Analysis Overview
SHA256
eed0c4edab3e751e754de654b8eff38c1d36b9e54d7354e20639503f312bae40
Threat Level: Likely malicious
The file MetaBuilder.zip was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
UPX packed file
Loads dropped DLL
Legitimate hosting services abused for malware hosting/C2
Enumerates physical storage devices
Detects Pyinstaller
Unsigned PE
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Delays execution with timeout.exe
Suspicious use of SetWindowsHookEx
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Modifies registry class
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 19:06
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-20 19:06
Reported
2024-06-20 19:11
Platform
win10v2004-20240611-en
Max time kernel
149s
Max time network
279s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MetaBuilder\dnlib.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral8
Detonation Overview
Submitted
2024-06-20 19:06
Reported
2024-06-20 19:11
Platform
win10v2004-20240508-en
Max time kernel
226s
Max time network
236s
Command Line
Signatures
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\localhost.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1436 wrote to memory of 4620 | N/A | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\localhost.exe | C:\Windows\SYSTEM32\cmd.exe |
| PID 1436 wrote to memory of 4620 | N/A | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\localhost.exe | C:\Windows\SYSTEM32\cmd.exe |
| PID 4620 wrote to memory of 3300 | N/A | C:\Windows\SYSTEM32\cmd.exe | C:\Windows\system32\timeout.exe |
| PID 4620 wrote to memory of 3300 | N/A | C:\Windows\SYSTEM32\cmd.exe | C:\Windows\system32\timeout.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\MetaBuilder\localhost.exe
"C:\Users\Admin\AppData\Local\Temp\MetaBuilder\localhost.exe"
C:\Windows\SYSTEM32\cmd.exe
"cmd" /c timeout /t 1 && DEL /f localhost.exe
C:\Windows\system32\timeout.exe
timeout /t 1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/1436-0-0x00007FF9FFBA3000-0x00007FF9FFBA5000-memory.dmp
memory/1436-1-0x0000018215BA0000-0x0000018215BAA000-memory.dmp
memory/1436-3-0x00007FF9FFBA0000-0x00007FFA00661000-memory.dmp
memory/1436-4-0x00007FF9FFBA0000-0x00007FFA00661000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 19:06
Reported
2024-06-20 19:17
Platform
win10v2004-20240611-en
Max time kernel
448s
Max time network
451s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\MetaBuilder.zip
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.179.89.13.in-addr.arpa | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-20 19:06
Reported
2024-06-20 19:11
Platform
win10v2004-20240508-en
Max time kernel
276s
Max time network
285s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MaterialSkin.dll,#1
Network
| Country | Destination | Domain | Proto |
| US | 52.111.229.48:443 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-20 19:06
Reported
2024-06-20 19:20
Platform
win10v2004-20240611-en
Max time kernel
839s
Max time network
838s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\main (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\main (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\main (1).exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\main (1).exe | N/A |
Loads dropped DLL
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633840598557764" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{0B7EDDF6-8214-4878-B34A-B88EFCBAF374} | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\Mode = "6" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe1100000013a8e9cc47bcda010bcbf3ce47bcda01298e28d047bcda0114000000 | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:FMTID = "{30C8EEF4-A832-41E2-AB32-E3C3CA28FD29}" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByDirection = "1" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{764897A4-DE0A-482E-A944-7EFD39E37B95} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe
"C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4244,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=1056 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcc802ab58,0x7ffcc802ab68,0x7ffcc802ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3956 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4352 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4880 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3304 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3192 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5136 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5164 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2088 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3168 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5200 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2472 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5480 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3220 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5600 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe
"C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5316 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3260 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4220,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:8
C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe
"C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe"
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe
"C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/ToxicExploit
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Toxicvirusmain
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=3780,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3892,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=4592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5104,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5440,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5480,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5520,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6124,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=5748,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5784,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6024,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6320,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffcc0014ef8,0x7ffcc0014f04,0x7ffcc0014f10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4544 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2220,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=1980 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1868,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2520,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=2672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4260,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4260,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5580 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5828 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4748,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5092,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4820,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5460,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5608,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5748,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5676 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3140 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4884,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4876,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3464,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=2924 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5988 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4676,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4128,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4452 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6756 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:8
C:\Users\Admin\Downloads\main (1).exe
"C:\Users\Admin\Downloads\main (1).exe"
C:\Users\Admin\Downloads\main (1).exe
"C:\Users\Admin\Downloads\main (1).exe"
C:\Users\Admin\Downloads\main (1).exe
"C:\Users\Admin\Downloads\main (1).exe"
C:\Users\Admin\Downloads\main (1).exe
"C:\Users\Admin\Downloads\main (1).exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
C:\Users\Admin\Desktop\main (1).exe
"C:\Users\Admin\Desktop\main (1).exe"
C:\Users\Admin\Desktop\main (1).exe
"C:\Users\Admin\Desktop\main (1).exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "ver"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | udp |
| GB | 142.250.187.238:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| GB | 142.250.187.202:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | tcp |
| US | 8.8.8.8:53 | beacons.gvt2.com | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | tcp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| GB | 172.217.169.3:443 | beacons.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons2.gvt2.com | udp |
| BR | 142.250.78.227:443 | beacons2.gvt2.com | tcp |
| BR | 142.250.78.227:443 | beacons2.gvt2.com | tcp |
| BR | 142.250.78.227:443 | beacons2.gvt2.com | udp |
| GB | 172.217.169.67:443 | beacons.gcp.gvt2.com | udp |
| US | 8.8.8.8:53 | 227.78.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | beacons3.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | tcp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| GB | 216.58.213.3:443 | beacons3.gvt2.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dosya.co | udp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | tcp |
| DE | 195.201.111.49:443 | dosya.co | tcp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| GB | 163.70.147.23:443 | connect.facebook.net | tcp |
| GB | 142.250.200.14:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | mwlle.com | udp |
| US | 8.8.8.8:53 | youradexchange.com | udp |
| US | 8.8.8.8:53 | duvuerxuiw.com | udp |
| US | 104.21.72.31:443 | mwlle.com | tcp |
| GB | 163.70.147.23:443 | connect.facebook.net | udp |
| US | 172.67.177.214:443 | youradexchange.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| GB | 142.250.200.3:443 | www.google.co.uk | tcp |
| US | 104.21.72.31:443 | mwlle.com | tcp |
| US | 8.8.8.8:53 | 49.111.201.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pubtrky.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 104.21.8.108:443 | pubtrky.com | tcp |
| GB | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.bbml.site | udp |
| US | 104.21.8.108:443 | pubtrky.com | udp |
| US | 172.67.141.21:80 | www.bbml.site | tcp |
| US | 172.67.141.21:80 | www.bbml.site | tcp |
| US | 8.8.8.8:53 | 31.72.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.8.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.141.67.172.in-addr.arpa | udp |
| US | 172.67.177.214:443 | youradexchange.com | udp |
| US | 8.8.8.8:53 | rx.tycm.homes | udp |
| US | 104.21.69.10:80 | rx.tycm.homes | tcp |
| US | 104.21.69.10:80 | rx.tycm.homes | tcp |
| US | 104.21.69.10:80 | rx.tycm.homes | tcp |
| US | 104.21.69.10:80 | rx.tycm.homes | tcp |
| US | 104.21.69.10:80 | rx.tycm.homes | tcp |
| US | 104.21.69.10:80 | rx.tycm.homes | tcp |
| US | 8.8.8.8:53 | 10.69.21.104.in-addr.arpa | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | server72.dosya.co | udp |
| DE | 116.202.229.248:443 | server72.dosya.co | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 248.229.202.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4hl3i.bemobtrcks.com | udp |
| IE | 54.220.182.27:443 | 4hl3i.bemobtrcks.com | tcp |
| IE | 54.220.182.27:443 | 4hl3i.bemobtrcks.com | tcp |
| US | 8.8.8.8:53 | iptil.rigelbetelgeuse.top | udp |
| US | 172.67.205.133:443 | iptil.rigelbetelgeuse.top | tcp |
| US | 8.8.8.8:53 | iptil.check-tl-ver-176-1.com | udp |
| US | 104.21.44.194:443 | iptil.check-tl-ver-176-1.com | tcp |
| US | 8.8.8.8:53 | 27.182.220.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.205.67.172.in-addr.arpa | udp |
| US | 104.21.44.194:443 | iptil.check-tl-ver-176-1.com | tcp |
| GB | 216.58.201.106:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 194.44.21.104.in-addr.arpa | udp |
| US | 104.21.44.194:443 | iptil.check-tl-ver-176-1.com | udp |
| US | 8.8.8.8:53 | cdnstatic.check-tl-ver-176-1.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | t.me | udp |
| US | 8.8.8.8:53 | t.me | udp |
| US | 8.8.8.8:53 | t.me | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | telegram.org | udp |
| US | 8.8.8.8:53 | telegram.org | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 8.8.8.8:53 | cdn5.cdn-telegram.org | udp |
| US | 8.8.8.8:53 | cdn5.cdn-telegram.org | udp |
| US | 34.111.108.175:443 | cdn5.cdn-telegram.org | tcp |
| US | 34.111.108.175:443 | cdn5.cdn-telegram.org | tcp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.108.111.34.in-addr.arpa | udp |
| NL | 149.154.167.99:443 | telegram.org | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.21.189.233:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| GB | 2.21.189.233:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | t.me | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | 233.189.21.2.in-addr.arpa | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 104.21.44.194:443 | cdnstatic.check-tl-ver-176-1.com | udp |
| US | 8.8.8.8:53 | mataoransolda.com | udp |
| NL | 139.45.196.64:443 | mataoransolda.com | tcp |
| NL | 139.45.196.64:443 | mataoransolda.com | tcp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | yonmewon.com | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 13.107.246.64:443 | edge-mobile-static.azureedge.net | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| NL | 139.45.197.236:443 | yonmewon.com | tcp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | 64.196.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zeechoog.net | udp |
| NL | 139.45.197.242:443 | zeechoog.net | tcp |
| NL | 139.45.197.242:443 | zeechoog.net | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | sr7pv7n5x.com | udp |
| NL | 212.117.190.201:443 | sr7pv7n5x.com | tcp |
| US | 8.8.8.8:53 | 236.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.195.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.197.45.139.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.190.117.212.in-addr.arpa | udp |
| CZ | 23.73.141.158:443 | s.click.aliexpress.com | tcp |
| CZ | 23.73.141.158:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | acs.aliexpress.com | udp |
| US | 8.8.8.8:53 | www.aliexpress.com | udp |
| US | 8.8.8.8:53 | 158.141.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| BE | 23.55.96.49:443 | ae01.alicdn.com | tcp |
| US | 8.8.8.8:53 | acs.aliexpress.ru | udp |
| CZ | 23.73.141.158:443 | www.aliexpress.com | tcp |
| CZ | 23.73.141.158:443 | www.aliexpress.com | tcp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| DE | 47.246.146.105:443 | acs.aliexpress.com | tcp |
| US | 8.8.8.8:53 | ae.mmstat.com | udp |
| US | 8.8.8.8:53 | bottom.campaign.aliexpress.com | udp |
| US | 8.8.8.8:53 | cm.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dmtracking2.alibaba.com | udp |
| US | 8.8.8.8:53 | fcmatch.google.com | udp |
| US | 8.8.8.8:53 | fcmatch.youtube.com | udp |
| US | 8.8.8.8:53 | fourier.taobao.com | udp |
| US | 8.8.8.8:53 | 49.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.146.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gj.mmstat.com | udp |
| US | 8.8.8.8:53 | hd.mmstat.com | udp |
| US | 8.8.8.8:53 | pcookie.aliexpress.com | udp |
| US | 8.8.8.8:53 | ae04.alicdn.com | udp |
| US | 8.8.8.8:53 | is.alicdn.com | udp |
| US | 8.8.8.8:53 | g.alicdn.com | udp |
| US | 8.8.8.8:53 | time-ae.akamaized.net | udp |
| BE | 23.14.90.81:443 | time-ae.akamaized.net | tcp |
| SG | 47.246.110.44:443 | ae.mmstat.com | tcp |
| GB | 79.133.176.243:443 | g.alicdn.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 79.133.176.225:443 | bottom.campaign.aliexpress.com | tcp |
| US | 8.8.8.8:53 | login.aliexpress.ru | udp |
| US | 8.8.8.8:53 | login.aliexpress.us | udp |
| GB | 79.133.176.243:443 | g.alicdn.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| GB | 216.58.212.234:443 | content-autofill.googleapis.com | udp |
| NL | 23.62.61.139:443 | ae04.alicdn.com | tcp |
| US | 8.8.8.8:53 | 81.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.176.133.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aeis.alicdn.com | udp |
| US | 8.8.8.8:53 | log.mmstat.com | udp |
| CN | 124.239.14.250:443 | fourier.taobao.com | tcp |
| RU | 47.246.133.208:443 | login.aliexpress.ru | tcp |
| CN | 124.239.14.250:443 | fourier.taobao.com | tcp |
| CN | 59.82.33.224:443 | log.mmstat.com | tcp |
| US | 8.8.8.8:53 | 208.133.246.47.in-addr.arpa | udp |
| CN | 59.82.33.224:443 | log.mmstat.com | tcp |
| CN | 59.82.33.224:443 | log.mmstat.com | tcp |
| US | 8.8.8.8:53 | login.aliexpress.com | udp |
| US | 8.8.8.8:53 | wp.aliexpress.com | udp |
| DE | 47.246.146.201:443 | wp.aliexpress.com | tcp |
| DE | 47.246.146.201:443 | wp.aliexpress.com | tcp |
| US | 8.8.8.8:53 | de-wum.aliexpress.com | udp |
| DE | 47.246.146.199:443 | de-wum.aliexpress.com | tcp |
| US | 8.8.8.8:53 | us.ynuf.aliapp.org | udp |
| US | 8.8.8.8:53 | 201.146.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 199.146.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | img.alicdn.com | udp |
| CN | 124.239.14.250:443 | fourier.taobao.com | tcp |
| DE | 47.246.146.52:443 | us.ynuf.aliapp.org | tcp |
| DE | 47.246.146.52:443 | us.ynuf.aliapp.org | tcp |
| US | 8.8.8.8:53 | 52.146.246.47.in-addr.arpa | udp |
| CN | 124.239.14.250:443 | fourier.taobao.com | tcp |
| US | 8.8.8.8:53 | fourier.aliexpress.com | udp |
| CN | 59.82.33.224:443 | log.mmstat.com | tcp |
| DE | 47.246.146.223:443 | fourier.aliexpress.com | tcp |
| US | 8.8.8.8:53 | 223.146.246.47.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7gmmaf.tdum.alibaba.com | udp |
| DE | 47.254.175.252:443 | 7gmmaf.tdum.alibaba.com | tcp |
| DE | 47.254.175.252:443 | 7gmmaf.tdum.alibaba.com | tcp |
| US | 8.8.8.8:53 | ynuf.aliapp.org | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| CN | 124.239.14.252:443 | ynuf.aliapp.org | tcp |
| US | 8.8.8.8:53 | 252.175.254.47.in-addr.arpa | udp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
| CN | 124.239.14.253:443 | ynuf.aliapp.org | tcp |
Files
memory/3620-0-0x0000000074EFE000-0x0000000074EFF000-memory.dmp
memory/3620-1-0x0000000000AE0000-0x0000000000B66000-memory.dmp
memory/3620-2-0x0000000005B30000-0x00000000060D4000-memory.dmp
memory/3620-3-0x0000000006760000-0x0000000006DD4000-memory.dmp
memory/3620-4-0x0000000005920000-0x00000000059B2000-memory.dmp
memory/3620-5-0x0000000005AC0000-0x0000000005ACA000-memory.dmp
memory/3620-6-0x0000000074EF0000-0x00000000756A0000-memory.dmp
memory/3620-7-0x0000000074EF0000-0x00000000756A0000-memory.dmp
memory/3620-8-0x0000000074EFE000-0x0000000074EFF000-memory.dmp
memory/3620-9-0x0000000074EF0000-0x00000000756A0000-memory.dmp
memory/3620-10-0x0000000074EF0000-0x00000000756A0000-memory.dmp
\??\pipe\crashpad_3480_HPKUMVGDGGYCHQBO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/3620-50-0x0000000074EF0000-0x00000000756A0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 539f8041f1b1fc31da1e33a995e5cbcc |
| SHA1 | facff31ba96954d5b1450f228550e4143a860fb2 |
| SHA256 | 3548941af997377481d9e950a4afc1cb037dd661fac7c9df997b10030337ba23 |
| SHA512 | 8bb88b0daa13d6821ae5e14ec8b574cb568b564c8ed5f6bce5eb2479e537cdcd3437b2e1a74174ca40742161ce9de7839f2b597bea39d2d92c39bd1b5e9518c1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a025fbd491ae2304a20dd6656496dc5e |
| SHA1 | ee752da596f2072fd0fda3969655caf01f3a210f |
| SHA256 | 5d292eb3c3a0fc25134f42eaa88656de1866e07e065ce22b66b41a39ef89bb40 |
| SHA512 | 455af293dc901b957897a0c690d52cd40ae97ae1cf30f67719643a28b3f6d0bd19dc89e223eb39a99a9661b31aef37a4d59469af7ae0b7071a6a5a7a5ab02ad1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a1d448ac06ab555cea87d0ef04ea177c |
| SHA1 | 1c940197a50a8ff7e23967f36b67aae1816f1171 |
| SHA256 | 5836ec14ed403a2f74b149e56eb441d1682c2d56e3937bbad08c088ba54e4508 |
| SHA512 | a9c1cddced79dcac88d6d479bc7ec03fe17cd4d39f07b02958c717a484b96e8bfd55186fcd9566b3b375c0df027ebcfc08b27c3e96f0d811d4ae9a7742f06316 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | e323e71daa5a212c92f7fddb36248414 |
| SHA1 | 13f77b6038e2005494f9f8445c6c649bff781298 |
| SHA256 | 3ea1802be49ca722ca350c94dd1eadf531ea7684359cb477084b3b3b5522a893 |
| SHA512 | 4faf8a006a478e227ed3a009868552528ba466047c724d2191e19f53dc3738da939af2ca59ed63f2b221d41a77d0ab481b7f871f1bfe3ebb9b06513f61d2efd2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 47e3c843eb515309dd0103607bc87950 |
| SHA1 | 92848964712151b329001f36f0836c9340e1e84b |
| SHA256 | 6adc7e3493941176f584dc96002dc5ad77dd2e2c5cc9f1f947d8db540c185c27 |
| SHA512 | 4513a3819efee94e820bd07ca19fa6aaca9b2a203a9bdfb6fca9cb1cf29901e1f5d8ac77f386ffc75c6f7d5845a7c80bba43eb5620570692e1b133f5d670da91 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
| MD5 | 47b6e3b9a667b9dbc766575634849645 |
| SHA1 | 54c7e7189111bf33c933817d0a97cefe61fe9a6d |
| SHA256 | 302ed4f6c8ac4312d71205603c4c28dd2976fafe4c05533c0a08ab3bdb531aa3 |
| SHA512 | a12b74ff45f6f9e6abf459863c299e1fafe61dcf2bea8a7331ed9547de14ed29e2deba69b104c6960db93b458f83ba6a4ba454c5514105e7ffb96da96e26e612 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
| MD5 | b23078951d91c38ad508e190a81517a4 |
| SHA1 | 8dec45198f7dde8f6f30155817b7b03ef6eb570c |
| SHA256 | 8f951f1e047ce385bb4a999785def042031f72f3039ea096c677393bfa918749 |
| SHA512 | 18da7c34c40298ebaefc6ced9b0b4769181addc85f192f258c70ac98b0275119a4e6f1aa938ed779fb73c9037036224a8b07dea403b9a5071996f2e3fa759e0c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a14cb7cc-2518-4bb0-b574-05f3beae98fb.tmp
| MD5 | f859668102d9eacf8f61b46e369945fb |
| SHA1 | f28b10b264d036b8a48720aa4ec03ed1051136b9 |
| SHA256 | 517dc40b86404053eb88bd046dc876bc23c3dd34c806a9a3f91d0af4a88acbb8 |
| SHA512 | 18e7e22a934fd1fd53669ccaad58f6e4c9d52a526d17607e2ea88467bcc8c5e0fb6a0322fa6fa7feba2942a575ac00b6bca01b57b34980cc4112bda89e761fc2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 46405a442be592f896cfd82837390f2a |
| SHA1 | 99ae27d7faef55ec68dd0970685ec62f6fde497e |
| SHA256 | fdefc47304cf95dabea7bf91298687b19d7ae8024318f8f8a6070d42b3fdebb6 |
| SHA512 | a8c45a27a54b5a9388b66043bb391b8e13365906c62102f53616cc4f433194c6bbb73bdb1a0ddc1525140fc2d77bc6c50add2211ff79230d6afec1c36404b1de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe596354.TMP
| MD5 | 050b2e01e678649b708cd023ab5ccb01 |
| SHA1 | 693805dfc9d60e2566c0bbe44eee654cf3ed1a4f |
| SHA256 | 303588cc95476dc74b8270e8e38b7e64a77fce459958290b3d49e395f20b8d36 |
| SHA512 | 5892b317139e031778fab46d64b1e91acb91275bcead17cb558ad615f9b198f75129bc6a7ace3cdd70dd6fa8511e484aa42420d2442a541c0a86fd33e2a08433 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 07ef85d9af91bdecfbc58bb702145b48 |
| SHA1 | 784edf422f18575e4aee043d77198afb15caf01e |
| SHA256 | d567f7998cc2112be450df1530d176c962124815e80fb80c7f803e2eb2cd0a63 |
| SHA512 | 509d7c5d7c21fb6a0a4b17931319b461dd8bcc5ab6cebee08c27daedec0e26abc53c409f003115865e753d8f1ae760e0e1a0a3cb5a897c1d9f286a65b18c2032 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026
| MD5 | 1ac27973084a93966f6a90d5b518e258 |
| SHA1 | 787986ea7a061e18e3d858c919a7692c6d100ed3 |
| SHA256 | f8a4c49273653af8dff6bc5e910bdc5a4ca5496c60f0221cfbf3da26df2388f8 |
| SHA512 | 3bbd2a13f7583890c4730aa4fbe49bd1d280950e28917389177b6eddfdfaee6b1969efa3e4741c6ab21e9f83154540ed80652f3c1c9145fd2fa6a0687b6aa461 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | dad4c4c5fbed0729a24a87aabe74c20e |
| SHA1 | c4703155fa425411cf6f08d6d90771ae136def36 |
| SHA256 | 1b3965ba2caf82e8d4c86d84c10178727e7eb795b110a9275f713e168240a29c |
| SHA512 | c525619eb36a75bef43d784ccb612b010ae1314b839382abfd80e47bb2e6e37234aff020be0bb2adbb715f60865ce471dca749951e4a0f527885be73a51dd379 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 588b06e215cab3065be95671d0c5cdc2 |
| SHA1 | e3c237eeb2acafe66766343494693503ef74cc05 |
| SHA256 | 341f659fa9110f58b65c672a8361ebab167dc26e311db012e525cb6a50ab925b |
| SHA512 | aeac05ae344e7b577c4df6acd34cbf2dfd904802ee1f47f15c213d87d777c46e310f14e6b962971cf8f634ea4d8b09f0f1c1fbf2e924fa9970974bf7c353d47c |
C:\Users\Admin\Downloads\Unconfirmed 848970.crdownload
| MD5 | 736304cd60f82ccf3b05b3982300bb11 |
| SHA1 | 4fd9433909008d57c1edcc37489a7d395a6c7461 |
| SHA256 | c40383322a5eba3e7f533b1cf73ca5ea96a23d2f4b37e97927c0f53fb0cd5733 |
| SHA512 | cd2f6948db7a82e9b6085f60917177ec950c6f122e6545588227ea621443e08107dfe24aa4dc16927d551348186b4b5975b519b666626d534bd4d8784e3fa8e7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 1709896e25342558ce231504ad83ca1d |
| SHA1 | fbd89a68e9e76ccd514fe5d15081444cef16e3a2 |
| SHA256 | 55b215488ef74f1248e0723fca3e9e2ed0f6dcd7790acc56da212e9315fda4b8 |
| SHA512 | db4a0c8f3b5e37b4d3c28b49d9b1914a335824d078f2e49ba13e3ebd9bac7ad61b503da7b76461755fee31dcc55a1f993d9ee724c02a15ef085107fb4ff4bd41 |
memory/3620-640-0x0000000074EF0000-0x00000000756A0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 9fa44bc17e24052415579afde7303673 |
| SHA1 | 832d4d5ba3ed9a2b23809751f4e98774cf395798 |
| SHA256 | d486aeed234e621b7d56e61747fe712190c965de41019d17808d081dee9d5817 |
| SHA512 | 95faccf0e189341f5a7532af5baf67a7fad8026611eb14b36fd71f4d78e7ac70283bf6c950abe7dac3f7af8ddcb92e6a507f43cbb9e0273a6da3dc09363ff4ba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c7671983e8589a5d18a6b513077249c2 |
| SHA1 | 24e2ee12061c364813e11a30fbd5425fd5039992 |
| SHA256 | 98ca29679dc83cb07a122ce4bf7634b6e3c18e73d7ba3d2ff5de2197013ba760 |
| SHA512 | 4e90deabe3fce42fb2e255b9e1ba345278ffaeec1f134b279f712bb2f1da4433550571ebcaa0582870a1842a648a4b1c3514065bf320a507c7952523e210375b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | de7264a3db88382a111fe7ac9cc540c4 |
| SHA1 | 1d6c507c9d8f640cb94c6b6a347b96ba15d57365 |
| SHA256 | 65bf7dea91f631077afc609773f1ebd63a80e87ee11dd3288efda954fd302846 |
| SHA512 | 4265e4a2ea8d1585ea2bb86dd884700e2b114c0f5b5822c3f397717b567bbdcf9a3f2e6b7e50c57ac16221c8d91877f6bc984b87172d8a8d4ae8233522ad344b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 493651da5892945c27dc75276205866a |
| SHA1 | c2c20923b5a0bbb378d5d31f8e1ecd88b8d02ff0 |
| SHA256 | db71ec03e1bd466a77e195c89cc9e9fcc3d3bf945b772fd8f6b0800a26432740 |
| SHA512 | c199f3e891a091b6c6129530c41fa07d8db17d442ac82022fba239cfbc7385bb46537818eb10d6d7d1f96d188859af94d879d482757a52cd261a92f26f5a764b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | dfaa2f0ec860327bb27d0f0b166fac8d |
| SHA1 | 7df4a1a05d1d47dd8b1e99b9c300971535b0d9c7 |
| SHA256 | e94b1a9966e86283c0cc530dd4907e99dd611c4395f823bd0168ceb36b7af5cd |
| SHA512 | 81df14e888f1351e00815a7e6336b09f4612084ed2a2586bc1fb635808a48a60c4ed87c56d8e3d1c4fdde6ad0769e5e98b86dcc45a0067ae7f383fa7af07daaf |
memory/3620-678-0x0000000074EF0000-0x00000000756A0000-memory.dmp
memory/3620-679-0x0000000074EF0000-0x00000000756A0000-memory.dmp
memory/3620-680-0x0000000074EF0000-0x00000000756A0000-memory.dmp
memory/3620-686-0x000000000C8B0000-0x000000000C9D6000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | af3c17e8e64b85a612e4c1b8c751e92d |
| SHA1 | 148a95f7c57367313883d46e1847489f1c80ff24 |
| SHA256 | 99ac91e0a3041414638cf17501971ee3f8f53afd91cefa1ecb224aa4030b771f |
| SHA512 | 39b919d170f060d664d2b29d1c5f347dde12288ff18cd316380df497c4a1dac617e4f458b10f628a2749e4a9cc9b64b5d40dd024ec6d4c5598285befc5ae16e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 337c4429feca429cecc41015e80ef422 |
| SHA1 | 72059f6cc26f75c245f0409765a3b370d2fa6717 |
| SHA256 | a1bd26fc25382f6a1154b983098a58fdc87762d0dba5ad61328f7e716d295dfb |
| SHA512 | fe2bcbac778556f644194699884e72e3ec75baeeddff263b66fd7702bf8a1409332d567349b1fa19a64d81eb4da582023c343302197ced1f6dd57feea0efbeab |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | d8328e669e3a05984d893c501922eb4c |
| SHA1 | f7dd4753f980d0ff7b9ceef2010aed7ca1f4e24f |
| SHA256 | 6020c8e08bff02e516717c870ea81e563bd1faa91fe5b9b5021beeb5706340ab |
| SHA512 | ab0dfacba6ae4cf7fa36e26392f3f9558926772d1c6807ad1850abe9223ad30e052ddbb039d1e8d28f1cfdaa7052ac1a37359f70e6a3d44b252a88f764bcce58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032
| MD5 | 62b3656502d2f8f50d792ea1c8c41438 |
| SHA1 | cb0fd4f8bdfb6e32e86b6d805916dc95bbed7a71 |
| SHA256 | 4ff8b2f6c2012d486d9388885d7bed23513913f3e50d35bfc34cfc0e6d4c6385 |
| SHA512 | a3fb33fe6c2ff563c8324dfeea173ac02d918b38b14adf56403a8fcba33dd21957bd617b4e15d09e1a347a9fe7415789d710505317754873aea6a8b60167eff1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c20d75d7a3983acaaa842ccf680545d2 |
| SHA1 | 923c3ab76f7c3e343f76bc594e2c6b13c2d1ee20 |
| SHA256 | 3221918c8444a8f7b2053815a83eadf8bc801c5366758335d3bad9a4e4d8a61b |
| SHA512 | 84b77ad8a120e1af882f2537845a53cd250b990b38e63365e2a0065a364133459604455c0eec7ae77db5a135b7e7a3975f75d96a42a80d3c80f6020c0236d068 |
C:\Users\Admin\Downloads\MetaBuilder.zip.crdownload
| MD5 | 4957be44996cf5022997c4c25970ae3f |
| SHA1 | f2394930678fa0d843826a02eb9e5f1019560ced |
| SHA256 | eed0c4edab3e751e754de654b8eff38c1d36b9e54d7354e20639503f312bae40 |
| SHA512 | dd764d121f02cde0f1adc7bc51c0f734e3bd7adb02a8d9a6a8d0e5d0fa8af0d0b956908fc91c778beade5ed22581efec2f99c23a6673f334aa2fffa263e566a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e9e3f28d8299d142cb2739011bc054f7 |
| SHA1 | 6a2574266a86a4a2334511992368e16de0187e5c |
| SHA256 | c0bfb53f436697a1763f75f7cdfc043e2b7c451c63d18032f2da5c7756ca774b |
| SHA512 | 518a0ed696491945d8f5fc445bf84ad7cb9372d6b2d40d71be4b0c9e622e4df281854d0d078f41cd6d495a5ebd4b844218c7cc42aa5bc7f950ab36b33035c6bd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 32d005bb1a1364fa43a52f944a62bcd3 |
| SHA1 | a4d8eadc7215c30996ae24300ffab0679b20932c |
| SHA256 | 19bfe75d6aa6eb2476dc638692ec557ed1d07032d7d850dfc27a9fbef5afea7a |
| SHA512 | c64844e9fe3b1c831ab93a7222522660b254fd6276686bf3d362a11da5e8046b576a441aab827aad1501d785eca2ac70a98e231548b0f4cc349fcf6aad1355fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | ae009ee9be8d0fba44871eb3db7c3d43 |
| SHA1 | a6f47c94c60d2daebad3f86b0215bd649176e4bb |
| SHA256 | 58858e10c6ce2c2f8768e02ad3b22fc8e79f0de33a800c54f72e53e434046ed6 |
| SHA512 | 681d2ea05aab8fe517040f5672a2aada28911369d4d069758d52da2ed5c18321c1ecd32e9d23202269f8b820084daeb8ff1807e9af48dd32b80b4f6d953cb71b |
memory/3620-850-0x0000000074EF0000-0x00000000756A0000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9bd9d2373194bd3f622c48b70de64fb5 |
| SHA1 | d91db6e3cd65f53a636f355409c36f9df23cbff7 |
| SHA256 | d719a79846a9d1fee27253018e1d4d7438a16ca5a34aba1a22737ce14ca90978 |
| SHA512 | 9c7001707747a49b2aff80556b20ddade5c794abeb6d342e247210b6f3ec60fc57cf9724a09529999ba901871f974479f988f228b3bbbc6a2bd7a2609e350b1e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4ed07f15c6fe4911ef61a8957b80a141 |
| SHA1 | baf5a40e2809ca526cbb65a218641659b61d6fc3 |
| SHA256 | bb1d894894ff5ceafd822494b3eaf4f4f38d367698f5312808b93a71ece15444 |
| SHA512 | 60bf9aee333816d62860a4e3a14a5b2069bb74e7083fc621e15aec565d8122d59dcab0ba44af88f589b20e9cd7468fccefa8087ff922bc6650e97c9f602d622e |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MetaBuilder.exe.log
| MD5 | 7ebe314bf617dc3e48b995a6c352740c |
| SHA1 | 538f643b7b30f9231a3035c448607f767527a870 |
| SHA256 | 48178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8 |
| SHA512 | 0ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 077bdeebcdb658d59f26d2f22268a4bb |
| SHA1 | e619ed9ea1cf40486133c5617c32f40e3728ffe6 |
| SHA256 | 3b6823c81e3e4501e981ac77da20c5adf13bc2d94ad6d109428126eb30874891 |
| SHA512 | 74d94b0e200cd594ec416df4307f972eeb097d82b75fd008e426e3511d168a654aed1f3706c383ffe5395e27f3454e29f1d0835229866c14e55df4fead4830c0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 6f8c12bc8fb10b8911e590b283bc98db |
| SHA1 | 1466217254cfea6e4d41e15e387cae61e46f5138 |
| SHA256 | c20347f89ad69e67ec3e7e1ebc479c9d37d6039842d3ab004e544df96f217383 |
| SHA512 | 470890831afd1784d5948bbe9d90f8e5986807c86cf6dc274d6dc9a64f769ce42be29edb1242f468ff33c2367d6610bdd0a8ff19b0aedd7407dfd16bc50f2962 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 65079c6e10ea851320858df65b139275 |
| SHA1 | 4a02bb713818144e3dbc6a6743209d597f4970a1 |
| SHA256 | 8b2bf0da8d234dc9055aacd7f2d63453a59a9a2887a32bdce3d7b64aad240d4f |
| SHA512 | 7a8f95d7d611df581d0260e26abe9a5274dc7722d1b663fe6ccb2b7c578f1d249882180c36860ddc13ac455325d81cc87f1d7fe9c2c1e89988797129915a020c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 4713ed05e031a3d3d740ea3a5276b46d |
| SHA1 | 35c150564ba45757f47025bb3def6a1034f54612 |
| SHA256 | 472bf4354f4bdc2e3f6ea7a8ab41949395b401456d29e7eceebc07c5f45cc10b |
| SHA512 | 48ca864d32c9033e5d085039f4deea7d16e7d7aa8adfe60649232e44b89a11e74cc616ca2fa682f24d17bfd3875273adbabc5cb4bc7933c8892ca6e8746e7e81 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2661524a4273397ddfa0faac8df9fbfa |
| SHA1 | 673e0a34cbe2c67afb5ceb8dfb152c343156b518 |
| SHA256 | 33438227a40fd3c7345e0b9fbe9c1fc2dfba464447ff470806305eeb5e88b9c1 |
| SHA512 | 4e7570db416ba792dcc83061d2cd4d341ff60fd1762d7aa15795bba9fa1b5330d663c50aa12c39ea5b420f8153fb7b2aa4361e84a4ed4a0a880fbf11a546eb70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d027b26a910826417fe9c44b14ce8885 |
| SHA1 | 5db55aa818998bab591413fa3791eff26b238864 |
| SHA256 | 704cbe0504bd1c58fda636789d973212abf09d31a78890b675482f6cd5d691de |
| SHA512 | a8b3810ec62e7618bdc33e3deaea0cea1e378910c41c7a55e59a908701312ef19c3aeccf105cd42f83e5195d1a78e5344d67f5f5ae858cd237acec480c5f6829 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
| MD5 | ede0dc94dc27b8dee3a0f6157638fc0c |
| SHA1 | 601c0784873364cae23cea430741a6cff8695852 |
| SHA256 | 5c2ba120f639553027c49188cb6c58452d6615063c45db2be8f7bc9e11bd81ce |
| SHA512 | 42405edcf2208665544b910c68fad39112d02ac6513f352798f518e6674c4d9672fb7c1fdf872a5c5055963975cf713f116303b4af5c3d8960060006bc42ec28 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f626d6979c026ab34e0aacba066be9f3 |
| SHA1 | 183f74b421a833d354b39dd6d3c2932d7c6bb862 |
| SHA256 | 2cc1aeab2855b8744e4ab9eece91f2a3444d8bb250bb82125d99510dc2ef1684 |
| SHA512 | 9bc3476ff774a2bfd4ee58e32a01f473fa61c6ca772a4d353c67b081f4bcc700f12b219f7220b9d2fe6c91434a204d8badd9071582843a5cb653cc8bfbc4ff05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 93f9c92e683a135aae01b8a8345adc89 |
| SHA1 | 12d67845b83cd010dab8cef0619b26b0ec68e00a |
| SHA256 | cb7fd3625dcc244b927948e9afe5d4c6bf367ed3661a672f439e22500cb5f0b6 |
| SHA512 | be4049bfff98da88ad60ace5407a1e18607bdc72f0297913f22e05fea3e0c89cdc2138a9ee0a0aa63d1cd693ee1fbefa66ac2e1020b582b1cf5fc05bb820be0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7176702d-1bd4-4bc1-a8f7-dfa3ce4b9d41.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | 4ec96d7afb2848ee14ab7dfa50373dba |
| SHA1 | 8ca524dae4955e6b7cc706e1aa495268412fa6c1 |
| SHA256 | 223d5e7b88f0dc2ad05df6c0d4c151899b59310e1120b5aaa341816c84c85032 |
| SHA512 | 8262f3c885653f26903ae790b056d03820c619c5331f27e9f6b0d4c4c7208ba2aa4a431da3f59c79f7edb253b179e6d47d08dd1d450d2aee6f1d01c46c9c90f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7b7e466fbdbaa484dd999df84f808eb7 |
| SHA1 | 39019abc9bf990a5ca0cb06c2fa1e22555cb2c4d |
| SHA256 | 5ee89d1f38624c636064731a6ae72651e67c37d43879e770e637d69c35aef052 |
| SHA512 | 086241a7e1e36518d3b3f1c82aa98ebc09b4f7a76b22ec3929a9b0d4094049a3d8217673e9d80decf68b66ca4576e4d0788b06f1590ba1504cfaf39c35090bbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | eb1faa3922e08bef40a55f7ca2615996 |
| SHA1 | 2803b344960bfbaf3a532a1a4ecaedadc70eb5b1 |
| SHA256 | 7c63e317a678c76825e94730ac87624f16ea0d132fbd78e1d5a11b56be101f63 |
| SHA512 | 4d2a6e3ef86c0076f6ec47484f6ff2d6e4c664635b2fc4f45240efbeb5cafc50cf21e48bafb04d4c3c524bdd840994b4434cd8029ac65904887f66783950b367 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f61e6fa71b3d99ab21299438b21a655b |
| SHA1 | 33187e77539f8396ace73b8212a04fd98cef488d |
| SHA256 | 17b0a3beb49ffe6c8dfa21879365ccf3969b734036e40fa7912164a636e07f91 |
| SHA512 | 63c82b440b015be57d3fcf77517a6ba9c54aac7d68dd24ab7b8b84c3844d8cdaf4f562ae070dd4f071044131cf68ca3a5864af17b8610911ad90f9795585e32f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | aaf4cad933d4731b386adee181233ffe |
| SHA1 | 6d31e5fe041e146fa61eaad43e529ebe1bac92d9 |
| SHA256 | 6478b514e1f014e9a2a91171d6729fd241bbaa7dc4a7fad0f17207a57b7628c4 |
| SHA512 | c5e5a123089c4222966f142a185eda51b9d71d17a4756f19c27ce742af9d6111c93bb2a6e8d9587c6bf0f1b7f38fd63e0bf7b75876c846f1b69af82f37c7da96 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | ae1a15c2be0265a18d81df259352feb6 |
| SHA1 | 01c409e2ca6bbabebb79ca6aa1412a06cd457275 |
| SHA256 | 5136a3c0457b9e212b9fb7558d843cb5fe99b0e15c847f327afd973fe4fa7122 |
| SHA512 | 6de5c2954610ea08171dd895c51a388541135fbae6d73713ce9b04f63246e197b512b61b92c8f3ee67217903401c777554cf0a21da9324dcc5951b3c4f21d0bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 56582af7bb374d91291ae0c62509d956 |
| SHA1 | 1e9f77b5f248429af4c93b1975ae3e6875279dd8 |
| SHA256 | 73710309ad277873319c984b3c3ccd33bba6226134440b0e8fedc606c7722ee7 |
| SHA512 | 937c27f6d7e96fefb481cefa1b72c0a6f816dfd3ec07995cab4c252617c5b797870e448a6ec3f01c68c240d4fece52b145e4f1e54ced4f1932890ab3eaca6524 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000081
| MD5 | 008d0ae10f41631bb124d78799baf5bb |
| SHA1 | cd5956db2574b3e718d8e87f3e4af79e2a3b5e0b |
| SHA256 | a0aee1664677fce87357ff299c236f12803be313c1838a312d779ccf1ce0e590 |
| SHA512 | e4c1c5a8d88b6e0caa60b3c6ce02c05b0b2653c478a788d9d6c330d34439a5f91acecd67dc6baa4f40cf8f4cf21a684a13162562df8e2406cd06ac3145c6216e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 2a70931836a2330044c2a9b683acb099 |
| SHA1 | 97ee158818563b2704767734f804e62775ac0ffd |
| SHA256 | cd3fc19821a259c7abbeddc5e9638e11eba2c3d20ef56b1d8b275022d80e34e4 |
| SHA512 | 5bff17ac51a4e28274c4142b2206f4cd8b050a20c0f6bb33352125b8e0db3e961a5ad003c07fd49a603cc554119113be5c7e87f689aac6ad3787ac430d927909 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 197e000b2121627322fcf174067b686c |
| SHA1 | 0ad90edabc9064b1ab9bc131db59e77f14df293a |
| SHA256 | 0416ec34f75b6808d4610fa9190244c059c016ab1acc78162aef88552852f000 |
| SHA512 | 5fe97fc79f9b8654b2f02391609cacd2fb11f67cbdbd2d01f0ebdb2f2b13d5588686ed7a1023eba9d984819617dca508831af5008286b5e570a6f322aa252f45 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\MANIFEST-000001
| MD5 | 3fd11ff447c1ee23538dc4d9724427a3 |
| SHA1 | 1335e6f71cc4e3cf7025233523b4760f8893e9c9 |
| SHA256 | 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed |
| SHA512 | 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bae364123cf18d59a020e2921a9647af |
| SHA1 | 04b59d38b0bf67435b58ac0d29535a3eb0dbd48c |
| SHA256 | f6a2d87a939792bea59703db10f1f8e8095d41fe54280e8eeb7f2bc7d5ac66bd |
| SHA512 | 5fbd37ba350caf16e089f4733b28a5fd09c02fc205219b7a00279154076476d6869eede94c6a88d371df72d4a3af0de4d9dea645ffc96e0cdeddf477d140cb95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 22fbf87d2af4f3cbcc5fe81e23c3a399 |
| SHA1 | 4ed75a80aa47a54630b5251c17f7111084660758 |
| SHA256 | d55198d36e9fc6cf55916c9235517302059b37ab779f74ac3cc6e1d5dbf9e2a6 |
| SHA512 | 5196836d3071697d8e0b46eb0d9d2a391fa49bc850f3a5fa879892bcd55983e764c921bdff44f3c2a067f06d2e30e39e3d4c21a4f62e705a95d25f9d8908990d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 7cf0508812510fdc590bde3ede95436b |
| SHA1 | afda822844652ec696e1faaf155d71fe340c9573 |
| SHA256 | 8ccf2d9d14e88a2e03c6221b16e38cec08c9271bb87ea2be4ded655636761096 |
| SHA512 | 6283179b714339cefa39f8cd66cc0b67fa2b2e1114c02d908bd4eb0501a2bce8ab23e866f86d074287e2ce931de0852ca6ba8c28b553e8c6d56e83f32ecb1773 |
C:\Users\Admin\AppData\Local\Temp\_MEI11082\altgraph-0.17.4.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
memory/1020-1788-0x00007FFCC5630000-0x00007FFCC5A9E000-memory.dmp
memory/5828-1789-0x00007FFCC51C0000-0x00007FFCC562E000-memory.dmp
memory/1020-1792-0x00007FFCDA040000-0x00007FFCDA059000-memory.dmp
memory/1020-1790-0x00007FFCD9F90000-0x00007FFCD9FB4000-memory.dmp
memory/5828-1798-0x00007FFCDD830000-0x00007FFCDD83F000-memory.dmp
memory/1020-1797-0x00007FFCDD8E0000-0x00007FFCDD8ED000-memory.dmp
memory/5828-1796-0x00007FFCD95F0000-0x00007FFCD9614000-memory.dmp
memory/5828-1801-0x00007FFCD95A0000-0x00007FFCD95B9000-memory.dmp
memory/1020-1800-0x00007FFCD95C0000-0x00007FFCD95EE000-memory.dmp
memory/1020-1799-0x00007FFCDA220000-0x00007FFCDA22D000-memory.dmp
memory/5828-1805-0x00007FFCD9580000-0x00007FFCD9599000-memory.dmp
memory/5828-1804-0x00007FFCD94E0000-0x00007FFCD950D000-memory.dmp
memory/5828-1803-0x00007FFCD8E20000-0x00007FFCD8E54000-memory.dmp
memory/1020-1802-0x00007FFCCFA50000-0x00007FFCCFB0C000-memory.dmp
memory/1020-1795-0x00007FFCD9620000-0x00007FFCD9639000-memory.dmp
memory/5828-1809-0x00007FFCCA2B0000-0x00007FFCCA36C000-memory.dmp
memory/5828-1808-0x00007FFCD92B0000-0x00007FFCD92DE000-memory.dmp
memory/5828-1814-0x00007FFCD8D50000-0x00007FFCD8D7B000-memory.dmp
memory/1020-1813-0x00007FFCD8D80000-0x00007FFCD8DAB000-memory.dmp
memory/1020-1812-0x00007FFCC5630000-0x00007FFCC5A9E000-memory.dmp
memory/5828-1807-0x00007FFCD97F0000-0x00007FFCD97FD000-memory.dmp
memory/5828-1806-0x00007FFCD9A90000-0x00007FFCD9A9D000-memory.dmp
memory/1020-1794-0x00007FFCD9800000-0x00007FFCD9834000-memory.dmp
memory/1020-1793-0x00007FFCD9840000-0x00007FFCD986D000-memory.dmp
memory/1020-1791-0x00007FFCDD9A0000-0x00007FFCDD9AF000-memory.dmp
memory/5828-1824-0x00007FFCCA1F0000-0x00007FFCCA2A8000-memory.dmp
memory/5828-1825-0x0000023709130000-0x00000237094A5000-memory.dmp
memory/1020-1829-0x00007FFCC9900000-0x00007FFCC99B8000-memory.dmp
memory/1020-1833-0x00007FFCD9620000-0x00007FFCD9639000-memory.dmp
memory/1020-1832-0x00007FFCC4660000-0x00007FFCC49D5000-memory.dmp
memory/5828-1834-0x00007FFCD8CA0000-0x00007FFCD8CB4000-memory.dmp
memory/5828-1838-0x00007FFCD8D10000-0x00007FFCD8D1B000-memory.dmp
memory/5828-1836-0x00007FFCC97E0000-0x00007FFCC98F8000-memory.dmp
memory/1020-1842-0x00007FFCD2A80000-0x00007FFCD2A94000-memory.dmp
memory/1020-1844-0x00007FFCD8B10000-0x00007FFCD8B1B000-memory.dmp
memory/1020-1845-0x00007FFCD2A50000-0x00007FFCD2A76000-memory.dmp
memory/5828-1847-0x00007FFCCFF80000-0x00007FFCCFFB8000-memory.dmp
memory/1020-1848-0x00007FFCC81E0000-0x00007FFCC82F8000-memory.dmp
memory/5828-1846-0x00007FFCD9580000-0x00007FFCD9599000-memory.dmp
memory/5828-1843-0x00007FFCC8780000-0x00007FFCC88F1000-memory.dmp
memory/5828-1841-0x00007FFCD4550000-0x00007FFCD456F000-memory.dmp
memory/1020-1840-0x00007FFCCFA50000-0x00007FFCCFB0C000-memory.dmp
memory/5828-1839-0x00007FFCD95A0000-0x00007FFCD95B9000-memory.dmp
memory/5828-1869-0x00007FFCCAA80000-0x00007FFCCAA95000-memory.dmp
memory/5828-1868-0x00007FFCCAC60000-0x00007FFCCAC6C000-memory.dmp
memory/5828-1867-0x00007FFCCAC70000-0x00007FFCCAC82000-memory.dmp
memory/5828-1866-0x00007FFCCFA10000-0x00007FFCCFA1D000-memory.dmp
memory/5828-1865-0x00007FFCCFA20000-0x00007FFCCFA2C000-memory.dmp
memory/5828-1864-0x00007FFCCFA30000-0x00007FFCCFA3C000-memory.dmp
memory/5828-1863-0x00007FFCCFA40000-0x00007FFCCFA4B000-memory.dmp
memory/5828-1862-0x00007FFCCFF50000-0x00007FFCCFF5B000-memory.dmp
memory/5828-1861-0x00007FFCCFF60000-0x00007FFCCFF6C000-memory.dmp
memory/5828-1860-0x00007FFCCFF70000-0x00007FFCCFF7C000-memory.dmp
memory/5828-1859-0x00007FFCD0600000-0x00007FFCD060E000-memory.dmp
memory/5828-1858-0x00007FFCD0610000-0x00007FFCD061D000-memory.dmp
memory/5828-1857-0x00007FFCD1870000-0x00007FFCD187C000-memory.dmp
memory/5828-1856-0x00007FFCD1880000-0x00007FFCD188B000-memory.dmp
memory/5828-1855-0x00007FFCD2680000-0x00007FFCD268C000-memory.dmp
memory/5828-1854-0x00007FFCD4590000-0x00007FFCD459B000-memory.dmp
memory/5828-1853-0x00007FFCD5380000-0x00007FFCD538C000-memory.dmp
memory/5828-1852-0x00007FFCD5910000-0x00007FFCD591B000-memory.dmp
memory/5828-1851-0x00007FFCD6F00000-0x00007FFCD6F0B000-memory.dmp
memory/5828-1850-0x00007FFCCA2B0000-0x00007FFCCA36C000-memory.dmp
memory/5828-1849-0x00007FFCD92B0000-0x00007FFCD92DE000-memory.dmp
memory/5828-1837-0x00007FFCD95F0000-0x00007FFCD9614000-memory.dmp
memory/5828-1835-0x00007FFCD45A0000-0x00007FFCD45C6000-memory.dmp
memory/1020-1831-0x00007FFCD9F90000-0x00007FFCD9FB4000-memory.dmp
memory/5828-1830-0x00007FFCD8E10000-0x00007FFCD8E1A000-memory.dmp
memory/1020-1828-0x00007FFCD5390000-0x00007FFCD53BE000-memory.dmp
memory/5828-1827-0x0000023709130000-0x00000237094A5000-memory.dmp
memory/5828-1826-0x00000237094B0000-0x0000023709825000-memory.dmp
memory/5828-1823-0x00007FFCD8B20000-0x00007FFCD8B4E000-memory.dmp
memory/1020-1822-0x00007FFCD8CC0000-0x00007FFCD8CDC000-memory.dmp
memory/1020-1821-0x00007FFCD8D20000-0x00007FFCD8D2A000-memory.dmp
memory/5828-1820-0x00007FFCD8D30000-0x00007FFCD8D4C000-memory.dmp
memory/1020-1819-0x00007FFCD53C0000-0x00007FFCD5402000-memory.dmp
memory/5828-1818-0x00007FFCD5920000-0x00007FFCD5962000-memory.dmp
memory/5828-1817-0x00007FFCC51C0000-0x00007FFCC562E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 555b4ccc52a1abda7e24cc61b28d588a |
| SHA1 | 621f387d9b3d7007ba6c20201f88e60751f8361f |
| SHA256 | c1aca8a0b6df67c1a9249a0d778f4958be398727a22d42f7b0613f2697469b4b |
| SHA512 | d4e2c433a93a274397d595edbc8e493af706366ab17cc37d3c8b31b4692034ff691071152b6d0154a6e6058591f00db66bf25cdf2ebf60a7970de5c0073df372 |
memory/1020-1944-0x00007FFCC4660000-0x00007FFCC49D5000-memory.dmp
memory/1020-1952-0x00007FFCC8D90000-0x00007FFCC8DC8000-memory.dmp
memory/1020-1951-0x00007FFCC5040000-0x00007FFCC51B1000-memory.dmp
memory/1020-1950-0x00007FFCC8DD0000-0x00007FFCC8DEF000-memory.dmp
memory/1020-1949-0x00007FFCC81E0000-0x00007FFCC82F8000-memory.dmp
memory/1020-1948-0x00007FFCD2A50000-0x00007FFCD2A76000-memory.dmp
memory/1020-1947-0x00007FFCD8B10000-0x00007FFCD8B1B000-memory.dmp
memory/1020-1946-0x00007FFCD2A80000-0x00007FFCD2A94000-memory.dmp
memory/1020-1945-0x00007FFCC9900000-0x00007FFCC99B8000-memory.dmp
memory/1020-1928-0x00007FFCC5630000-0x00007FFCC5A9E000-memory.dmp
memory/1020-1943-0x00007FFCD5390000-0x00007FFCD53BE000-memory.dmp
memory/1020-1942-0x00007FFCD8CC0000-0x00007FFCD8CDC000-memory.dmp
memory/1020-1941-0x00007FFCD8D20000-0x00007FFCD8D2A000-memory.dmp
memory/1020-1940-0x00007FFCD53C0000-0x00007FFCD5402000-memory.dmp
memory/5828-2053-0x0000023709130000-0x00000237094A5000-memory.dmp
memory/5828-2060-0x00007FFCCFF80000-0x00007FFCCFFB8000-memory.dmp
memory/5828-2059-0x00007FFCC8780000-0x00007FFCC88F1000-memory.dmp
memory/5828-2058-0x00007FFCD4550000-0x00007FFCD456F000-memory.dmp
memory/5828-2057-0x00007FFCC97E0000-0x00007FFCC98F8000-memory.dmp
memory/5828-2056-0x00007FFCD45A0000-0x00007FFCD45C6000-memory.dmp
memory/5828-2054-0x00007FFCD8CA0000-0x00007FFCD8CB4000-memory.dmp
memory/5828-2036-0x00007FFCC51C0000-0x00007FFCC562E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | cd88d229ebd7dfba69730f436824b4c8 |
| SHA1 | 07f3c6dcd6d8058dcc8320470b8f5092d3b8f1d2 |
| SHA256 | 6357357c4578fa06908477700b043bfb2714c5f35c91daba4924bc9ab176a088 |
| SHA512 | fd9042fad2bd47007a0d4f20d1a859d9799ccb88e3ef5761b3cd34df90a3dc38d9ea58a0939d8d69ebdedae0d6b12d5cb9478451749258f141409ca51a93a1f8 |
memory/864-2358-0x00007FFCD94E0000-0x00007FFCD950E000-memory.dmp
memory/864-2362-0x00007FFCD9E10000-0x00007FFCD9E1A000-memory.dmp
memory/864-2361-0x00007FFCD5920000-0x00007FFCD5962000-memory.dmp
memory/864-2360-0x00007FFCD92B0000-0x00007FFCD92DB000-memory.dmp
memory/864-2359-0x00007FFCCFA50000-0x00007FFCCFB0C000-memory.dmp
memory/864-2349-0x00007FFCC5630000-0x00007FFCC5A9E000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f98703d59565b92994198767308a5e5d |
| SHA1 | 15da40f737ffe14cc8f656c3f90aba657624ca21 |
| SHA256 | 4216e3d877a68c56c217bed9d35de3a3832e2c4a5d9f61fbdaa54aa692f6ef0e |
| SHA512 | 350b6155268e6f9623273afe7518f22eb590734fe59638f0f88d7baefdf1016224407f2159e9178af27764a101850541e909e9bfa9c8d66c0cb6e1ccaaae2ae3 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-20 19:06
Reported
2024-06-20 19:11
Platform
win10v2004-20240611-en
Max time kernel
137s
Max time network
203s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
Files
memory/1404-0-0x00007FFAC54D0000-0x00007FFAC54E0000-memory.dmp
memory/1404-1-0x00007FFB054ED000-0x00007FFB054EE000-memory.dmp
memory/1404-2-0x00007FFB05450000-0x00007FFB05645000-memory.dmp
memory/1404-3-0x00007FFB05450000-0x00007FFB05645000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-20 19:06
Reported
2024-06-20 19:11
Platform
win10v2004-20240508-en
Max time kernel
234s
Max time network
272s
Command Line
Signatures
Enumerates physical storage devices
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.pdb
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3608,i,15140928051103392835,1612840580898364401,262144 --variations-seed-version --mojo-platform-channel-handle=4372 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
Files
Analysis: behavioral7
Detonation Overview
Submitted
2024-06-20 19:06
Reported
2024-06-20 19:11
Platform
win10v2004-20240611-en
Max time kernel
140s
Max time network
207s
Command Line
Signatures
Processes
C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
"C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\MetaBuilder\dnlib.xml"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
memory/768-0-0x00007FFDB6350000-0x00007FFDB6360000-memory.dmp
memory/768-2-0x00007FFDF62D0000-0x00007FFDF64C5000-memory.dmp
memory/768-1-0x00007FFDF636D000-0x00007FFDF636E000-memory.dmp
memory/768-3-0x00007FFDF62D0000-0x00007FFDF64C5000-memory.dmp