA1 99ae27d7faef55ec68dd0970685ec62f6fde497e
SHA256 fdefc47304cf95dabea7bf91298687b19d7ae8024318f8f8a6070d42b3fdebb6
SHA512 a8c45a27a54b5a9388b66043bb391b8e13365906c62102f53616cc4f433194c6bbb73bdb1a0ddc1525140fc2d77bc6c50add2211ff79230d6afec1c36404b1de

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe596354.TMP

MD5 050b2e01e678649b708cd023ab5ccb01
SHA1 693805dfc9d60e2566c0bbe44eee654cf3ed1a4f
SHA256 303588cc95476dc74b8270e8e38b7e64a77fce459958290b3d49e395f20b8d36
SHA512 5892b317139e031778fab46d64b1e91acb91275bcead17cb558ad615f9b198f75129bc6a7ace3cdd70dd6fa8511e484aa42420d2442a541c0a86fd33e2a08433

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 07ef85d9af91bdecfbc58bb702145b48
SHA1 784edf422f18575e4aee043d77198afb15caf01e
SHA256 d567f7998cc2112be450df1530d176c962124815e80fb80c7f803e2eb2cd0a63
SHA512 509d7c5d7c21fb6a0a4b17931319b461dd8bcc5ab6cebee08c27daedec0e26abc53c409f003115865e753d8f1ae760e0e1a0a3cb5a897c1d9f286a65b18c2032

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

MD5 1ac27973084a93966f6a90d5b518e258
SHA1 787986ea7a061e18e3d858c919a7692c6d100ed3
SHA256 f8a4c49273653af8dff6bc5e910bdc5a4ca5496c60f0221cfbf3da26df2388f8
SHA512 3bbd2a13f7583890c4730aa4fbe49bd1d280950e28917389177b6eddfdfaee6b1969efa3e4741c6ab21e9f83154540ed80652f3c1c9145fd2fa6a0687b6aa461

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 dad4c4c5fbed0729a24a87aabe74c20e
SHA1 c4703155fa425411cf6f08d6d90771ae136def36
SHA256 1b3965ba2caf82e8d4c86d84c10178727e7eb795b110a9275f713e168240a29c
SHA512 c525619eb36a75bef43d784ccb612b010ae1314b839382abfd80e47bb2e6e37234aff020be0bb2adbb715f60865ce471dca749951e4a0f527885be73a51dd379

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 588b06e215cab3065be95671d0c5cdc2
SHA1 e3c237eeb2acafe66766343494693503ef74cc05
SHA256 341f659fa9110f58b65c672a8361ebab167dc26e311db012e525cb6a50ab925b
SHA512 aeac05ae344e7b577c4df6acd34cbf2dfd904802ee1f47f15c213d87d777c46e310f14e6b962971cf8f634ea4d8b09f0f1c1fbf2e924fa9970974bf7c353d47c

C:\Users\Admin\Downloads\Unconfirmed 848970.crdownload

MD5 736304cd60f82ccf3b05b3982300bb11
SHA1 4fd9433909008d57c1edcc37489a7d395a6c7461
SHA256 c40383322a5eba3e7f533b1cf73ca5ea96a23d2f4b37e97927c0f53fb0cd5733
SHA512 cd2f6948db7a82e9b6085f60917177ec950c6f122e6545588227ea621443e08107dfe24aa4dc16927d551348186b4b5975b519b666626d534bd4d8784e3fa8e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 1709896e25342558ce231504ad83ca1d
SHA1 fbd89a68e9e76ccd514fe5d15081444cef16e3a2
SHA256 55b215488ef74f1248e0723fca3e9e2ed0f6dcd7790acc56da212e9315fda4b8
SHA512 db4a0c8f3b5e37b4d3c28b49d9b1914a335824d078f2e49ba13e3ebd9bac7ad61b503da7b76461755fee31dcc55a1f993d9ee724c02a15ef085107fb4ff4bd41

memory/3620-640-0x0000000074EF0000-0x00000000756A0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 9fa44bc17e24052415579afde7303673
SHA1 832d4d5ba3ed9a2b23809751f4e98774cf395798
SHA256 d486aeed234e621b7d56e61747fe712190c965de41019d17808d081dee9d5817
SHA512 95faccf0e189341f5a7532af5baf67a7fad8026611eb14b36fd71f4d78e7ac70283bf6c950abe7dac3f7af8ddcb92e6a507f43cbb9e0273a6da3dc09363ff4ba

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c7671983e8589a5d18a6b513077249c2
SHA1 24e2ee12061c364813e11a30fbd5425fd5039992
SHA256 98ca29679dc83cb07a122ce4bf7634b6e3c18e73d7ba3d2ff5de2197013ba760
SHA512 4e90deabe3fce42fb2e255b9e1ba345278ffaeec1f134b279f712bb2f1da4433550571ebcaa0582870a1842a648a4b1c3514065bf320a507c7952523e210375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 de7264a3db88382a111fe7ac9cc540c4
SHA1 1d6c507c9d8f640cb94c6b6a347b96ba15d57365
SHA256 65bf7dea91f631077afc609773f1ebd63a80e87ee11dd3288efda954fd302846
SHA512 4265e4a2ea8d1585ea2bb86dd884700e2b114c0f5b5822c3f397717b567bbdcf9a3f2e6b7e50c57ac16221c8d91877f6bc984b87172d8a8d4ae8233522ad344b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 493651da5892945c27dc75276205866a
SHA1 c2c20923b5a0bbb378d5d31f8e1ecd88b8d02ff0
SHA256 db71ec03e1bd466a77e195c89cc9e9fcc3d3bf945b772fd8f6b0800a26432740
SHA512 c199f3e891a091b6c6129530c41fa07d8db17d442ac82022fba239cfbc7385bb46537818eb10d6d7d1f96d188859af94d879d482757a52cd261a92f26f5a764b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 dfaa2f0ec860327bb27d0f0b166fac8d
SHA1 7df4a1a05d1d47dd8b1e99b9c300971535b0d9c7
SHA256 e94b1a9966e86283c0cc530dd4907e99dd611c4395f823bd0168ceb36b7af5cd
SHA512 81df14e888f1351e00815a7e6336b09f4612084ed2a2586bc1fb635808a48a60c4ed87c56d8e3d1c4fdde6ad0769e5e98b86dcc45a0067ae7f383fa7af07daaf

memory/3620-678-0x0000000074EF0000-0x00000000756A0000-memory.dmp

memory/3620-679-0x0000000074EF0000-0x00000000756A0000-memory.dmp

memory/3620-680-0x0000000074EF0000-0x00000000756A0000-memory.dmp

memory/3620-686-0x000000000C8B0000-0x000000000C9D6000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 af3c17e8e64b85a612e4c1b8c751e92d
SHA1 148a95f7c57367313883d46e1847489f1c80ff24
SHA256 99ac91e0a3041414638cf17501971ee3f8f53afd91cefa1ecb224aa4030b771f
SHA512 39b919d170f060d664d2b29d1c5f347dde12288ff18cd316380df497c4a1dac617e4f458b10f628a2749e4a9cc9b64b5d40dd024ec6d4c5598285befc5ae16e9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 337c4429feca429cecc41015e80ef422
SHA1 72059f6cc26f75c245f0409765a3b370d2fa6717
SHA256 a1bd26fc25382f6a1154b983098a58fdc87762d0dba5ad61328f7e716d295dfb
SHA512 fe2bcbac778556f644194699884e72e3ec75baeeddff263b66fd7702bf8a1409332d567349b1fa19a64d81eb4da582023c343302197ced1f6dd57feea0efbeab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d8328e669e3a05984d893c501922eb4c
SHA1 f7dd4753f980d0ff7b9ceef2010aed7ca1f4e24f
SHA256 6020c8e08bff02e516717c870ea81e563bd1faa91fe5b9b5021beeb5706340ab
SHA512 ab0dfacba6ae4cf7fa36e26392f3f9558926772d1c6807ad1850abe9223ad30e052ddbb039d1e8d28f1cfdaa7052ac1a37359f70e6a3d44b252a88f764bcce58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

MD5 62b3656502d2f8f50d792ea1c8c41438
SHA1 cb0fd4f8bdfb6e32e86b6d805916dc95bbed7a71
SHA256 4ff8b2f6c2012d486d9388885d7bed23513913f3e50d35bfc34cfc0e6d4c6385
SHA512 a3fb33fe6c2ff563c8324dfeea173ac02d918b38b14adf56403a8fcba33dd21957bd617b4e15d09e1a347a9fe7415789d710505317754873aea6a8b60167eff1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c20d75d7a3983acaaa842ccf680545d2
SHA1 923c3ab76f7c3e343f76bc594e2c6b13c2d1ee20
SHA256 3221918c8444a8f7b2053815a83eadf8bc801c5366758335d3bad9a4e4d8a61b
SHA512 84b77ad8a120e1af882f2537845a53cd250b990b38e63365e2a0065a364133459604455c0eec7ae77db5a135b7e7a3975f75d96a42a80d3c80f6020c0236d068

C:\Users\Admin\Downloads\MetaBuilder.zip.crdownload

MD5 4957be44996cf5022997c4c25970ae3f
SHA1 f2394930678fa0d843826a02eb9e5f1019560ced
SHA256 eed0c4edab3e751e754de654b8eff38c1d36b9e54d7354e20639503f312bae40
SHA512 dd764d121f02cde0f1adc7bc51c0f734e3bd7adb02a8d9a6a8d0e5d0fa8af0d0b956908fc91c778beade5ed22581efec2f99c23a6673f334aa2fffa263e566a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e9e3f28d8299d142cb2739011bc054f7
SHA1 6a2574266a86a4a2334511992368e16de0187e5c
SHA256 c0bfb53f436697a1763f75f7cdfc043e2b7c451c63d18032f2da5c7756ca774b
SHA512 518a0ed696491945d8f5fc445bf84ad7cb9372d6b2d40d71be4b0c9e622e4df281854d0d078f41cd6d495a5ebd4b844218c7cc42aa5bc7f950ab36b33035c6bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 32d005bb1a1364fa43a52f944a62bcd3
SHA1 a4d8eadc7215c30996ae24300ffab0679b20932c
SHA256 19bfe75d6aa6eb2476dc638692ec557ed1d07032d7d850dfc27a9fbef5afea7a
SHA512 c64844e9fe3b1c831ab93a7222522660b254fd6276686bf3d362a11da5e8046b576a441aab827aad1501d785eca2ac70a98e231548b0f4cc349fcf6aad1355fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 ae009ee9be8d0fba44871eb3db7c3d43
SHA1 a6f47c94c60d2daebad3f86b0215bd649176e4bb
SHA256 58858e10c6ce2c2f8768e02ad3b22fc8e79f0de33a800c54f72e53e434046ed6
SHA512 681d2ea05aab8fe517040f5672a2aada28911369d4d069758d52da2ed5c18321c1ecd32e9d23202269f8b820084daeb8ff1807e9af48dd32b80b4f6d953cb71b

memory/3620-850-0x0000000074EF0000-0x00000000756A0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 9bd9d2373194bd3f622c48b70de64fb5
SHA1 d91db6e3cd65f53a636f355409c36f9df23cbff7
SHA256 d719a79846a9d1fee27253018e1d4d7438a16ca5a34aba1a22737ce14ca90978
SHA512 9c7001707747a49b2aff80556b20ddade5c794abeb6d342e247210b6f3ec60fc57cf9724a09529999ba901871f974479f988f228b3bbbc6a2bd7a2609e350b1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4ed07f15c6fe4911ef61a8957b80a141
SHA1 baf5a40e2809ca526cbb65a218641659b61d6fc3
SHA256 bb1d894894ff5ceafd822494b3eaf4f4f38d367698f5312808b93a71ece15444
SHA512 60bf9aee333816d62860a4e3a14a5b2069bb74e7083fc621e15aec565d8122d59dcab0ba44af88f589b20e9cd7468fccefa8087ff922bc6650e97c9f602d622e

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MetaBuilder.exe.log

MD5 7ebe314bf617dc3e48b995a6c352740c
SHA1 538f643b7b30f9231a3035c448607f767527a870
SHA256 48178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8
SHA512 0ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 077bdeebcdb658d59f26d2f22268a4bb
SHA1 e619ed9ea1cf40486133c5617c32f40e3728ffe6
SHA256 3b6823c81e3e4501e981ac77da20c5adf13bc2d94ad6d109428126eb30874891
SHA512 74d94b0e200cd594ec416df4307f972eeb097d82b75fd008e426e3511d168a654aed1f3706c383ffe5395e27f3454e29f1d0835229866c14e55df4fead4830c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6f8c12bc8fb10b8911e590b283bc98db
SHA1 1466217254cfea6e4d41e15e387cae61e46f5138
SHA256 c20347f89ad69e67ec3e7e1ebc479c9d37d6039842d3ab004e544df96f217383
SHA512 470890831afd1784d5948bbe9d90f8e5986807c86cf6dc274d6dc9a64f769ce42be29edb1242f468ff33c2367d6610bdd0a8ff19b0aedd7407dfd16bc50f2962

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 65079c6e10ea851320858df65b139275
SHA1 4a02bb713818144e3dbc6a6743209d597f4970a1
SHA256 8b2bf0da8d234dc9055aacd7f2d63453a59a9a2887a32bdce3d7b64aad240d4f
SHA512 7a8f95d7d611df581d0260e26abe9a5274dc7722d1b663fe6ccb2b7c578f1d249882180c36860ddc13ac455325d81cc87f1d7fe9c2c1e89988797129915a020c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4713ed05e031a3d3d740ea3a5276b46d
SHA1 35c150564ba45757f47025bb3def6a1034f54612
SHA256 472bf4354f4bdc2e3f6ea7a8ab41949395b401456d29e7eceebc07c5f45cc10b
SHA512 48ca864d32c9033e5d085039f4deea7d16e7d7aa8adfe60649232e44b89a11e74cc616ca2fa682f24d17bfd3875273adbabc5cb4bc7933c8892ca6e8746e7e81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2661524a4273397ddfa0faac8df9fbfa
SHA1 673e0a34cbe2c67afb5ceb8dfb152c343156b518
SHA256 33438227a40fd3c7345e0b9fbe9c1fc2dfba464447ff470806305eeb5e88b9c1
SHA512 4e7570db416ba792dcc83061d2cd4d341ff60fd1762d7aa15795bba9fa1b5330d663c50aa12c39ea5b420f8153fb7b2aa4361e84a4ed4a0a880fbf11a546eb70

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d027b26a910826417fe9c44b14ce8885
SHA1 5db55aa818998bab591413fa3791eff26b238864
SHA256 704cbe0504bd1c58fda636789d973212abf09d31a78890b675482f6cd5d691de
SHA512 a8b3810ec62e7618bdc33e3deaea0cea1e378910c41c7a55e59a908701312ef19c3aeccf105cd42f83e5195d1a78e5344d67f5f5ae858cd237acec480c5f6829

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

MD5 ede0dc94dc27b8dee3a0f6157638fc0c
SHA1 601c0784873364cae23cea430741a6cff8695852
SHA256 5c2ba120f639553027c49188cb6c58452d6615063c45db2be8f7bc9e11bd81ce
SHA512 42405edcf2208665544b910c68fad39112d02ac6513f352798f518e6674c4d9672fb7c1fdf872a5c5055963975cf713f116303b4af5c3d8960060006bc42ec28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f626d6979c026ab34e0aacba066be9f3
SHA1 183f74b421a833d354b39dd6d3c2932d7c6bb862
SHA256 2cc1aeab2855b8744e4ab9eece91f2a3444d8bb250bb82125d99510dc2ef1684
SHA512 9bc3476ff774a2bfd4ee58e32a01f473fa61c6ca772a4d353c67b081f4bcc700f12b219f7220b9d2fe6c91434a204d8badd9071582843a5cb653cc8bfbc4ff05

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 93f9c92e683a135aae01b8a8345adc89
SHA1 12d67845b83cd010dab8cef0619b26b0ec68e00a
SHA256 cb7fd3625dcc244b927948e9afe5d4c6bf367ed3661a672f439e22500cb5f0b6
SHA512 be4049bfff98da88ad60ace5407a1e18607bdc72f0297913f22e05fea3e0c89cdc2138a9ee0a0aa63d1cd693ee1fbefa66ac2e1020b582b1cf5fc05bb820be0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7176702d-1bd4-4bc1-a8f7-dfa3ce4b9d41.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 4ec96d7afb2848ee14ab7dfa50373dba
SHA1 8ca524dae4955e6b7cc706e1aa495268412fa6c1
SHA256 223d5e7b88f0dc2ad05df6c0d4c151899b59310e1120b5aaa341816c84c85032
SHA512 8262f3c885653f26903ae790b056d03820c619c5331f27e9f6b0d4c4c7208ba2aa4a431da3f59c79f7edb253b179e6d47d08dd1d450d2aee6f1d01c46c9c90f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7b7e466fbdbaa484dd999df84f808eb7
SHA1 39019abc9bf990a5ca0cb06c2fa1e22555cb2c4d
SHA256 5ee89d1f38624c636064731a6ae72651e67c37d43879e770e637d69c35aef052
SHA512 086241a7e1e36518d3b3f1c82aa98ebc09b4f7a76b22ec3929a9b0d4094049a3d8217673e9d80decf68b66ca4576e4d0788b06f1590ba1504cfaf39c35090bbc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eb1faa3922e08bef40a55f7ca2615996
SHA1 2803b344960bfbaf3a532a1a4ecaedadc70eb5b1
SHA256 7c63e317a678c76825e94730ac87624f16ea0d132fbd78e1d5a11b56be101f63
SHA512 4d2a6e3ef86c0076f6ec47484f6ff2d6e4c664635b2fc4f45240efbeb5cafc50cf21e48bafb04d4c3c524bdd840994b4434cd8029ac65904887f66783950b367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f61e6fa71b3d99ab21299438b21a655b
SHA1 33187e77539f8396ace73b8212a04fd98cef488d
SHA256 17b0a3beb49ffe6c8dfa21879365ccf3969b734036e40fa7912164a636e07f91
SHA512 63c82b440b015be57d3fcf77517a6ba9c54aac7d68dd24ab7b8b84c3844d8cdaf4f562ae070dd4f071044131cf68ca3a5864af17b8610911ad90f9795585e32f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aaf4cad933d4731b386adee181233ffe
SHA1 6d31e5fe041e146fa61eaad43e529ebe1bac92d9
SHA256 6478b514e1f014e9a2a91171d6729fd241bbaa7dc4a7fad0f17207a57b7628c4
SHA512 c5e5a123089c4222966f142a185eda51b9d71d17a4756f19c27ce742af9d6111c93bb2a6e8d9587c6bf0f1b7f38fd63e0bf7b75876c846f1b69af82f37c7da96

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 ae1a15c2be0265a18d81df259352feb6
SHA1 01c409e2ca6bbabebb79ca6aa1412a06cd457275
SHA256 5136a3c0457b9e212b9fb7558d843cb5fe99b0e15c847f327afd973fe4fa7122
SHA512 6de5c2954610ea08171dd895c51a388541135fbae6d73713ce9b04f63246e197b512b61b92c8f3ee67217903401c777554cf0a21da9324dcc5951b3c4f21d0bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 56582af7bb374d91291ae0c62509d956
SHA1 1e9f77b5f248429af4c93b1975ae3e6875279dd8
SHA256 73710309ad277873319c984b3c3ccd33bba6226134440b0e8fedc606c7722ee7
SHA512 937c27f6d7e96fefb481cefa1b72c0a6f816dfd3ec07995cab4c252617c5b797870e448a6ec3f01c68c240d4fece52b145e4f1e54ced4f1932890ab3eaca6524

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000081

MD5 008d0ae10f41631bb124d78799baf5bb
SHA1 cd5956db2574b3e718d8e87f3e4af79e2a3b5e0b
SHA256 a0aee1664677fce87357ff299c236f12803be313c1838a312d779ccf1ce0e590
SHA512 e4c1c5a8d88b6e0caa60b3c6ce02c05b0b2653c478a788d9d6c330d34439a5f91acecd67dc6baa4f40cf8f4cf21a684a13162562df8e2406cd06ac3145c6216e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 2a70931836a2330044c2a9b683acb099
SHA1 97ee158818563b2704767734f804e62775ac0ffd
SHA256 cd3fc19821a259c7abbeddc5e9638e11eba2c3d20ef56b1d8b275022d80e34e4
SHA512 5bff17ac51a4e28274c4142b2206f4cd8b050a20c0f6bb33352125b8e0db3e961a5ad003c07fd49a603cc554119113be5c7e87f689aac6ad3787ac430d927909

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 197e000b2121627322fcf174067b686c
SHA1 0ad90edabc9064b1ab9bc131db59e77f14df293a
SHA256 0416ec34f75b6808d4610fa9190244c059c016ab1acc78162aef88552852f000
SHA512 5fe97fc79f9b8654b2f02391609cacd2fb11f67cbdbd2d01f0ebdb2f2b13d5588686ed7a1023eba9d984819617dca508831af5008286b5e570a6f322aa252f45

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bae364123cf18d59a020e2921a9647af
SHA1 04b59d38b0bf67435b58ac0d29535a3eb0dbd48c
SHA256 f6a2d87a939792bea59703db10f1f8e8095d41fe54280e8eeb7f2bc7d5ac66bd
SHA512 5fbd37ba350caf16e089f4733b28a5fd09c02fc205219b7a00279154076476d6869eede94c6a88d371df72d4a3af0de4d9dea645ffc96e0cdeddf477d140cb95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 22fbf87d2af4f3cbcc5fe81e23c3a399
SHA1 4ed75a80aa47a54630b5251c17f7111084660758
SHA256 d55198d36e9fc6cf55916c9235517302059b37ab779f74ac3cc6e1d5dbf9e2a6
SHA512 5196836d3071697d8e0b46eb0d9d2a391fa49bc850f3a5fa879892bcd55983e764c921bdff44f3c2a067f06d2e30e39e3d4c21a4f62e705a95d25f9d8908990d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7cf0508812510fdc590bde3ede95436b
SHA1 afda822844652ec696e1faaf155d71fe340c9573
SHA256 8ccf2d9d14e88a2e03c6221b16e38cec08c9271bb87ea2be4ded655636761096
SHA512 6283179b714339cefa39f8cd66cc0b67fa2b2e1114c02d908bd4eb0501a2bce8ab23e866f86d074287e2ce931de0852ca6ba8c28b553e8c6d56e83f32ecb1773

C:\Users\Admin\AppData\Local\Temp\_MEI11082\altgraph-0.17.4.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

memory/1020-1788-0x00007FFCC5630000-0x00007FFCC5A9E000-memory.dmp

memory/5828-1789-0x00007FFCC51C0000-0x00007FFCC562E000-memory.dmp

memory/1020-1792-0x00007FFCDA040000-0x00007FFCDA059000-memory.dmp

memory/1020-1790-0x00007FFCD9F90000-0x00007FFCD9FB4000-memory.dmp

memory/5828-1798-0x00007FFCDD830000-0x00007FFCDD83F000-memory.dmp

memory/1020-1797-0x00007FFCDD8E0000-0x00007FFCDD8ED000-memory.dmp

memory/5828-1796-0x00007FFCD95F0000-0x00007FFCD9614000-memory.dmp

memory/5828-1801-0x00007FFCD95A0000-0x00007FFCD95B9000-memory.dmp

memory/1020-1800-0x00007FFCD95C0000-0x00007FFCD95EE000-memory.dmp

memory/1020-1799-0x00007FFCDA220000-0x00007FFCDA22D000-memory.dmp

memory/5828-1805-0x00007FFCD9580000-0x00007FFCD9599000-memory.dmp

memory/5828-1804-0x00007FFCD94E0000-0x00007FFCD950D000-memory.dmp

memory/5828-1803-0x00007FFCD8E20000-0x00007FFCD8E54000-memory.dmp

memory/1020-1802-0x00007FFCCFA50000-0x00007FFCCFB0C000-memory.dmp

memory/1020-1795-0x00007FFCD9620000-0x00007FFCD9639000-memory.dmp

memory/5828-1809-0x00007FFCCA2B0000-0x00007FFCCA36C000-memory.dmp

memory/5828-1808-0x00007FFCD92B0000-0x00007FFCD92DE000-memory.dmp

memory/5828-1814-0x00007FFCD8D50000-0x00007FFCD8D7B000-memory.dmp

memory/1020-1813-0x00007FFCD8D80000-0x00007FFCD8DAB000-memory.dmp

memory/1020-1812-0x00007FFCC5630000-0x00007FFCC5A9E000-memory.dmp

memory/5828-1807-0x00007FFCD97F0000-0x00007FFCD97FD000-memory.dmp

memory/5828-1806-0x00007FFCD9A90000-0x00007FFCD9A9D000-memory.dmp

memory/1020-1794-0x00007FFCD9800000-0x00007FFCD9834000-memory.dmp

memory/1020-1793-0x00007FFCD9840000-0x00007FFCD986D000-memory.dmp

memory/1020-1791-0x00007FFCDD9A0000-0x00007FFCDD9AF000-memory.dmp

memory/5828-1824-0x00007FFCCA1F0000-0x00007FFCCA2A8000-memory.dmp

memory/5828-1825-0x0000023709130000-0x00000237094A5000-memory.dmp

memory/1020-1829-0x00007FFCC9900000-0x00007FFCC99B8000-memory.dmp

memory/1020-1833-0x00007FFCD9620000-0x00007FFCD9639000-memory.dmp

memory/1020-1832-0x00007FFCC4660000-0x00007FFCC49D5000-memory.dmp

memory/5828-1834-0x00007FFCD8CA0000-0x00007FFCD8CB4000-memory.dmp

memory/5828-1838-0x00007FFCD8D10000-0x00007FFCD8D1B000-memory.dmp

memory/5828-1836-0x00007FFCC97E0000-0x00007FFCC98F8000-memory.dmp

memory/1020-1842-0x00007FFCD2A80000-0x00007FFCD2A94000-memory.dmp

memory/1020-1844-0x00007FFCD8B10000-0x00007FFCD8B1B000-memory.dmp

memory/1020-1845-0x00007FFCD2A50000-0x00007FFCD2A76000-memory.dmp

memory/5828-1847-0x00007FFCCFF80000-0x00007FFCCFFB8000-memory.dmp

memory/1020-1848-0x00007FFCC81E0000-0x00007FFCC82F8000-memory.dmp

memory/5828-1846-0x00007FFCD9580000-0x00007FFCD9599000-memory.dmp

memory/5828-1843-0x00007FFCC8780000-0x00007FFCC88F1000-memory.dmp

memory/5828-1841-0x00007FFCD4550000-0x00007FFCD456F000-memory.dmp

memory/1020-1840-0x00007FFCCFA50000-0x00007FFCCFB0C000-memory.dmp

memory/5828-1839-0x00007FFCD95A0000-0x00007FFCD95B9000-memory.dmp

memory/5828-1869-0x00007FFCCAA80000-0x00007FFCCAA95000-memory.dmp

memory/5828-1868-0x00007FFCCAC60000-0x00007FFCCAC6C000-memory.dmp

memory/5828-1867-0x00007FFCCAC70000-0x00007FFCCAC82000-memory.dmp

memory/5828-1866-0x00007FFCCFA10000-0x00007FFCCFA1D000-memory.dmp

memory/5828-1865-0x00007FFCCFA20000-0x00007FFCCFA2C000-memory.dmp

memory/5828-1864-0x00007FFCCFA30000-0x00007FFCCFA3C000-memory.dmp

memory/5828-1863-0x00007FFCCFA40000-0x00007FFCCFA4B000-memory.dmp

memory/5828-1862-0x00007FFCCFF50000-0x00007FFCCFF5B000-memory.dmp

memory/5828-1861-0x00007FFCCFF60000-0x00007FFCCFF6C000-memory.dmp

memory/5828-1860-0x00007FFCCFF70000-0x00007FFCCFF7C000-memory.dmp

memory/5828-1859-0x00007FFCD0600000-0x00007FFCD060E000-memory.dmp

memory/5828-1858-0x00007FFCD0610000-0x00007FFCD061D000-memory.dmp

memory/5828-1857-0x00007FFCD1870000-0x00007FFCD187C000-memory.dmp

memory/5828-1856-0x00007FFCD1880000-0x00007FFCD188B000-memory.dmp

memory/5828-1855-0x00007FFCD2680000-0x00007FFCD268C000-memory.dmp

memory/5828-1854-0x00007FFCD4590000-0x00007FFCD459B000-memory.dmp

memory/5828-1853-0x00007FFCD5380000-0x00007FFCD538C000-memory.dmp

memory/5828-1852-0x00007FFCD5910000-0x00007FFCD591B000-memory.dmp

memory/5828-1851-0x00007FFCD6F00000-0x00007FFCD6F0B000-memory.dmp

memory/5828-1850-0x00007FFCCA2B0000-0x00007FFCCA36C000-memory.dmp

memory/5828-1849-0x00007FFCD92B0000-0x00007FFCD92DE000-memory.dmp

memory/5828-1837-0x00007FFCD95F0000-0x00007FFCD9614000-memory.dmp

memory/5828-1835-0x00007FFCD45A0000-0x00007FFCD45C6000-memory.dmp

memory/1020-1831-0x00007FFCD9F90000-0x00007FFCD9FB4000-memory.dmp

memory/5828-1830-0x00007FFCD8E10000-0x00007FFCD8E1A000-memory.dmp

memory/1020-1828-0x00007FFCD5390000-0x00007FFCD53BE000-memory.dmp

memory/5828-1827-0x0000023709130000-0x00000237094A5000-memory.dmp

memory/5828-1826-0x00000237094B0000-0x0000023709825000-memory.dmp

memory/5828-1823-0x00007FFCD8B20000-0x00007FFCD8B4E000-memory.dmp

memory/1020-1822-0x00007FFCD8CC0000-0x00007FFCD8CDC000-memory.dmp

memory/1020-1821-0x00007FFCD8D20000-0x00007FFCD8D2A000-memory.dmp

memory/5828-1820-0x00007FFCD8D30000-0x00007FFCD8D4C000-memory.dmp

memory/1020-1819-0x00007FFCD53C0000-0x00007FFCD5402000-memory.dmp

memory/5828-1818-0x00007FFCD5920000-0x00007FFCD5962000-memory.dmp

memory/5828-1817-0x00007FFCC51C0000-0x00007FFCC562E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 555b4ccc52a1abda7e24cc61b28d588a
SHA1 621f387d9b3d7007ba6c20201f88e60751f8361f
SHA256 c1aca8a0b6df67c1a9249a0d778f4958be398727a22d42f7b0613f2697469b4b
SHA512 d4e2c433a93a274397d595edbc8e493af706366ab17cc37d3c8b31b4692034ff691071152b6d0154a6e6058591f00db66bf25cdf2ebf60a7970de5c0073df372

memory/1020-1944-0x00007FFCC4660000-0x00007FFCC49D5000-memory.dmp

memory/1020-1952-0x00007FFCC8D90000-0x00007FFCC8DC8000-memory.dmp

memory/1020-1951-0x00007FFCC5040000-0x00007FFCC51B1000-memory.dmp

memory/1020-1950-0x00007FFCC8DD0000-0x00007FFCC8DEF000-memory.dmp

memory/1020-1949-0x00007FFCC81E0000-0x00007FFCC82F8000-memory.dmp

memory/1020-1948-0x00007FFCD2A50000-0x00007FFCD2A76000-memory.dmp

memory/1020-1947-0x00007FFCD8B10000-0x00007FFCD8B1B000-memory.dmp

memory/1020-1946-0x00007FFCD2A80000-0x00007FFCD2A94000-memory.dmp

memory/1020-1945-0x00007FFCC9900000-0x00007FFCC99B8000-memory.dmp

memory/1020-1928-0x00007FFCC5630000-0x00007FFCC5A9E000-memory.dmp

memory/1020-1943-0x00007FFCD5390000-0x00007FFCD53BE000-memory.dmp

memory/1020-1942-0x00007FFCD8CC0000-0x00007FFCD8CDC000-memory.dmp

memory/1020-1941-0x00007FFCD8D20000-0x00007FFCD8D2A000-memory.dmp

memory/1020-1940-0x00007FFCD53C0000-0x00007FFCD5402000-memory.dmp

memory/5828-2053-0x0000023709130000-0x00000237094A5000-memory.dmp

memory/5828-2060-0x00007FFCCFF80000-0x00007FFCCFFB8000-memory.dmp

memory/5828-2059-0x00007FFCC8780000-0x00007FFCC88F1000-memory.dmp

memory/5828-2058-0x00007FFCD4550000-0x00007FFCD456F000-memory.dmp

memory/5828-2057-0x00007FFCC97E0000-0x00007FFCC98F8000-memory.dmp

memory/5828-2056-0x00007FFCD45A0000-0x00007FFCD45C6000-memory.dmp

memory/5828-2054-0x00007FFCD8CA0000-0x00007FFCD8CB4000-memory.dmp

memory/5828-2036-0x00007FFCC51C0000-0x00007FFCC562E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 cd88d229ebd7dfba69730f436824b4c8
SHA1 07f3c6dcd6d8058dcc8320470b8f5092d3b8f1d2
SHA256 6357357c4578fa06908477700b043bfb2714c5f35c91daba4924bc9ab176a088
SHA512 fd9042fad2bd47007a0d4f20d1a859d9799ccb88e3ef5761b3cd34df90a3dc38d9ea58a0939d8d69ebdedae0d6b12d5cb9478451749258f141409ca51a93a1f8

memory/864-2358-0x00007FFCD94E0000-0x00007FFCD950E000-memory.dmp

memory/864-2362-0x00007FFCD9E10000-0x00007FFCD9E1A000-memory.dmp

memory/864-2361-0x00007FFCD5920000-0x00007FFCD5962000-memory.dmp

memory/864-2360-0x00007FFCD92B0000-0x00007FFCD92DB000-memory.dmp

memory/864-2359-0x00007FFCCFA50000-0x00007FFCCFB0C000-memory.dmp

memory/864-2349-0x00007FFCC5630000-0x00007FFCC5A9E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f98703d59565b92994198767308a5e5d
SHA1 15da40f737ffe14cc8f656c3f90aba657624ca21
SHA256 4216e3d877a68c56c217bed9d35de3a3832e2c4a5d9f61fbdaa54aa692f6ef0e
SHA512 350b6155268e6f9623273afe7518f22eb590734fe59638f0f88d7baefdf1016224407f2159e9178af27764a101850541e909e9bfa9c8d66c0cb6e1ccaaae2ae3

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-20 19:06

Reported

2024-06-20 19:11

Platform

win10v2004-20240611-en

Max time kernel

137s

Max time network

203s

Command Line

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe.xml"

Signatures

N/A

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe.xml"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp

Files

memory/1404-0-0x00007FFAC54D0000-0x00007FFAC54E0000-memory.dmp

memory/1404-1-0x00007FFB054ED000-0x00007FFB054EE000-memory.dmp

memory/1404-2-0x00007FFB05450000-0x00007FFB05645000-memory.dmp

memory/1404-3-0x00007FFB05450000-0x00007FFB05645000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-20 19:06

Reported

2024-06-20 19:11

Platform

win10v2004-20240508-en

Max time kernel

234s

Max time network

272s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.pdb

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.pdb

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3608,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-20 19:06

Reported

2024-06-20 19:11

Platform

win10v2004-20240611-en

Max time kernel

140s

Max time network

207s

Command Line

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\MetaBuilder\dnlib.xml"

Signatures

N/A

Processes

C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE

"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\MetaBuilder\dnlib.xml"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/768-0-0x00007FFDB6350000-0x00007FFDB6360000-memory.dmp

memory/768-2-0x00007FFDF62D0000-0x00007FFDF64C5000-memory.dmp

memory/768-1-0x00007FFDF636D000-0x00007FFDF636E000-memory.dmp

memory/768-3-0x00007FFDF62D0000-0x00007FFDF64C5000-memory.dmp