Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
19/01/2025, 19:13
Static task
static1
Behavioral task
behavioral1
Sample
ZcheatersLauncher.rar
Resource
win10v2004-20241007-en
General
-
Target
ZcheatersLauncher.rar
-
Size
30.3MB
-
MD5
85d4635425d31ca0302818e965dad655
-
SHA1
f2c6d0e9f926f084aa296b04f7e05512520ac2cb
-
SHA256
46f86218ec0d70374ec8c60b40faf32ef7200bda2b15d503024b7cfe039b3d37
-
SHA512
7d9434c11cbeb27ec66a1af87b8cf0d3c51578266e09c44dc38e886a575d753a0da56cbbd36d1ff12edd3d0af93401d31bbd8da06c0c7518ccc6a3b11b5be5c0
-
SSDEEP
786432:gR35AkMniMJLJHrPsBDEt6egwa3B++Ic2JleOFgJV:gR35DMDJLJPsBQtW73B+V7i
Malware Config
Signatures
-
Uses browser remote debugging 2 TTPs 64 IoCs
Can be used control the browser and steal sensitive information such as credentials and session cookies.
pid Process 4424 chrome.exe 8748 msedge.exe 7976 chrome.exe 7996 chrome.exe 5068 msedge.exe 1076 msedge.exe 3776 msedge.exe 8816 chrome.exe 6356 msedge.exe 7468 msedge.exe 1280 msedge.exe 6544 msedge.exe 5256 chrome.exe 10188 msedge.exe 7084 msedge.exe 3944 msedge.exe 1280 msedge.exe 1852 msedge.exe 5384 msedge.exe 744 msedge.exe 5756 chrome.exe 7588 chrome.exe 5340 chrome.exe 5880 msedge.exe 7376 chrome.exe 9344 chrome.exe 5748 msedge.exe 6704 msedge.exe 4000 chrome.exe 9384 msedge.exe 1128 msedge.exe 6300 msedge.exe 10104 msedge.exe 5720 msedge.exe 10064 msedge.exe 8932 chrome.exe 9332 chrome.exe 2192 msedge.exe 9000 msedge.exe 8568 msedge.exe 10076 msedge.exe 6900 msedge.exe 7096 msedge.exe 5292 msedge.exe 10232 chrome.exe 6588 msedge.exe 8112 msedge.exe 5492 msedge.exe 6468 msedge.exe 5028 chrome.exe 7120 chrome.exe 2344 chrome.exe 7484 msedge.exe 8436 msedge.exe 2308 msedge.exe 4324 msedge.exe 5884 msedge.exe 8716 msedge.exe 5432 chrome.exe 6364 chrome.exe 2916 msedge.exe 6688 chrome.exe 6648 chrome.exe 3364 msedge.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 12 IoCs
pid Process 1600 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 3984 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 372 ZcheatLauncher.exe 4708 ZcheatLauncher.exe 2724 ZcheatLauncher.exe 5588 ZcheatLauncher.exe 1820 ZcheatLauncher.exe 5188 ZcheatLauncher.exe 1596 ZcheatLauncher.exe 8364 ZcheatLauncher.exe -
Loads dropped DLL 64 IoCs
pid Process 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 2392 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 5192 ZcheatLauncher.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs
flow ioc 61 raw.githubusercontent.com 76 raw.githubusercontent.com 100 raw.githubusercontent.com 103 raw.githubusercontent.com 116 raw.githubusercontent.com 193 raw.githubusercontent.com 54 raw.githubusercontent.com 55 raw.githubusercontent.com 109 raw.githubusercontent.com 113 raw.githubusercontent.com 184 raw.githubusercontent.com 79 raw.githubusercontent.com 105 raw.githubusercontent.com -
Drops file in System32 directory 64 IoCs
description ioc Process File created \??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\machine.inf_amd64_b748590104fe1c15\machine.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_adeb6424513f60a2\input.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_adeb6424513f60a2\input.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_adeb6424513f60a2\input.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\machine.inf_amd64_b748590104fe1c15\machine.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_adeb6424513f60a2\input.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\machine.inf_amd64_b748590104fe1c15\machine.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\input.inf_amd64_adeb6424513f60a2\input.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF dxdiag.exe File created C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF dxdiag.exe File created \??\c:\windows\system32\driverstore\filerepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF dxdiag.exe -
Enumerates processes with tasklist 1 TTPs 10 IoCs
pid Process 5900 tasklist.exe 1008 tasklist.exe 4476 tasklist.exe 7868 tasklist.exe 2820 tasklist.exe 8728 tasklist.exe 9744 tasklist.exe 5796 tasklist.exe 8356 tasklist.exe 9952 tasklist.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs
pid Process 2392 ZcheatLauncher.exe 5192 ZcheatLauncher.exe 4708 ZcheatLauncher.exe 5588 ZcheatLauncher.exe 5188 ZcheatLauncher.exe 8364 ZcheatLauncher.exe -
resource yara_rule behavioral1/files/0x0007000000023d79-136.dat upx behavioral1/memory/2392-140-0x00007FFC50F30000-0x00007FFC5139E000-memory.dmp upx behavioral1/files/0x0007000000023d54-142.dat upx behavioral1/memory/2392-147-0x00007FFC50EE0000-0x00007FFC50F04000-memory.dmp upx behavioral1/files/0x0007000000023d75-148.dat upx behavioral1/memory/2392-150-0x00007FFC63A30000-0x00007FFC63A3F000-memory.dmp upx behavioral1/files/0x0007000000023d52-151.dat upx behavioral1/memory/2392-154-0x00007FFC50EC0000-0x00007FFC50ED9000-memory.dmp upx behavioral1/files/0x0007000000023d57-153.dat upx behavioral1/memory/2392-156-0x00007FFC50E90000-0x00007FFC50EBD000-memory.dmp upx behavioral1/files/0x0007000000023d74-157.dat upx behavioral1/files/0x0007000000023d5e-173.dat upx behavioral1/files/0x0007000000023d5c-174.dat upx behavioral1/memory/2392-175-0x00007FFC50E70000-0x00007FFC50E89000-memory.dmp upx behavioral1/files/0x0007000000023d7d-176.dat upx behavioral1/files/0x0007000000023d5b-178.dat upx behavioral1/memory/2392-179-0x00007FFC638C0000-0x00007FFC638CD000-memory.dmp upx behavioral1/memory/2392-177-0x00007FFC63970000-0x00007FFC6397D000-memory.dmp upx behavioral1/files/0x0007000000023d5d-172.dat upx behavioral1/files/0x0007000000023d5a-169.dat upx behavioral1/files/0x0007000000023d59-168.dat upx behavioral1/files/0x0007000000023d58-167.dat upx behavioral1/files/0x0007000000023d56-166.dat upx behavioral1/files/0x0007000000023d55-165.dat upx behavioral1/files/0x0007000000023d53-164.dat upx behavioral1/files/0x0007000000023d51-163.dat upx behavioral1/files/0x0007000000023d94-162.dat upx behavioral1/files/0x0007000000023d93-161.dat upx behavioral1/files/0x0007000000023d77-159.dat upx behavioral1/files/0x0007000000023d76-158.dat upx behavioral1/memory/2392-181-0x00007FFC50E50000-0x00007FFC50E64000-memory.dmp upx behavioral1/memory/2392-183-0x00007FFC50AD0000-0x00007FFC50E47000-memory.dmp upx behavioral1/memory/2392-190-0x00007FFC50EE0000-0x00007FFC50F04000-memory.dmp upx behavioral1/memory/2392-193-0x00007FFC509A0000-0x00007FFC509D4000-memory.dmp upx behavioral1/memory/2392-192-0x00007FFC63A30000-0x00007FFC63A3F000-memory.dmp upx behavioral1/memory/2392-189-0x00007FFC509E0000-0x00007FFC50A97000-memory.dmp upx behavioral1/memory/2392-188-0x00007FFC50AA0000-0x00007FFC50ACE000-memory.dmp upx behavioral1/memory/2392-187-0x00007FFC50F30000-0x00007FFC5139E000-memory.dmp upx behavioral1/memory/2392-364-0x0000000070A00000-0x0000000070B32000-memory.dmp upx behavioral1/memory/2392-1461-0x00007FFC50E70000-0x00007FFC50E89000-memory.dmp upx behavioral1/memory/2392-1460-0x00007FFC52540000-0x00007FFC526A9000-memory.dmp upx behavioral1/files/0x0007000000023d64-1466.dat upx behavioral1/memory/2392-1471-0x00007FFC52480000-0x00007FFC524A7000-memory.dmp upx behavioral1/memory/2392-1474-0x00007FFC52360000-0x00007FFC52478000-memory.dmp upx behavioral1/files/0x0007000000023d7c-1478.dat upx behavioral1/files/0x0007000000023d7b-1482.dat upx behavioral1/memory/2392-1484-0x00007FFC522F0000-0x00007FFC52321000-memory.dmp upx behavioral1/memory/2392-1483-0x00007FFC509E0000-0x00007FFC50A97000-memory.dmp upx behavioral1/memory/2392-1479-0x00007FFC52330000-0x00007FFC5235C000-memory.dmp upx behavioral1/files/0x0007000000023d97-1477.dat upx behavioral1/memory/2392-1473-0x00007FFC50AD0000-0x00007FFC50E47000-memory.dmp upx behavioral1/memory/2392-1470-0x00007FFC50E50000-0x00007FFC50E64000-memory.dmp upx behavioral1/memory/2392-1469-0x00007FFC637B0000-0x00007FFC637BB000-memory.dmp upx behavioral1/files/0x0007000000023d65-1468.dat upx behavioral1/memory/2392-1464-0x00007FFC524B0000-0x00007FFC52537000-memory.dmp upx behavioral1/files/0x0007000000023d9b-1463.dat upx behavioral1/memory/2392-1459-0x00007FFC5E0B0000-0x00007FFC5E0CF000-memory.dmp upx behavioral1/memory/2392-1503-0x00007FFC521E0000-0x00007FFC521EB000-memory.dmp upx behavioral1/memory/2392-1508-0x0000000070A00000-0x0000000070B32000-memory.dmp upx behavioral1/memory/2392-1507-0x00007FFC52200000-0x00007FFC52237000-memory.dmp upx behavioral1/memory/2392-1506-0x00007FFC521A0000-0x00007FFC521AC000-memory.dmp upx behavioral1/memory/2392-1505-0x00007FFC521B0000-0x00007FFC521C2000-memory.dmp upx behavioral1/memory/2392-1504-0x00007FFC521D0000-0x00007FFC521DD000-memory.dmp upx behavioral1/memory/2392-1502-0x00007FFC521F0000-0x00007FFC521FC000-memory.dmp upx -
Checks SCSI registry key(s) 3 TTPs 18 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID dxdiag.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs dxdiag.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 dxdiag.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID dxdiag.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs dxdiag.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 dxdiag.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs dxdiag.exe -
Kills process with taskkill 38 IoCs
pid Process 6240 taskkill.exe 7476 taskkill.exe 4060 taskkill.exe 7868 taskkill.exe 10104 taskkill.exe 6136 taskkill.exe 7448 taskkill.exe 8268 taskkill.exe 5408 taskkill.exe 2280 taskkill.exe 9976 taskkill.exe 6192 taskkill.exe 7464 taskkill.exe 6896 taskkill.exe 1768 taskkill.exe 8224 taskkill.exe 7444 taskkill.exe 9632 taskkill.exe 7836 taskkill.exe 5808 taskkill.exe 8720 taskkill.exe 10140 taskkill.exe 3320 taskkill.exe 8204 taskkill.exe 7264 taskkill.exe 2584 taskkill.exe 8216 taskkill.exe 1756 taskkill.exe 6124 taskkill.exe 3728 taskkill.exe 10056 taskkill.exe 6432 taskkill.exe 8508 taskkill.exe 7476 taskkill.exe 6920 taskkill.exe 6900 taskkill.exe 9268 taskkill.exe 6340 taskkill.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1 dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1 dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B} dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable" dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID dxdiag.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{0BF0846C-BA66-4EC3-ADC4-109BD4A643AA} dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1 dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1 dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32 dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove dxdiag.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4050598569-1597076380-177084960-1000\{CF20064A-1E93-49E0-92CE-E76913593E60} dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class" dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7} dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32 dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\system32\\dxdiagn.dll" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1 dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32 dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class" dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class" dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1" dxdiag.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7} dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1" dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable" dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class" dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class" dxdiag.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1" dxdiag.exe -
Suspicious behavior: EnumeratesProcesses 62 IoCs
pid Process 6388 dxdiag.exe 6388 dxdiag.exe 4392 msedge.exe 4392 msedge.exe 6556 dxdiag.exe 6556 dxdiag.exe 4048 msedge.exe 4048 msedge.exe 5840 msedge.exe 5840 msedge.exe 3668 msedge.exe 3668 msedge.exe 3164 msedge.exe 3164 msedge.exe 7444 dxdiag.exe 7444 dxdiag.exe 1696 msedge.exe 1696 msedge.exe 4640 dxdiag.exe 4640 dxdiag.exe 8012 msedge.exe 8012 msedge.exe 2828 msedge.exe 2828 msedge.exe 6544 dxdiag.exe 6544 dxdiag.exe 3792 msedge.exe 3792 msedge.exe 7336 msedge.exe 7336 msedge.exe 8060 msedge.exe 8060 msedge.exe 3168 msedge.exe 3168 msedge.exe 7964 msedge.exe 7964 msedge.exe 1660 msedge.exe 1660 msedge.exe 9812 msedge.exe 9812 msedge.exe 7412 msedge.exe 7412 msedge.exe 1008 msedge.exe 1008 msedge.exe 6832 msedge.exe 6832 msedge.exe 8056 msedge.exe 8056 msedge.exe 9540 msedge.exe 9540 msedge.exe 8128 msedge.exe 8128 msedge.exe 8116 msedge.exe 8116 msedge.exe 9644 msedge.exe 9644 msedge.exe 8072 msedge.exe 8072 msedge.exe 6900 msedge.exe 6900 msedge.exe 8604 msedge.exe 8604 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3944 7zFM.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeRestorePrivilege 3944 7zFM.exe Token: 35 3944 7zFM.exe Token: SeSecurityPrivilege 3944 7zFM.exe Token: SeIncreaseQuotaPrivilege 6476 WMIC.exe Token: SeSecurityPrivilege 6476 WMIC.exe Token: SeTakeOwnershipPrivilege 6476 WMIC.exe Token: SeLoadDriverPrivilege 6476 WMIC.exe Token: SeSystemProfilePrivilege 6476 WMIC.exe Token: SeSystemtimePrivilege 6476 WMIC.exe Token: SeProfSingleProcessPrivilege 6476 WMIC.exe Token: SeIncBasePriorityPrivilege 6476 WMIC.exe Token: SeCreatePagefilePrivilege 6476 WMIC.exe Token: SeBackupPrivilege 6476 WMIC.exe Token: SeRestorePrivilege 6476 WMIC.exe Token: SeShutdownPrivilege 6476 WMIC.exe Token: SeDebugPrivilege 6476 WMIC.exe Token: SeSystemEnvironmentPrivilege 6476 WMIC.exe Token: SeRemoteShutdownPrivilege 6476 WMIC.exe Token: SeUndockPrivilege 6476 WMIC.exe Token: SeManageVolumePrivilege 6476 WMIC.exe Token: 33 6476 WMIC.exe Token: 34 6476 WMIC.exe Token: 35 6476 WMIC.exe Token: 36 6476 WMIC.exe Token: SeIncreaseQuotaPrivilege 6476 WMIC.exe Token: SeSecurityPrivilege 6476 WMIC.exe Token: SeTakeOwnershipPrivilege 6476 WMIC.exe Token: SeLoadDriverPrivilege 6476 WMIC.exe Token: SeSystemProfilePrivilege 6476 WMIC.exe Token: SeSystemtimePrivilege 6476 WMIC.exe Token: SeProfSingleProcessPrivilege 6476 WMIC.exe Token: SeIncBasePriorityPrivilege 6476 WMIC.exe Token: SeCreatePagefilePrivilege 6476 WMIC.exe Token: SeBackupPrivilege 6476 WMIC.exe Token: SeRestorePrivilege 6476 WMIC.exe Token: SeShutdownPrivilege 6476 WMIC.exe Token: SeDebugPrivilege 6476 WMIC.exe Token: SeSystemEnvironmentPrivilege 6476 WMIC.exe Token: SeRemoteShutdownPrivilege 6476 WMIC.exe Token: SeUndockPrivilege 6476 WMIC.exe Token: SeManageVolumePrivilege 6476 WMIC.exe Token: 33 6476 WMIC.exe Token: 34 6476 WMIC.exe Token: 35 6476 WMIC.exe Token: 36 6476 WMIC.exe Token: SeDebugPrivilege 5900 tasklist.exe Token: SeDebugPrivilege 5796 tasklist.exe Token: SeShutdownPrivilege 5756 chrome.exe Token: SeCreatePagefilePrivilege 5756 chrome.exe Token: SeShutdownPrivilege 5756 chrome.exe Token: SeCreatePagefilePrivilege 5756 chrome.exe Token: SeShutdownPrivilege 5756 chrome.exe Token: SeCreatePagefilePrivilege 5756 chrome.exe Token: SeShutdownPrivilege 5756 chrome.exe Token: SeCreatePagefilePrivilege 5756 chrome.exe Token: SeShutdownPrivilege 5756 chrome.exe Token: SeCreatePagefilePrivilege 5756 chrome.exe Token: SeShutdownPrivilege 5756 chrome.exe Token: SeCreatePagefilePrivilege 5756 chrome.exe Token: SeShutdownPrivilege 5756 chrome.exe Token: SeCreatePagefilePrivilege 5756 chrome.exe Token: SeShutdownPrivilege 5756 chrome.exe Token: SeCreatePagefilePrivilege 5756 chrome.exe Token: SeIncreaseQuotaPrivilege 6656 WMIC.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 3944 7zFM.exe 3944 7zFM.exe 3944 7zFM.exe 1504 NOTEPAD.EXE -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 6388 dxdiag.exe 6556 dxdiag.exe 7444 dxdiag.exe 4640 dxdiag.exe 6544 dxdiag.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1600 wrote to memory of 2392 1600 ZcheatLauncher.exe 98 PID 1600 wrote to memory of 2392 1600 ZcheatLauncher.exe 98 PID 2392 wrote to memory of 5024 2392 ZcheatLauncher.exe 100 PID 2392 wrote to memory of 5024 2392 ZcheatLauncher.exe 100 PID 2392 wrote to memory of 6528 2392 ZcheatLauncher.exe 102 PID 2392 wrote to memory of 6528 2392 ZcheatLauncher.exe 102 PID 6528 wrote to memory of 6476 6528 cmd.exe 104 PID 6528 wrote to memory of 6476 6528 cmd.exe 104 PID 2392 wrote to memory of 6432 2392 ZcheatLauncher.exe 105 PID 2392 wrote to memory of 6432 2392 ZcheatLauncher.exe 105 PID 6432 wrote to memory of 6388 6432 cmd.exe 107 PID 6432 wrote to memory of 6388 6432 cmd.exe 107 PID 2392 wrote to memory of 5948 2392 ZcheatLauncher.exe 109 PID 2392 wrote to memory of 5948 2392 ZcheatLauncher.exe 109 PID 5948 wrote to memory of 5904 5948 cmd.exe 111 PID 5948 wrote to memory of 5904 5948 cmd.exe 111 PID 5948 wrote to memory of 5900 5948 cmd.exe 112 PID 5948 wrote to memory of 5900 5948 cmd.exe 112 PID 2392 wrote to memory of 5856 2392 ZcheatLauncher.exe 113 PID 2392 wrote to memory of 5856 2392 ZcheatLauncher.exe 113 PID 5856 wrote to memory of 5796 5856 cmd.exe 115 PID 5856 wrote to memory of 5796 5856 cmd.exe 115 PID 2392 wrote to memory of 5756 2392 ZcheatLauncher.exe 116 PID 2392 wrote to memory of 5756 2392 ZcheatLauncher.exe 116 PID 2392 wrote to memory of 5748 2392 ZcheatLauncher.exe 117 PID 2392 wrote to memory of 5748 2392 ZcheatLauncher.exe 117 PID 5756 wrote to memory of 5724 5756 chrome.exe 118 PID 5756 wrote to memory of 5724 5756 chrome.exe 118 PID 5748 wrote to memory of 5700 5748 msedge.exe 119 PID 5748 wrote to memory of 5700 5748 msedge.exe 119 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120 PID 5756 wrote to memory of 2296 5756 chrome.exe 120
Processes
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\ZcheatersLauncher.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3944
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1548
-
C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1600 -
C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2392 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵PID:5024
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic /locale:ms_409 path win32_videocontroller get caption"3⤵
- Suspicious use of WriteProcessMemory
PID:6528 -
C:\Windows\System32\Wbem\WMIC.exewmic /locale:ms_409 path win32_videocontroller get caption4⤵
- Suspicious use of AdjustPrivilegeToken
PID:6476
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "dxdiag /whql:off /t C:\Users\Admin\AppData\Local\Temp\dxdiag_1737314103_7298.txt"3⤵
- Suspicious use of WriteProcessMemory
PID:6432 -
C:\Windows\system32\dxdiag.exedxdiag /whql:off /t C:\Users\Admin\AppData\Local\Temp\dxdiag_1737314103_7298.txt4⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6388
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "chcp 65001 > nul && tasklist"3⤵
- Suspicious use of WriteProcessMemory
PID:5948 -
C:\Windows\system32\chcp.comchcp 650014⤵PID:5904
-
-
C:\Windows\system32\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:5900
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist /FI "IMAGENAME eq firefox.exe""3⤵
- Suspicious use of WriteProcessMemory
PID:5856 -
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq firefox.exe"4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:5796
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8610 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5756 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:5724
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1460,i,15573210741812493261,13090271585752724567,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1452 /prefetch:24⤵PID:2296
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1760,i,15573210741812493261,13090271585752724567,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1756 /prefetch:34⤵PID:5404
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8472 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
- Suspicious use of WriteProcessMemory
PID:5748 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc508346f8,0x7ffc50834708,0x7ffc508347184⤵PID:5700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1184,15748232815509986217,7727013748078483847,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1556 /prefetch:24⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1184,15748232815509986217,7727013748078483847,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1860 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:4392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8472 --allow-pre-commit-input --field-trial-handle=1184,15748232815509986217,7727013748078483847,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2072 /prefetch:14⤵PID:4520
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8741 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:6364 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:6304
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1488,i,14652953921047556843,5314253442959750077,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1480 /prefetch:24⤵PID:6152
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1880,i,14652953921047556843,5314253442959750077,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1876 /prefetch:34⤵PID:5988
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8261 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:6900 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc508346f8,0x7ffc50834708,0x7ffc508347184⤵PID:6912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1460,4730021345737464955,12941189434199793603,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1468 /prefetch:24⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1460,4730021345737464955,12941189434199793603,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1908 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8261 --allow-pre-commit-input --field-trial-handle=1460,4730021345737464955,12941189434199793603,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2024 /prefetch:14⤵
- Uses browser remote debugging
PID:1280
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8727 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:7120 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:7052
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1468,i,11008200998185835637,8069358949946713071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1460 /prefetch:24⤵PID:1540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1680,i,11008200998185835637,8069358949946713071,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1676 /prefetch:34⤵PID:1752
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8472 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:6544 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc508346f8,0x7ffc50834708,0x7ffc508347184⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1456,6076249491643952817,6522417907455269894,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1492 /prefetch:24⤵PID:664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1456,6076249491643952817,6522417907455269894,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1780 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:3668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8472 --allow-pre-commit-input --field-trial-handle=1456,6076249491643952817,6522417907455269894,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2024 /prefetch:14⤵
- Uses browser remote debugging
PID:7096
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8941 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:6648 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:6628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1512,i,12566205277090000809,7195866462642577517,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1504 /prefetch:24⤵PID:5056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1896,i,12566205277090000809,7195866462642577517,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1892 /prefetch:34⤵PID:6104
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8802 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵PID:3668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:5980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1072,8908570471719204668,9701909389607696463,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1528 /prefetch:24⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1072,8908570471719204668,9701909389607696463,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1880 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:1696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8802 --allow-pre-commit-input --field-trial-handle=1072,8908570471719204668,9701909389607696463,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1904 /prefetch:14⤵
- Uses browser remote debugging
PID:4324
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8324 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:2344 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:6964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1460,i,2749652800782133127,9224351448344403935,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1452 /prefetch:24⤵PID:8096
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1872,i,2749652800782133127,9224351448344403935,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1868 /prefetch:34⤵PID:6208
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8569 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:1076 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:7028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1516,754005603821864089,8311350947531608595,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1528 /prefetch:24⤵PID:6388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1516,754005603821864089,8311350947531608595,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1904 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:8060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8569 --allow-pre-commit-input --field-trial-handle=1516,754005603821864089,8311350947531608595,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2036 /prefetch:14⤵PID:3612
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8910 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:8932 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:8980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1524,i,10423331847866217433,10212921781207653587,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1516 /prefetch:24⤵PID:9124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1880,i,10423331847866217433,10212921781207653587,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1876 /prefetch:34⤵PID:8916
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8153 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:5884 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:3712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1492,13878120734052852423,17610186058574751605,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1484 /prefetch:24⤵PID:7748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,13878120734052852423,17610186058574751605,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1884 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:7412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8153 --allow-pre-commit-input --field-trial-handle=1492,13878120734052852423,17610186058574751605,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1996 /prefetch:14⤵PID:8140
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8797 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:8816 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:3972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1472,i,16194501926854491696,13840785152080798745,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1440 /prefetch:24⤵PID:3624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1884,i,16194501926854491696,13840785152080798745,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1880 /prefetch:34⤵PID:1328
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8025 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:3944 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:3792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1508,8104068904826295051,7651634364659688163,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1516 /prefetch:24⤵PID:9060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1508,8104068904826295051,7651634364659688163,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1896 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:8128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8025 --allow-pre-commit-input --field-trial-handle=1508,8104068904826295051,7651634364659688163,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1980 /prefetch:14⤵
- Uses browser remote debugging
PID:2308
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8756 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:7996 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:2408
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8808 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:9000 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:9024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1500,5590117022884948210,5995296008652066943,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1512 /prefetch:24⤵PID:7484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1500,5590117022884948210,5995296008652066943,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1616 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:8604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8808 --allow-pre-commit-input --field-trial-handle=1500,5590117022884948210,5995296008652066943,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1988 /prefetch:14⤵PID:4192
-
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\here\LICENSE-KEY.txt1⤵
- Suspicious use of FindShellTrayWindow
PID:1504
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3756
-
C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"1⤵
- Executes dropped EXE
PID:3984 -
C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:5192 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵PID:3008
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic /locale:ms_409 path win32_videocontroller get caption"3⤵PID:6736
-
C:\Windows\System32\Wbem\WMIC.exewmic /locale:ms_409 path win32_videocontroller get caption4⤵
- Suspicious use of AdjustPrivilegeToken
PID:6656
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "dxdiag /whql:off /t C:\Users\Admin\AppData\Local\Temp\dxdiag_1737314119_7230.txt"3⤵PID:6612
-
C:\Windows\system32\dxdiag.exedxdiag /whql:off /t C:\Users\Admin\AppData\Local\Temp\dxdiag_1737314119_7230.txt4⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6556
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "chcp 65001 > nul && tasklist"3⤵PID:2340
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:3488
-
-
C:\Windows\system32\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
PID:1008
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist /FI "IMAGENAME eq firefox.exe""3⤵PID:4656
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq firefox.exe"4⤵
- Enumerates processes with tasklist
PID:4476
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:4780
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:6124
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:1216
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:6136
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8854 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:2916 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffc508346f8,0x7ffc50834708,0x7ffc508347184⤵PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1484,15899017034988801100,7816592530969622407,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1492 /prefetch:24⤵PID:5784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1484,15899017034988801100,7816592530969622407,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1836 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:5840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8854 --allow-pre-commit-input --field-trial-handle=1484,15899017034988801100,7816592530969622407,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2012 /prefetch:14⤵
- Uses browser remote debugging
PID:6704
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8099 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:4424 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:1740
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1488,i,14283745845422157525,478747361088079740,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1480 /prefetch:24⤵PID:5632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1848,i,14283745845422157525,478747361088079740,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1844 /prefetch:34⤵PID:5776
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:3912
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:5808
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8916 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:6688 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:1240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1452,i,10037081971901626608,6073233998135709634,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1444 /prefetch:24⤵PID:6456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1852,i,10037081971901626608,6073233998135709634,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1848 /prefetch:34⤵PID:1788
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:5344
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:1768
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:5484
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:3728
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8650 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:5068 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1452,10358135623828427795,12416766125656542998,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1480 /prefetch:24⤵PID:5360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1452,10358135623828427795,12416766125656542998,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1920 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8650 --allow-pre-commit-input --field-trial-handle=1452,10358135623828427795,12416766125656542998,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2036 /prefetch:14⤵
- Uses browser remote debugging
PID:1280
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:3644
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:6240
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8049 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵PID:6880
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:7024
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1480,i,10988289938524761333,17036130685839345349,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1100 /prefetch:24⤵PID:2964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=2320,i,10988289938524761333,17036130685839345349,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:34⤵PID:7684
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:8632
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:6900
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:5652
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:8720
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8567 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:8748 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:8756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1472,12213004868516184100,13936045476380908842,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1484 /prefetch:24⤵PID:5748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1472,12213004868516184100,13936045476380908842,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1844 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8567 --allow-pre-commit-input --field-trial-handle=1472,12213004868516184100,13936045476380908842,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2016 /prefetch:14⤵PID:1736
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:8160
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:4060
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8425 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:5340 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:2200
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1460,i,3102040918012217595,14430402375479120594,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1452 /prefetch:24⤵PID:7288
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1852,i,3102040918012217595,14430402375479120594,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1848 /prefetch:34⤵PID:636
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:5132
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:7444
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8366 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:7084 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:5860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1448,11370926041216336341,2379078258710192010,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1468 /prefetch:24⤵PID:5344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1448,11370926041216336341,2379078258710192010,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1860 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:7964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8366 --allow-pre-commit-input --field-trial-handle=1448,11370926041216336341,2379078258710192010,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2012 /prefetch:14⤵
- Uses browser remote debugging
PID:5880
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:5064
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:7868
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8713 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:7376 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:1816
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1464,i,13608431347107466527,6282051977341354925,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1444 /prefetch:24⤵PID:3744
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1872,i,13608431347107466527,6282051977341354925,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1868 /prefetch:34⤵PID:7396
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:7508
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:7476
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8220 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵PID:7732
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:6388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1488,14688418491069175738,9038678489050788687,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1500 /prefetch:24⤵PID:7232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1488,14688418491069175738,9038678489050788687,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1824 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:6832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8220 --allow-pre-commit-input --field-trial-handle=1488,14688418491069175738,9038678489050788687,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1948 /prefetch:14⤵
- Uses browser remote debugging
PID:8716
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:9880
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:9976
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8994 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵PID:9784
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:8912
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1452,i,10529942076558977148,10982077256016163741,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1444 /prefetch:24⤵PID:5812
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1848,i,10529942076558977148,10982077256016163741,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1844 /prefetch:34⤵PID:6956
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:10164
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:6896
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8263 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:6468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:7844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1440,3496167440705045052,386197766827809313,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1452 /prefetch:24⤵PID:5488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1440,3496167440705045052,386197766827809313,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1864 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:9644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8263 --allow-pre-commit-input --field-trial-handle=1440,3496167440705045052,386197766827809313,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2000 /prefetch:14⤵
- Uses browser remote debugging
PID:10064
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5524
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6724
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5660
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5580
-
C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"1⤵
- Executes dropped EXE
PID:372 -
C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:4708 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵PID:2188
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic /locale:ms_409 path win32_videocontroller get caption"3⤵PID:1696
-
C:\Windows\System32\Wbem\WMIC.exewmic /locale:ms_409 path win32_videocontroller get caption4⤵PID:4368
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "dxdiag /whql:off /t C:\Users\Admin\AppData\Local\Temp\dxdiag_1737314144_5283.txt"3⤵PID:5748
-
C:\Windows\system32\dxdiag.exedxdiag /whql:off /t C:\Users\Admin\AppData\Local\Temp\dxdiag_1737314144_5283.txt4⤵
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:7444
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "chcp 65001 > nul && tasklist"3⤵PID:3224
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:5304
-
-
C:\Windows\system32\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
PID:7868
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist /FI "IMAGENAME eq firefox.exe""3⤵PID:7968
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq firefox.exe"4⤵
- Enumerates processes with tasklist
PID:2820
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:8108
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:7448
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:7732
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:7476
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8031 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:7588 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:7580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1504,i,8409241454504929203,17262100775508427648,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1496 /prefetch:24⤵PID:4308
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1844,i,8409241454504929203,17262100775508427648,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1840 /prefetch:34⤵PID:6712
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8121 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:3364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:5712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,8433805433444427839,11499861383461964593,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1492 /prefetch:24⤵PID:7980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,8433805433444427839,11499861383461964593,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1840 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:8012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8121 --allow-pre-commit-input --field-trial-handle=1468,8433805433444427839,11499861383461964593,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2000 /prefetch:14⤵
- Uses browser remote debugging
PID:1852
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:5440
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:3320
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8161 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵PID:6368
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:6204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1464,i,4756698957810028769,10634747458949302338,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1460 /prefetch:24⤵PID:6620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1844,i,4756698957810028769,10634747458949302338,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1840 /prefetch:34⤵PID:7252
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:7036
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:6432
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8423 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:10104 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:10116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1480,15742947949307662569,1981522756850541473,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1492 /prefetch:24⤵PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1480,15742947949307662569,1981522756850541473,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1864 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8423 --allow-pre-commit-input --field-trial-handle=1480,15742947949307662569,1981522756850541473,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1956 /prefetch:14⤵PID:2012
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:6844
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:5408
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:2200
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:1756
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8685 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵PID:8548
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:7272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1488,i,14899705802336017977,17808221845693180472,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1480 /prefetch:24⤵PID:7060
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1872,i,14899705802336017977,17808221845693180472,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1868 /prefetch:34⤵PID:6220
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8895 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:6300 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:7664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1508,13215176650961325722,17522806989839286205,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1516 /prefetch:24⤵PID:10200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1508,13215176650961325722,17522806989839286205,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1880 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:1008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8895 --allow-pre-commit-input --field-trial-handle=1508,13215176650961325722,17522806989839286205,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2024 /prefetch:14⤵
- Uses browser remote debugging
PID:8112
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:10024
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:6192
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:4920
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:7464
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8404 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:5432 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:4468
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1492,i,17473539154641186827,4165330697961109496,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1488 /prefetch:24⤵PID:5976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1844,i,17473539154641186827,4165330697961109496,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1840 /prefetch:34⤵PID:5412
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8205 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:5492 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:7736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1512,7844076037138531007,10167689049764976527,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1516 /prefetch:24⤵PID:6952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1512,7844076037138531007,10167689049764976527,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1860 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:8116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8205 --allow-pre-commit-input --field-trial-handle=1512,7844076037138531007,10167689049764976527,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2004 /prefetch:14⤵
- Uses browser remote debugging
PID:744
-
-
-
-
C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"1⤵
- Executes dropped EXE
PID:2724 -
C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:5588 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵PID:6224
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic /locale:ms_409 path win32_videocontroller get caption"3⤵PID:3972
-
C:\Windows\System32\Wbem\WMIC.exewmic /locale:ms_409 path win32_videocontroller get caption4⤵PID:6656
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "dxdiag /whql:off /t C:\Users\Admin\AppData\Local\Temp\dxdiag_1737314146_1010.txt"3⤵PID:3820
-
C:\Windows\system32\dxdiag.exedxdiag /whql:off /t C:\Users\Admin\AppData\Local\Temp\dxdiag_1737314146_1010.txt4⤵
- Drops file in System32 directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4640
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "chcp 65001 > nul && tasklist"3⤵PID:8676
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:8716
-
-
C:\Windows\system32\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
PID:8728
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist /FI "IMAGENAME eq firefox.exe""3⤵PID:8412
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq firefox.exe"4⤵
- Enumerates processes with tasklist
PID:8356
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:8300
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:8224
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:8292
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:8216
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8669 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:5292 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:5768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1496,6459268950599991190,5052777510515656663,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1500 /prefetch:24⤵PID:5304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,6459268950599991190,5052777510515656663,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1848 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:3792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8669 --allow-pre-commit-input --field-trial-handle=1496,6459268950599991190,5052777510515656663,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2000 /prefetch:14⤵PID:9060
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8263 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:5256 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:5828
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1508,i,6689733330459542726,16170978524718605930,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1500 /prefetch:24⤵PID:5884
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1860,i,6689733330459542726,16170978524718605930,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1856 /prefetch:34⤵PID:6628
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:8344
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:8268
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8577 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:3776 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:8772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1480,10146916709788827490,2540736075645326042,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1500 /prefetch:24⤵PID:8272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1480,10146916709788827490,2540736075645326042,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1832 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:1660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8577 --allow-pre-commit-input --field-trial-handle=1480,10146916709788827490,2540736075645326042,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1952 /prefetch:14⤵
- Uses browser remote debugging
PID:7484
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:8196
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:8204
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8965 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:4000 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:1564
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1448,i,13979431357461349378,17444024128662556599,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1452 /prefetch:24⤵PID:5748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1848,i,13979431357461349378,17444024128662556599,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1844 /prefetch:34⤵PID:3736
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:5932
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:7836
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8041 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:5720 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:5712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1500,14639311473054379833,12663438411687462737,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1508 /prefetch:24⤵PID:8332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1500,14639311473054379833,12663438411687462737,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1868 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:8056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8041 --allow-pre-commit-input --field-trial-handle=1500,14639311473054379833,12663438411687462737,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1984 /prefetch:14⤵
- Uses browser remote debugging
PID:8568
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:5664
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:10104
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8811 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:7976 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:7984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1436,i,7183273055481309119,13066757615437727859,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1444 /prefetch:24⤵PID:8800
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1844,i,7183273055481309119,13066757615437727859,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1840 /prefetch:34⤵PID:3076
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:1300
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:7264
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8604 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:7468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:7740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1464,6315908334940859621,14387014051516724127,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1476 /prefetch:24⤵PID:6496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1464,6315908334940859621,14387014051516724127,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1852 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:8072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8604 --allow-pre-commit-input --field-trial-handle=1464,6315908334940859621,14387014051516724127,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2032 /prefetch:14⤵
- Uses browser remote debugging
PID:2192
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:7072
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:2584
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8621 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:5028 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:3332
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1492,i,13132886356305167692,5980366419001501217,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1484 /prefetch:24⤵PID:2924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1852,i,13132886356305167692,5980366419001501217,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1848 /prefetch:34⤵PID:4064
-
-
-
-
C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"1⤵
- Executes dropped EXE
PID:1820 -
C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:5188 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵PID:1660
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic /locale:ms_409 path win32_videocontroller get caption"3⤵PID:7544
-
C:\Windows\System32\Wbem\WMIC.exewmic /locale:ms_409 path win32_videocontroller get caption4⤵PID:5052
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "dxdiag /whql:off /t C:\Users\Admin\AppData\Local\Temp\dxdiag_1737314150_9317.txt"3⤵PID:8436
-
C:\Windows\system32\dxdiag.exedxdiag /whql:off /t C:\Users\Admin\AppData\Local\Temp\dxdiag_1737314150_9317.txt4⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6544
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "chcp 65001 > nul && tasklist"3⤵PID:9676
-
C:\Windows\system32\chcp.comchcp 650014⤵PID:9728
-
-
C:\Windows\system32\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
PID:9744
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist /FI "IMAGENAME eq firefox.exe""3⤵PID:9772
-
C:\Windows\system32\tasklist.exetasklist /FI "IMAGENAME eq firefox.exe"4⤵
- Enumerates processes with tasklist
PID:9952
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:9992
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:10140
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:10000
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:10056
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8654 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:10188 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:10200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1492,12499563557824502080,8114719755652737721,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1500 /prefetch:24⤵PID:7232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,12499563557824502080,8114719755652737721,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1848 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:7336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8654 --allow-pre-commit-input --field-trial-handle=1492,12499563557824502080,8114719755652737721,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2000 /prefetch:14⤵
- Uses browser remote debugging
PID:6588
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8718 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:10232 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:5064
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1484,i,12837436978394046420,11460040985550596255,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1476 /prefetch:24⤵PID:5272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1844,i,12837436978394046420,11460040985550596255,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1840 /prefetch:34⤵PID:7924
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:9444
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:9632
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:9496
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:8508
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8673 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:8436 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:9652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1460,13881693089989470302,3113597562435066052,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1528 /prefetch:24⤵PID:9916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1460,13881693089989470302,3113597562435066052,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1856 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:9812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8673 --allow-pre-commit-input --field-trial-handle=1460,13881693089989470302,3113597562435066052,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2020 /prefetch:14⤵
- Uses browser remote debugging
PID:5384
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8164 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵PID:6068
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:9688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1496,i,16187828104092477027,12801313363075523990,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1488 /prefetch:24⤵PID:9900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1796,i,16187828104092477027,12801313363075523990,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1792 /prefetch:34⤵PID:9804
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:1612
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:2280
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8900 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:10076 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1504,4324709334450747103,2454639996856987229,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1512 /prefetch:24⤵PID:9616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,4324709334450747103,2454639996856987229,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1596 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:9540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8900 --allow-pre-commit-input --field-trial-handle=1504,4324709334450747103,2454639996856987229,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2032 /prefetch:14⤵
- Uses browser remote debugging
PID:9384
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:4852
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:9268
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8165 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:9332 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:9228
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1472,i,17711826777070304208,15961212239553924659,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1448 /prefetch:24⤵PID:6988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1844,i,17711826777070304208,15961212239553924659,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1840 /prefetch:34⤵PID:2588
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM msedge.exe"3⤵PID:4928
-
C:\Windows\system32\taskkill.exetaskkill /F /IM msedge.exe4⤵
- Kills process with taskkill
PID:6920
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --headless --restore-last-session --remote-debugging-port=8566 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:6356 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc541646f8,0x7ffc54164708,0x7ffc541647184⤵PID:6224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1504,1032513837638425552,8353066031731025508,131072 --disable-features=PaintHolding --headless --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --mojo-platform-channel-handle=1512 /prefetch:24⤵PID:8664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1504,1032513837638425552,8353066031731025508,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --use-gl=swiftshader-webgl --headless --mojo-platform-channel-handle=1876 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:6900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=8566 --allow-pre-commit-input --field-trial-handle=1504,1032513837638425552,8353066031731025508,131072 --disable-features=PaintHolding --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1996 /prefetch:14⤵
- Uses browser remote debugging
PID:1128
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "taskkill /F /IM chrome.exe"3⤵PID:5180
-
C:\Windows\system32\taskkill.exetaskkill /F /IM chrome.exe4⤵
- Kills process with taskkill
PID:6340
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --headless --restore-last-session --remote-debugging-port=8578 --remote-allow-origins=* "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --profile-directory=Default --start-minimized3⤵
- Uses browser remote debugging
PID:9344 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5097cc40,0x7ffc5097cc4c,0x7ffc5097cc584⤵PID:9264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --headless --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --field-trial-handle=1460,i,9706707197506926046,15531062491253950014,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1436 /prefetch:24⤵PID:8456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --use-angle=swiftshader-webgl --use-gl=angle --headless --field-trial-handle=1852,i,9706707197506926046,15531062491253950014,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1848 /prefetch:34⤵PID:7268
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5988
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:7808
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8848
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8992
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1704
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8180
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5548
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8728
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:7492
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:10180
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8496
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6452
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:7072
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8384
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6112
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:8160
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:7604
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:9720
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:7152
-
C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"1⤵
- Executes dropped EXE
PID:1596 -
C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"C:\Users\Admin\Desktop\here\ZcheatLauncher.exe"2⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:8364 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵PID:2140
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "wmic /locale:ms_409 path win32_videocontroller get caption"3⤵PID:9820
-
C:\Windows\System32\Wbem\WMIC.exewmic /locale:ms_409 path win32_videocontroller get caption4⤵PID:8512
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5908
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:9856
Network
MITRE ATT&CK Enterprise v15
Persistence
Event Triggered Execution
1Component Object Model Hijacking
1Modify Authentication Process
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Modify Authentication Process
1Steal Web Session Cookie
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4B
MD5f49655f856acb8884cc0ace29216f511
SHA1cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA2567852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8
-
Filesize
40B
MD573d076263128b1602fe145cd548942d0
SHA169fe6ab6529c2d81d21f8c664da47c16c2e663ae
SHA256f2dd7199b48e34d54ee1a221f654ad9c04d8b606c02bdbe77b33b82fb2df6b29
SHA512e371083407ee6a1e3436a3d1ea4e6a84f211c6ad7c501f7a09916a9ada5b50a39dcb9e8be7a4dee664ea88ec33be8c6197c2f0ac2eabe3c0691bc9d0ed4e415d
-
Filesize
152B
MD5e443ee4336fcf13c698b8ab5f3c173d0
SHA19bf70b16f03820cbe3158e1f1396b07b8ac9d75a
SHA25679e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b
SHA512cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd
-
Filesize
175B
MD5428e7c360fea40fdc0bdbaa649c8f520
SHA1486383dea9e6a90c19d3d9b77bd382ca25e16aea
SHA256d0b226f4aa9492b1fdde1958a081c3425423063f6ec2da6a2d39da383d3a1040
SHA5122932c4736a82be5f69102d79d2ed80d319a1e58eeaa519e90bcc94cbb721aae23bddd16fc3accb4d6bf1f15823821e5e4eb4b3f7d02e14e7347001026aafc0f2
-
Filesize
96KB
MD5f12681a472b9dd04a812e16096514974
SHA16fd102eb3e0b0e6eef08118d71f28702d1a9067c
SHA256d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8
SHA5127d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2
-
Filesize
34KB
MD5f4ec5eb6396729c52747c0038ab6d1f8
SHA17a57a1cad7f3462255cfac26ffaccd997da5cb91
SHA256c4229a342228e0ede3f1ab2e5143785249489c7554d2b7ce9ac4f5ac9ba364ba
SHA5123e571180c7864aa7d2ed718c403712feded090fe8baa49434d9d6e91ab043ce7f189df2ea7f0d62c419aec65ba955df3f08d7e1691ad24973fc4299d20ab3b72
-
Filesize
46KB
MD5add14680e557f58b603ad9eefc2b5e06
SHA1f5d195a570a0642f86e9b8f60a2a0115c2045e12
SHA2567861d5806e8c00db9fae3bb5b397612686a84b97ad6bc3e249660cc8371047fc
SHA5124422466effeba84737f48aebf3dd2a00db6b2247605b1ae123cd8b0aa28b70ace4c23cfd4e022908c8aa3a8ef33a660b2b1888b7db916f6de46dd242ec271428
-
Filesize
71KB
MD5796a3e2ecf2e31669defc1b3e07df327
SHA139c896e7217f9c2beaac7a831a5c24e1fff94714
SHA256803969a018b78e0ca670c0cf2c7b8ff62efd7dcbdc049070f0109d1147453cea
SHA512429dbbde27e65cc66754c3436153e04f9cde4800553caa678f8aebd55adb2490e93b7822650067eaa51094b47b5db1003af8c4d06aa1acb5d8531666cc308381
-
Filesize
56KB
MD5fcaf763430357afc957bdbc6c6bf8abe
SHA19733b6bb5a612f6bb4da9988765e8472d29f50cb
SHA2569b70285204eff98a48c2fc1c228ccd2d8d1703ce743fdca8295b1ee6620d5dfb
SHA512ed8af73f480a4ab5b962a6d6926315b1231d2bfeda3220b3d78f00fd0303fdafc632e1e3c761e60875cd23ffd358602be5b277f34618dacbb88b1edc3eb6c2ed
-
Filesize
104KB
MD518f232ff4083db859e5ea3cfe19b331d
SHA1640cc27b7c2caafd5c5849eade665aabf47871fa
SHA256a222a7967a53c2ebf2fd47ce68048ff3e2dcd3da6cc446f330522963ca4470db
SHA5124ae0e5f0b0972f38429108b8b4563d416e0387b1cccd09764e4cfb31f30cc1c9901f90af8f8d2a883bca3fd687966dc96cdf8b16559ef615efe45ab1771d6d77
-
Filesize
33KB
MD5869895b21d75275f39d2ad59329bcae1
SHA1b6ea7b3e9085cd191268f760187c93c361e2d016
SHA2563e970802d770e94e85ba7f00f0871bfd478ca56a6dea01c38645469d7b965e7b
SHA51282575722c2419791b8ab0c15dd5b95e2ffa4e9dd1e176406cee13a4fab03a310a32b67a46b9df68614302d6fc7223ff4cd0c6955b449a6418d2f7eeb2d25bdcd
-
Filesize
84KB
MD59267440cd99e133480b7034a26b55507
SHA1cee6f8bb7ba73e561bc8ee6ad9297d234198860d
SHA256218bb3cccac55c6980c5e0d279e631ec882cbf92c2e5a1bcee8d6b3b15217447
SHA512e9aef2bd07e7f6bbd0baea39d7843de4925e43abdebebbdf0d10f6caf740587fb9469c435ac3be91a0972e7010bf2b2e81c9fc7514976d88bffa22014391f98f
-
Filesize
25KB
MD549821b984bb07c6d7baffcd53a8f3d30
SHA1e48bdaed8e3ec6ff6d497331d761962e64c1db8c
SHA256de4578b106f081ca96a4f886dafdb073eae80019de72d63e9245c83ed2298206
SHA512129f5341327d55187d6a479941ea05d49907e0297309c7d41b842fc380617a91250cde87a55352af1255a319caf013c5526d2309263e8539a6c377093d75ec0a
-
Filesize
30KB
MD5dda0315944a134809ecc147aac0cbe32
SHA1d2775a5e61cd68ae69ae4a57ed10d7477432e158
SHA256d3e14866f38e605fbb418ace3f704bd4ab064f6b7599fff45f0dc65d1ec03788
SHA5122543274a4e352887b6a56a61d93f5be38554ba70c8608e8fd21a5b9534a9e1c6291b57948adc922a0e235eba1f9b513c158fe485923e2f705cdbbce59923c31d
-
Filesize
261KB
MD51d41ad63f856aa331a0b208fea23e1de
SHA197d18c1c8fd7ee7887b2723d9e1058aeef8059f8
SHA256cf025ba0e686a915699bcdc2f1647ddd201d2cecfba82633aa3448ab1dade6ae
SHA5121597273acce19ce1db52bab96203d03979c7884d892f4d8342df96e2018890dd2044b0cb52aeeac49de37dd557c39719d43f25669ba5d25dceaeb2571de97d87
-
Filesize
24KB
MD553d606a375ed324a691fa41c031143b6
SHA17242df83d51777773d12f18018db3de73d590cde
SHA256c6ba974df9005b786f5ad5b6e984021ca36f28518247d40dfd0adc6d095200dd
SHA5126222ea0eafe10fc4503ca79dcaf19fc29990bb12cc9dd8ac890cd2af223b9b7b14fc6a1bede95ae4407d557d2546000fe1756582720dc7fde44885a6825d7870
-
Filesize
41KB
MD5d2028c5d90fea781471fe83062290972
SHA10bfd655d1967dbf20fb2d25d1a24901f1adee7c9
SHA2564c9168aaf7391785f101571ddc412ae1a5d03f9553f900d207a959cc35f38dd5
SHA5127674212620231e595c1b23f6641aaa52856566c9600c082b323bdc554ee0f1d083b9ae7c36daeec93979adb45930c5ca07b779bc2456d7c80d49ee4cf84ba1b0
-
Filesize
48KB
MD51ae0e7ef725c75298c6f2cbff14ce078
SHA1378af4b0e574e64f7791e747aee2489adecab61f
SHA25658b45d6cd339ee8e1a6d1b4264b5f8e772e53a4d96edf0e47236130e8adc9226
SHA51262cee0f215e40bccc8b938d130b7b16457f8f21541676c67805c7e6862e0395cc076ae4badbbf4daa95e34f6b744f88c6d16c1d3d78dc33d7c42163ba303e693
-
Filesize
60KB
MD50ed4b668f8328907333efe75d606ced0
SHA1a735959ae6cf7e88c21349f80e307fd06bc8fb72
SHA256d734bd294d2fe5b718276aecfef17be1c6cd6f2a5edd711677dc84477eebb10b
SHA512d40863d38dc031bce7117d712c4e1dc4439debcf796ecfa7f12609f198c9afd1f051c5c37e64a954b8c2254ff9ef3b990779531f18027766eb536ad72b39e5c3
-
Filesize
859KB
MD516dc754352d82cbfd7c31ce5434add46
SHA1b4cc33496fe3c71fa27bb315f21d0bc175057ec9
SHA2560114a5d74431d5f1db4ea74d030550be8b1a593b28586844430e22e09899e5dd
SHA5127b5411b83f03e7287775718505a068c775cde91d929bf645e67565881655298d28b8331734590042fae7873dea30e226514d9fe8215c5b400b9529a2802ccb7a
-
Filesize
292KB
MD550ea156b773e8803f6c1fe712f746cba
SHA12c68212e96605210eddf740291862bdf59398aef
SHA25694edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47
SHA51201ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0
-
Filesize
9KB
MD589e6524df314db55a4da22e59502dd24
SHA13da6e6929827c5a32bca43809baa86c1c892313a
SHA2565b0f625c70d35c11c379af78b0bdb2ae3de84ab9e2b7ee7f398b0d08e04a5e6b
SHA512e08dcfa99e146083cec3de297f3e6160b745e1c1d11a7d38bb47ebfaec9551f7cdb4c7c8e37116caf70fe99a9768fdf048e037162c449c37481e377a3b2d727d
-
Filesize
39KB
MD5668532ca93ee07c982c1bc63f86caa64
SHA1a21576810a40e1274d44865f6e7f17933a088704
SHA256d7de033bb37f6fe5af75f0dde111aaca7ec89237cdf957e5cc0b8b85350e5e03
SHA51242e258b06dc9a38bf7002f9740ac9a7b9ae1147562606024f5fcce2466fb272acc6ad6d78201ad82965eb6e304f7ada7c5ef269ecbe304940c9d541710a03e1d
-
Filesize
1.1MB
MD5a0351929c71ee4f23d9d8be7ce15644b
SHA10a87d2fba4ad8d89bbcdee33556a137cfcb1b9dc
SHA256e0f64969295c0fe749029964baff0c0678ad85ddc5fa3d5f65f620db201ded36
SHA512f43ced9f0d0ec7443282efca61b0285a8f8bb9cdabe99f5c0fe3d20cfa67c44111df8272468e01b5c7e6e4623a25793c61d0ea285b8e2eaeb6e307e8afaf1b54
-
Filesize
23KB
MD54e261cbb8247260ea91860986110f805
SHA11563d67c2aabcb5e00e25ef293456c6481a2adc3
SHA256ddfd0755e011ea0df26d77cf3628e2cc59653aee02bf241b54b6b08561520453
SHA512076cdc8759f9cbbf7f8dc7b1eaba3c51f6c40ae6043b1fb55aa2fb83f81e86933d0f885a61d83300173b9bd7c589ff126e2a5d858a3f4036390d02eb1e73d229
-
Filesize
200KB
MD5f102b45ffdf3c2930f040a06a23816ef
SHA11f8b03235b0efddb3091105a54ab95883a991514
SHA2565645e02f836654d144d9627de8861af27bdc3060283fdc4a42e613ef791bb53a
SHA5126b49b03fca8211d15640e985d62b0a241f46d77653e81e5440923eadf3ef806f248b30579f290e724bda8fb3e19b66139d1cb19dce2b529311c467823716a628
-
Filesize
86KB
MD5b9e494c853bba2a2f092b3c642a82068
SHA15dd07718f39e2a582bfbb45668419a9fd913cff5
SHA256291d7bcc0234c1bf87efd53d73aba765d4721f830b0ed802f69043ab4c891e8b
SHA512f379646d305eb1d5b9b86df04a568c27a5b1883934e5b2549e630979b4dc9a4564086e987e1fbc3773607878a6d87c3699ed13bdda3ad63863d98ce94aef3fb7
-
Filesize
63KB
MD507bd9f1e651ad2409fd0b7d706be6071
SHA1dfeb2221527474a681d6d8b16a5c378847c59d33
SHA2565d78cd1365ea9ae4e95872576cfa4055342f1e80b06f3051cf91d564b6cd09f5
SHA512def31d2df95cb7999ce1f55479b2ff7a3cb70e9fc4778fc50803f688448305454fbbf82b5a75032f182dff663a6d91d303ef72e3d2ca9f2a1b032956ec1a0e2a
-
Filesize
1.4MB
MD5a5bf8ecade6f489c7dee24c7c5859b11
SHA14f43161151955bbcae9bcd6cb0aeb9d4944b19d7
SHA256bdd69139afe0c962327571d85aaf83245bbeea8b095e890f59a32aae15a2ea7e
SHA512508f18ea45e13b2f881d893cf265894daced7b293d2299a6548c620f97d7b607cc66bdeb1239ada7a0859af455509ca2db9a4b7dfac221977bea10bd79c28143
-
Filesize
157KB
MD5bf514d4857e3e995e6010f1baf5d067e
SHA124f1df10dca3861b9ae8bbc9ed34cf574ca9ea57
SHA2560fafde8b3e5fa63800f3f320614856de042ba03f44401c17b4dfecde805732e0
SHA512c0be56dcac35d021d5b052ec4df27da4f97e7badfa3ca47ffd834920b342db544f5369d847089ad7a987a5d08e90cfe8ecbb86c824cba034b8dd3f76e6a68f11
-
Filesize
61KB
MD563851464650116dabc61a9e6e664f053
SHA1800ad3491c8999ffb1641e819c1b6fd2b804a610
SHA256b6b9b8113f6a060e70bafdcc5c4173e8efa6a7a6c086eeb722e8f517c9622eb5
SHA51262d48e342e148ada415afa5c0dfcf217b7ee6591852ab7ee7aefe6ee93279f404733e5b1d29f6845299529ebc39a931cf97ecff7418c1bba3b27d77e3b821dbb
-
Filesize
24KB
MD518c235b41616d8412aa31dbab1ead88c
SHA168006efdf561880f5d7093ca3daeafff6120845a
SHA2569e28c7d01da0c02c88d12e3cce540088fc073fc891fb74eb39b7eb3a5c416c9c
SHA51202cc6359dd092dec9a9d71a0fb2bf97a4b7acf8c1b0609c1c266775ce09aa3022c570e9e41dc36d2cfd788823ab6d0e1b09eee921799d7e81e2dfd889e563e81
-
Filesize
1KB
MD54ce7501f6608f6ce4011d627979e1ae4
SHA178363672264d9cd3f72d5c1d3665e1657b1a5071
SHA25637fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24
-
Filesize
605KB
MD5bf9d9f2eecf15d0a61dc4392dc4d377e
SHA158448c9d08877828cd48dd8195693a9eecfd9963
SHA256bf32edf3488b09c1f8f59c85938c6b5ee4f474328c9765f36fe9f438d83c75e5
SHA512c84f945167d1c877463402ec8f2ceeb79b72e5363ee17203e9a9ccfdafb37e82af8f4acaab37c56a297ba20c81321e0e3026830512d767690f5838430212ec7c
-
Filesize
288KB
MD542e6334acca685c0dd36938c89b4754f
SHA1e60c20edc793232d700952c93978aca819ee36d8
SHA256607a1921a44ee80207050a7c4c0631dc13bf7c97361ae2b4c568687ca67d89e9
SHA51222a9e64d972857f503f3b272cb6bf8f75a5f603f5f7a441800cc5e448997e1c80ba079caf252f03c6a55ebe067cc404cd22ef08ecf3643f1fa17d6f68d93e4e1
-
Filesize
46KB
MD5df96002246b245f7553d3c6c2645d9eb
SHA1e40ceddf95b19559498a7a910e5ab1075c4a7984
SHA2569a7634af6e08b0b2fa2edcecb07ffc64bf2c45971416ad9c2e08ee8d4c4eae0e
SHA512507584ae56667806f9c19dc5dbca8ca5ff83b38f35a8da6fc58d8da212f2a9b0c7f3317c6eec22517293d08766ebed1be205140e60fcb903e3e9b108c205e485
-
Filesize
167KB
MD5ab7ed53efcd117f758464ba217683279
SHA16e97c4bb849ef7b06714175f2385a53c9ee8dd17
SHA25656db3e5065806b99c72a2fdc4932e854a307a784138af5208fc5170ab44969b0
SHA5126f99bcfd202591e6d54ef934e217c63c0a06519d345e39d306d701227a14c621c820a960f4c38132ed04ccf92ef000c1858aec30ebebe2dc461457b755359cd9
-
Filesize
9KB
MD5852d3b54abf69ae596f078bb5b70c5a3
SHA13cd5d7d8cbb73f6bd5f8539c501bdc22ec868cfe
SHA256b7599ec6cde0155c02b18da717170b6ec43a505958d1535bc82fc5ba03f080b4
SHA512505014d8e793c5cf18571eff5e412a513a7cc0b7334cd708997f8ed3f712f4364ba53fa77ca19c494ed972f1df85c96395786bf983c6e7977a7439c1c4e4312f
-
Filesize
10KB
MD5548a0edaeffabc649fa70fa755215da5
SHA1c906278adfe4d0c677c40b43c4166c5d5cc83251
SHA256d91782520bb9219dcc625c8caf2f0872734cd60d3a8165608a70107a2afcb547
SHA512e83d53bf42284fcb3c7786f0f50cf6ca7b80a48410336d227f947372166c269a79f634b447f47b8de9ec94bd3f229b455cfe3c218e3a41b742a72af0d501a2d6
-
Filesize
10KB
MD50a45d55a5c3b7954840f4e5236df1bc7
SHA1b1a2e8fe3ad57a696a28aa6295a1ae0556b150e3
SHA256c4ecd2ed456d01c36c326d20dab64c703e4c69e188c57b2fd44aa57d0844b51d
SHA5125735f330295ae1bd1483e57d300950111ca93e50fbfe8c19b8afaca254fc855602925a4791b7b15da5c7d4f7b8cca76cf4fd77bdcc3861e0e42e800717b290cd
-
Filesize
17KB
MD5e339e1c90db3da9c96f9ed037913e273
SHA14796a7050515cfc1cea5fbf1803205a904319670
SHA256a9bab5abdec4db78173e1046b2bf068fe786343b72181cd9cb0b13f65bb49f07
SHA512ba71fb74386bf86493040ef7ca38babdbe01924debb598210189750c6119ac0cb4d017e5e9146dfec2caae3ec9915ba4a747972ed9a5f63a98c81e3b2b0ca6ca
-
Filesize
11KB
MD58d4a3c0c70aaa73d83d5114e5e00219f
SHA1a5729ac0db12d3753bc972d5ece90f78ee36738e
SHA2567f2a6ac48b96312c56692fe427a86346719b7a93ab47c505b34a3ab276455b05
SHA51256ac28e0c6121a7c4c42ce098770cac2302d4f495ac9a77884dee035f1522e0e46de3c53a44b3108baa30df8c20e0c8d143076988ca9b460be46e2c823f21cda
-
Filesize
12KB
MD559e308df7943d6a96869553bdfc6805e
SHA12abf3a473e8b7da2ad1e70cfb75952eade6f5a2b
SHA256d0613d0b66c3ed4fc98fc797058e16dfffb767dcd7f241dc2c6dfd454b720eb6
SHA5125fea2056c4a26dc643cdbc0b9d66cdc11668fd237bf26f29a4a258641de69de1b681caa57d078e03998efbab42be037b52b44178717fe7c83ed4eafb303e6107
-
Filesize
15KB
MD5a0f11a9b809e2642a43870997f69f121
SHA1f67ccb2ed02f7fabdad43b212c5b32608ec51e28
SHA2561506208a8b084d5f17d5137a8ddf42807514a48ba70bb7d897eb9135921677ad
SHA512c2d5c21fa9515727c36e3e0458d276dc72511924a3bf7d669a04064387fc7f8e0016f361ba50dd8a1f14c361028c422422ff39959ebcd7195e1a9ab06636af4c
-
Filesize
20KB
MD5983a9f94f98c270ba51e7a444e0db341
SHA146f448fe59e6a57369aa3b9cea5c2830d421938f
SHA25695191f50114f9fc636c991c84f1f05788e4825452c66f4ebb792d58aeddfc521
SHA5126860592109e186cf9fbd72e89842afeceda5ea8ea6bf38671e5a5059c15758e5ee4ba1472942371c242607e2372a56e48269abcd729d3769a785a6afe0b4c49b
-
Filesize
10KB
MD5555e1006a3f6305e7fae73728362bf1b
SHA171c160e673290c453adfcd5f3269dea6d681d1c3
SHA256c16819b72b1d9b5828ab5bb74a1ba8c4e030357b9eff9e16cd341b6d7861d564
SHA512b98c71b262748e5a9d2e891e0fa36214f5a542e47393eaa4fd5b87dc2ec0561abdce70fe3974bf5d6d4525e776d41b7623d12e1d4dc6d0c5590814c098132f07
-
Filesize
10KB
MD5b1353273389a97a39108593205586436
SHA1f95d9dd414e9dcb68fa30bcdcac4ae8ec3be0221
SHA25617d0286e8e456f98264c4a3b78195d031c6df54436f13c59d3250f7577f31162
SHA51298d2997f78a57130063ca3a1dd4c17643679c9244f1121a2360b8bca57e3d250aae46efea694f217f1cccd6863a6c852a78d2eb72c6e9c203a2348cce01f3ef8
-
Filesize
11KB
MD58d9dbdfef250c6a57de564c69d02f30f
SHA1aaf9bc31afe71733600f47f493b1c836dc953691
SHA256879e7772f7c7ce5c3f5911e92d83e5623f888ba06c29bfe984299d7ff36e882f
SHA5123956f6780d973b94451312280ce412864c3554cf5789dded4d64aca10d2a5cb51a6ef665554be17bba05b44e28ea1303ab706be469361b1b057bf348b5b35eba
-
Filesize
16KB
MD5f01271b15a7bfd59f352e55786efe9bf
SHA184358f77dcb024e2fc350499d81cff998a5cb74b
SHA256535f236cd5e92801a3a9de5e9248f957d181545cc113e96cfb1e14d2f45a20a8
SHA512622c55f6f0dba12d21c7744d5e0261b169cda9419289008bbf15a1ccb5b13d289e2d3e34fb3612432f500018b4258d596a5146d396111a86dd335f285b987247
-
Filesize
17KB
MD56989ca1befd4432d2c25b1480a6d5469
SHA17442d9e07be8cef07752c4fe741eedcde447ab07
SHA256af74dd11c0667a0a59112dcf2397292aebb4536cb5ff92e604d954ea904fec00
SHA5122c5ac91fc151b4e23a5c628835b28a3ee7e156fe7b004d7f3d2ec82c5031bc88f3e99c2a28d09c534e2dda3131628a5aa8df0d97d66ae018add097c385176aba
-
Filesize
9KB
MD55348f3c927bbe53c60430cfb7c3010dc
SHA170631298e879086878ca4ec08bdcb8268b55e7ec
SHA2566b826e92d31104c33651305671ba0fff61a126d227b50d9a65a8d7e77fbb3f31
SHA5122f2e0c825d8c52a7527da3aeb1e46fc8e8b1b2faecfe70df2d83f86660f1991699362bd8ef7321ba869f0a288b058e1fc9604652517fec368ecd164ca8ec266d
-
Filesize
15KB
MD5739882918dd674b0115432d286188e35
SHA15308c42b724e9d65480554e48ed3837d02179e5a
SHA2562ce167493efd87a12639e66dd6a5624ea7a6e334daf030b34a94e09952c4bdaa
SHA512273959a482d27858c26d7e4e000a2c856b368d00abec807565fc21f3185a3999a38ba46460b9113df88b4f9608d2ae71a772c129e1d020fc8c7d894b26172618
-
Filesize
11KB
MD5a50a1e8ab899eb5b3339dd0f18f37b07
SHA19bb62bb618d09c6a32427259c1501b87c5be3a2d
SHA256cb710def6b3eb20045f261e4d998c78f08c89d3b4f087e3f78befbc41a07676a
SHA512ba705debe80ee333e9948aa14904e09dcc56b9347a0560ce625767589d2fbe14a2a64b97be0f5cce0d2edae20746c38e3725878785d6ebe39f94ab00d68e0e1e
-
Filesize
9KB
MD5252b75ce805693c00b3695fcc6e2f387
SHA16d6b8b862e7752f6a55700ddd0bca140581cada2
SHA2564f36b41937dbeb8a44ed33a09ba7144f0532a5dc9f4b35da2f6dfeb1919f60bf
SHA5120296985482572193ae9c94675a3ee94ce734311aa3f26a02708ec77f564335302c6806722293b5c4a1726ddde896f365aa5acfdee58cd3b630cf6425cdbb2741
-
Filesize
11KB
MD55d4384bbdace116adae34919ff1c1de0
SHA1e0e77de7e6bb5162cbfca808510ec6c40960b3e3
SHA256a3e9c1cbcb70a9f55961333db3f71c4dedc7b65b1e23388edef695c7afb0aca8
SHA5123cb7b5a50acc1b2b55cbf4aa73b8f43814251361c82e0e0ce20bf8fd06c7674c86ea55cae20cb16d29fdd8e13cc45a6e8a48034ff3079f46afde8f8b18592a44
-
Filesize
11KB
MD5b8a0d2af79db8e4f7e601c22abe50b62
SHA1fa5fee975ca16ef292a0e1e0e423cda76d70d084
SHA256b06de307bd9523aa231fad57b6afa139c366dd0204a0634972002a828e2ec2a4
SHA5121fb8623467c862a5143eaeb9059b4f3fc237ab2958df4a24ec21e1619544eff279e2f8a3ecf1732fe1f69fc8b8ecca819a60fa86834a8b16ba5155146e393a74
-
Filesize
10KB
MD5f0615042deb75202d2cc057248dbe316
SHA1d800c74be5042f2f961ac9c92ca5dac0f5348425
SHA2561af509f699291591026d16fee9aeaa59f2f0638ae202880b8410bdc4c3b478f7
SHA5124f2eea061884b5992e4a26e2ebcab7d53bcd05d1858d8df46e1846261a6c160dc01540c476401c01e819a6dd4cd4ac3c675c0e71d667a5f22fbf4213fa2582d8
-
Filesize
10KB
MD5c684b4ae37b6123264051a8a36950ac6
SHA1114828a542b04fa148924a3f482f97f1aa8d00d7
SHA256d0231732f6eb062446dff2924c0c5139a4b3fd59a15437b3572bdfe7afee5644
SHA51285ae76b6bde709d83897ab14e7c01699b37e02f680a9f13a93e82e2fe27487c1c00cedfceae0ed39838e461e7792adab0fdaa8beaaad15dddf390612da509d8d
-
Filesize
12KB
MD58f99b29c4d206f0e77c8ac454fc887cf
SHA1498224204fd1c23c86ffe0c6c1c4f9a6fabf314e
SHA256a774be1c0931694801b311f22dd952f1a745fc4716399511c92625be0b32e662
SHA512c6127028b562fc7c617ef97e9a2823e5faae634437992c1d0af2ce2a51852cdbc89216f43a82f6dd360a15bee062241b7f7848b89c5ba9ff0024797817948a0f
-
Filesize
10KB
MD52f771e0971877978b906a92c5646a2b0
SHA1374c9d262ed38794e25f3b7e08791c9fcaaabbee
SHA256ad5fffd35a82c9f53eae9e88dbaf904ec0c604369aeaa614fcc1eaf649a9ff59
SHA51221322227496f3030210c4ccf5d675356faf0dcc5a62245da7943e5c6ef838a745d6f1ccfd25ee0cbfd08f00f0eaf242bca5956da1d5f6930a047a0fb1c477c0d
-
Filesize
13KB
MD5992ace911f83c67829078e3c2ea1de56
SHA1627554c2396d7f6f4139889b80736b5b62c91ec3
SHA256cb915e9f708a5058062549cdce26558592962bcbd6baebbace0b10bb4807ef4a
SHA512208d68a3f33a570114489a9a9fac7777068a9a95f339515a1b229d457c37ab8dd519c3ae8c293286e8d6b6391e3c271d868ecca59ff63cafd7d72e2453a96078
-
Filesize
14KB
MD584dbe5199dfcea58a9db3c062d546808
SHA13836dc212313164c1a6ea67b71b1e07f98e0f555
SHA256fa46c814679d249e4cf27e8675cfa8b6f5b131e06cad0fcfae05be0b618259ca
SHA512b3eede63603cf82a964c06388d22ebb8e336d980bcb1e2642e281d302b0b7cacd492aa4df2109bb125ac348473188df254445261fa93cab01885efe0017620f9
-
Filesize
14KB
MD584a8be1a7357ecfc2b9688872db82bb6
SHA1757d991353f89e1a2df016749c21f033df049cbb
SHA25654cef93ec6993344856493a5f3e29350c81e5ebbd6c5de6f9af76beb5a3930ff
SHA51249e41ac4cddc3368293993a1b41f327cc02e10fbf7701ee230ceee8231588896cbad50590182b2b0018548ba9cc199feff36f765c916aa0501db0ea2ca88be6d
-
Filesize
15KB
MD5b05b994ac964865c2744bbae3ce0b5fe
SHA1fb9d9e61d91a0d3e4a01137901ee4f9ecdb4495a
SHA256d2d457412aa23a692e248d9e0af6117bb1a4bd54f0941089fe9a226ab0d4c1d1
SHA512363a869092dec47bae6f5805eb6064ee629eee8f2ebf996b384fa5c67bbb8ce2b6f7b8c394b453adc0b688bded4883e0804e77cac05d8ec9d95a5709bde90a70
-
Filesize
15KB
MD5d879e8cad21a84c6d9883743a164e15d
SHA14587d5a1752b29e78544e260a20e3bb1aaf7797f
SHA25696d126133ad979a35d843189a16ed007e2018ff1cd78e381739452e61cfc6028
SHA5122f9f6038c063184ada7fd3066690828ae461c24010a011c876cf5c3877920eaa4236477e2303435e6cd2204cc698147bdf9e888c95e89f1d6d31f8e4f26d8e16
-
Filesize
10KB
MD5b0a1cf85345d4b058447e801a947acd6
SHA1a55c2e2ef6e363e9c2c0bd262b0712ec0a6861ca
SHA256a50bd72fa5b39b1d30a73beb05c7fb84cf88aabc718a089396837e87d4550a9f
SHA512261eb9b45967baf662253f5e76e1e9ec660671bd0cd18f72963c20d9b503f91de6b4bd83c27f92819e6d2c5bb59d287f536b1abd970230f66dc94cc553365772
-
Filesize
10KB
MD56ea642b2888dac8985e802638f5b9a29
SHA1955a6929228a5fdf85fe3517513053a6d4543975
SHA25617b49463c21622d2d55f51833a48424e2fd07d91fe3317f38b9729e2c2e8492c
SHA512af361c865a8295f3918e6e39643533a33b094e986633b662027b0145c1c84bf314439817a6972288a3320ed91b2ff378719b2193d409f2eef32a649b16684b3f
-
Filesize
11KB
MD519f0e738975e626fcd1a84db237048d8
SHA1e958848014e7a7ba469350904eda116c048df7e7
SHA256870a288183cdb23dbbad027464eb4a238f188542dddc8bb67b76b72a86866d4c
SHA5129d7f006d4114808b53d6a8fa01b16fee2f2463748cd17db70880c5326b850d9bd44ae5d931e673ee009465fc28b2e759764d93df9ff8db356e1f2aa391839dd3
-
Filesize
11KB
MD587631f68dff433b9001e00a563ae48e2
SHA18660f04816917743d0b81da6d0cc5f9f435d948d
SHA2562790f4a54502ad5ff77264bf7c84cf62028656ce804fc38fc60994fc9493deea
SHA5125fff21b497ddc97ec956ff2550e03b7eaf25deb5d6dd9922f9cea4bf6bf3e2c5b2713d5225c1797f78044b6ab1efa447aa1b6cd5211d87432868dd8e9f6aeac1
-
Filesize
19KB
MD5f8a207e7f263004884fd9acc7bf21c37
SHA15987843888be832580bfdab8c03fec18125e20b3
SHA2568b4a89ff8cc6c45e9ce1a1e114eba787d380cc5e7998ebf9a3b6adca98f50bd8
SHA512cbec8ecc58820d99c1fbbb68f78a8c3cea435e547825dea47ae7900f52080a593ef20f7e47e35ccb51117f4c7285fa3e59b08401360731e91e470afea7ea7aee
-
Filesize
10KB
MD54fd2ef292939d6d942485ad7d99681f1
SHA15f7fb6e0ca068c2a1d13d90a1da97e24f4974515
SHA256fdf68c176ebd15f7f8262e96b8c39296e39d78d7abe2bdf3f39cc8ce7318f510
SHA512e10c4d297ce78aaa18081978670ace11e782df572690374606223119654e4ffd5bed0f1fc69c3f739d5419691c691830b82d31bb54a22e745e0bae35eb04d609
-
Filesize
621KB
MD5a3caffaba1d67c91feb0e6cc69c26bb3
SHA17c48e63d5e9b6ed6c247b8c48a48643ff02dbe7c
SHA256c282f4a6815e3d489a1b5fa7de40d370edafd61fa63d15d95b56f85ef8632b89
SHA512cf94b14a4e895becf97953f59fe0855f7cbeab859506293acfc9030dec95dce64bb62fb4d924217c84374e3973ff82a5478f01a388d2dbc8801c837c315b2f15
-
Filesize
9KB
MD5a032b289d5734d27d6e83ee077f4c51c
SHA1be0480003aa837892cf98ddbaafcf7250ed4f515
SHA25621a743b3b189f20b0abc0ab6ee22305ce39aa8c95005cbf85858aca163000ee1
SHA5128b97ec264a15b8538ab9636c5e8716ade7acad69f5220129b2094bc35d9c0cd3abc3ab2977fb0d49ef4785fe1608936ee1dae2f7421c400cace4b9d38114b8af
-
Filesize
9KB
MD511d3fab9d5575e0c89c7d7095acace75
SHA11269fdb2fce4ad671ca480e021f3cd1ea29e8588
SHA25623c4aa52cee1af91ba35963edc7cbcca28202844b2dc161c5af12f751c6e00be
SHA512d275fb63a4cc4a3e00682361c5dcccd5d7d00b0de0d52a3e9bd5dc336b0dd30117cc2b52e8e00f8959b7e3db70ad0b958414f3323d3d5ce313027b7fb0c5aa6c
-
Filesize
5.8MB
MD5639db7fe67e2e15d069a62c0ef4a971c
SHA1bdbf2517678f9066c4553e6fdace0a366929185c
SHA256760308cf8bedaebc4500049622d08ddcaca0024acbd3b6bdca1618ec48a91597
SHA51283cd3e89ddac3915686bceec25654f0a35fe66a1c27d95bcfd3b44bdc01ded0df9beb525e0604522f61d58183546af63ffdd60f90e5bffd648774169832d2335
-
Filesize
254KB
MD52ce13219f5b6cbd0d706bdbfdea65399
SHA1461ccc51de6fa4bcb386e25504c23f38b2c19e50
SHA25603938ac461ad3aee402b4f02f78c244969a4ffed7a5a7341197995bb95aceb84
SHA512d47a0e7730a386f287048cb3718f14c6b291131e2865a2b3b5e08eb1d616e5da543dd008e68d135e6077095410bec186930f981543d5d930544687f864f27c35
-
Filesize
5KB
MD5526d9ac9d8150602ec9ed8b9f4de7102
SHA1dba2cb32c21c4b0f575e77bbcdd4fa468056f5e3
SHA256d95f491ed418dc302db03804daf9335ce21b2df4704587e6851ef03e1f84d895
SHA512fb13a2f6b64cb7e380a69424d484fc9b8758fa316a7a155ff062bfdacdca8f2c5d2a03898cd099688b1c16a5a0edcecfc42bf0d4d330926b10c3fce9f5238643
-
Filesize
15KB
MD5f15ef7175220c9f59f90bbbaeda16dbd
SHA15367cac8814d7a54e1c0274ff3f651ed5c6fe5d6
SHA25604db3839c853d4164576122b7d5a2bab186536dc8f9a4980385e11cf59946114
SHA512bb0fa967e03d98b9611006df2155bd8ad58a0e8b1a679d636b94ce931d316f18b61b801e018deca90d8e5a35fa744ae8c9e1a36f25c791052008c43af53a8117
-
Filesize
94B
MD5a868f93fcf51c4f1c25658d54f994349
SHA1535c88a10911673deabb7889d365e81729e483a6
SHA2561e7f5bcad669386a11e8ce14e715131c2d402693c3f41d713eb338493c658c45
SHA512ec13cac9df03676640ef5da033e8c2faee63916f27cc27b9c43f0824b98ab4a6ecb4c8d7d039fa6674ef189bdd9265c8ed509c1d80dff610aeb9e081093aeb3d
-
Filesize
197B
MD58c3617db4fb6fae01f1d253ab91511e4
SHA1e442040c26cd76d1b946822caf29011a51f75d6d
SHA2563e0c7c091a948b82533ba98fd7cbb40432d6f1a9acbf85f5922d2f99a93ae6bb
SHA51277a1919e380730bcce5b55d76fbffba2f95874254fad955bd2fe1de7fc0e4e25b5fdaab0feffd6f230fa5dc895f593cf8bfedf8fdc113efbd8e22fadab0b8998
-
Filesize
11KB
MD54e168cce331e5c827d4c2b68a6200e1b
SHA1de33ead2bee64352544ce0aa9e410c0c44fdf7d9
SHA256aac73b3148f6d1d7111dbca32099f68d26c644c6813ae1e4f05f6579aa2663fe
SHA512f451048e81a49fbfa11b49de16ff46c52a8e3042d1bcc3a50aaf7712b097bed9ae9aed9149c21476c2a1e12f1583d4810a6d36569e993fe1ad3879942e5b0d52
-
Filesize
1KB
MD55ae30ba4123bc4f2fa49aa0b0dce887b
SHA1ea5b412c09f3b29ba1d81a61b878c5c16ffe69d8
SHA256602c4c7482de6479dd2e9793cda275e5e63d773dacd1eca689232ab7008fb4fb
SHA512ddbb20c80adbc8f4118c10d3e116a5cd6536f72077c5916d87258e155be561b89eb45c6341a1e856ec308b49a4cb4dba1408eabd6a781fbe18d6c71c32b72c41
-
Filesize
2.0MB
MD5b568cf26bfe32579dbaed0eda4670b05
SHA143cb4f8bc59ece1927f99bd23009ff9115ad08c8
SHA2560ac4bef68354a5638c52965bdeb15b30de942a42de27bef9651c348dad6d0b62
SHA512b0fe45fdd589ae7278ff031be6e209f059633daf351373f843e86455e05642ee7291510a5f3a6502dca025daf0c2071ea0d757ecf5c07e3359e740e6af19fe22
-
C:\Users\Admin\AppData\Local\Temp\_MEI18202\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\LICENSE
Filesize11KB
MD53b83ef96387f14655fc854ddc3c6bd57
SHA12b8b815229aa8a61e483fb4ba0588b8b6c491890
SHA256cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30
SHA51298f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8
-
C:\Users\Admin\AppData\Local\Temp\_MEI18202\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\METADATA
Filesize4KB
MD598abeaacc0e0e4fc385dff67b607071a
SHA1e8c830d8b0942300c7c87b3b8fd15ea1396e07bd
SHA2566a7b90effee1e09d5b484cdf7232016a43e2d9cc9543bcbb8e494b1ec05e1f59
SHA512f1d59046ffa5b0083a5259ceb03219ccdb8cc6aac6247250cbd83e70f080784391fcc303f7630e1ad40e5ccf5041a57cb9b68adefec1ebc6c31fcf7ffc65e9b7
-
C:\Users\Admin\AppData\Local\Temp\_MEI18202\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\RECORD
Filesize2KB
MD5eb513cafa5226dda7d54afdcc9ad8a74
SHA1b394c7aec158350baf676ae3197bef4d7158b31c
SHA2560d8d3c6eeb9ebbe86cac7d60861552433c329da9ea51248b61d02be2e5e64030
SHA512a0017cfaff47fda6067e3c31775facee4728c3220c2d4bd70def328bd20aa71a343e39da15cd6b406f62311894c518dfcf5c8a4ae6f853946f26a4b4e767924e
-
C:\Users\Admin\AppData\Local\Temp\_MEI18202\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\WHEEL
Filesize91B
MD57d09837492494019ea51f4e97823d79f
SHA17829b4324bb542799494131a270ec3bdad4dedef
SHA2569a0b8c95618c5fe5479cca4a3a38d089d228d6cb1194216ee1ae26069cf5b363
SHA512a0063220ecdd22c3e735acff6de559acf3ac4c37b81d37633975a22a28b026f1935cd1957c0ff7d2ecc8b7f83f250310795eecc5273b893ffab115098f7b9c38
-
C:\Users\Admin\AppData\Local\Temp\_MEI18202\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\top_level.txt
Filesize19B
MD5a24465f7850ba59507bf86d89165525c
SHA14e61f9264de74783b5924249bcfe1b06f178b9ad
SHA25608eddf0fdcb29403625e4acca38a872d5fe6a972f6b02e4914a82dd725804fe0
SHA512ecf1f6b777970f5257bddd353305447083008cebd8e5a27c3d1da9c7bdc3f9bf3abd6881265906d6d5e11992653185c04a522f4db5655ff75eedb766f93d5d48
-
Filesize
1KB
MD57ffb0db04527cfe380e4f2726bd05ebf
SHA15b39c45a91a556e5f1599604f1799e4027fa0e60
SHA25630c23618679108f3e8ea1d2a658c7ca417bdfc891c98ef1a89fa4ff0c9828654
SHA512205f284f3a7e8e696c70ed7b856ee98c1671c68893f0952eec40915a383bc452b99899bdc401f9fe161a1bf9b6e2cea3bcd90615eee9173301657a2ce4bafe14
-
Filesize
2KB
MD5ebea27da14e3f453119dc72d84343e8c
SHA17ceb6dbe498b69abf4087637c6f500742ff7e2b4
SHA25659bac22b00a59d3e5608a56b8cf8efc43831a36b72792ee4389c9cd4669c7841
SHA512a41593939b9325d40cb67fd3f41cd1c9e9978f162487fb469094c41440b5f48016b9a66be2e6e4a0406d6eedb25ce4f5a860ba1e3dc924b81f63ceee3ae31117
-
Filesize
4KB
MD544d352c4997560c7bfb82d9360f5985a
SHA1be58c7b8ab32790384e4e4f20865c4a88414b67a
SHA256783e654742611af88cd9f00bf01a431a219db536556e63ff981c7bd673070ac9
SHA512281b1d939a560e6a08d0606e5e8ce15f086b4b45738ab41ed6b5821968dc8d764cd6b25db6ba562a07018c271abf17a6bc5a380fad05696adf1d11ee2c5749c8
-
Filesize
81B
MD524019423ea7c0c2df41c8272a3791e7b
SHA1aae9ecfb44813b68ca525ba7fa0d988615399c86
SHA2561196c6921ec87b83e865f450f08d19b8ff5592537f4ef719e83484e546abe33e
SHA51209ab8e4daa9193cfdee6cf98ccae9db0601f3dcd4944d07bf3ae6fa5bcb9dc0dcafd369de9a650a38d1b46c758db0721eba884446a8a5ad82bb745fd5db5f9b1
-
C:\Users\Admin\AppData\Local\Temp\_MEI18202\setuptools\_vendor\wheel-0.43.0.dist-info\entry_points.txt
Filesize104B
MD56180e17c30bae5b30db371793fce0085
SHA1e3a12c421562a77d90a13d8539a3a0f4d3228359
SHA256ad363505b90f1e1906326e10dc5d29233241cd6da4331a06d68ae27dfbc6740d
SHA51269eae7b1e181d7ba1d3e2864d31e1320625a375e76d3b2fbf8856b3b6515936ace3138d4d442cabde7576fcfbcbb0deed054d90b95cfa1c99829db12a9031e26
-
Filesize
10KB
MD5e0e2cc011fe8bd930912e4fe40fbb14d
SHA1d6dc628284fca73f8427826b9a3e000ba6b56044
SHA2563733e2b05d0f61e88360fa489b70939f19cf5bfa5db7c7ddebeeca32cc37d7c7
SHA5121e140c970eddc029329a6f660963c9875b07cc5ee953ea22b7f995e36c1b9f1afce682ba6a24e3fceea4842633a1df72157f339f3d4d5aaaca8a08f23961956b
-
Filesize
13KB
MD55d2f1b204aee03834a0f5e081ac892fc
SHA112cd7c935282052a1950eebd98dca9ba922cb5d9
SHA256e9bb56341814beaf352668e664677e15369f3758ba6d5203050b20656874179d
SHA5129c4618140d190073893fa3aa4b625e84ccd095896e0c83ef5c80a0681797feeee118d30e865bd9725f4b8841679d914efefffaf522a173be6aaf366c7fd1a542
-
Filesize
197KB
MD5bc066e4dbd9a425bfa63b06ee424030c
SHA1bec70d86f3b180390808bf52c502a50d20fc209e
SHA2566b121db6eda40748767d9324be1177d5ee9f09d6561a2ca0272858d30b805305
SHA512369ef10628cecb95c047bfee76cc86ad2aa6657fc437af7308531d1f0a686fa75f454b1e12e9570ef2c5bfebbf7cb72defa1c777938ae415fc6b181b905fa29b
-
C:\Users\Admin\AppData\Local\Temp\_MEI39842\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER
Filesize4B
MD5365c9bfeb7d89244f2ce01c1de44cb85
SHA1d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1
-
Filesize
141KB
MD5a61b1f6310537c905e0e0b37f3fc965b
SHA12becb413a3e2c9ce0d1974a4c73bd9b01b2ee38c
SHA25631c3c6c429d4552bb62187e824b7ce6dd4b0fb4ba11b4e1a1c203eeac7576c17
SHA512b0b1d96236b3a59aebb6cc42a34431256063ee35e85de4d55fa4fb3ad643cd00d4edac0dd943ec33e18512852d72f2049196fea269f02250ee17bf0bdcf832df
-
Filesize
229B
MD5f986871ebc61451d363ab48f399dee1e
SHA154b5a55b1819f3a22ea267ee6583e622da10be14
SHA25660fc292c44acc5248b1a1df83cb85e18be093b74056192ec428a1472ddb8b33d
SHA512e65d07044922721343d7de98140a7d3385f40be3bf04122995f017497f65be6ea1c4debc38fe45e1ca2495f4e88b3983bf31aa5ddd8509e69cbf60a5ff7a2802
-
Filesize
36B
MD507bc46acf50a079c8fed05def4544370
SHA1086dc41f59d5036141aec32dadb8b85e234a4ed3
SHA25619a035741c750a38fc344e080a3c31319f9aaf85ee28a08dfaa6c9217084dc4d
SHA51202011635975e5e92b67859629e665871cc2c308dc972fe3902ddd2f910df4cbe3a313f7a2adaf30afbc4ecbcf0e897b43ee45a58c8ec81624b75ef58f6503bc6
-
Filesize
19B
MD5122d3f7ae3cda842fa39f895489ea3cc
SHA1b00fe33c793170bc372d823eea929b7ac0cc5308
SHA2560a066d645394f5322857d26ad6b8a827b87292ea70175aa98461f8859411e719
SHA51266f5232039ed4e5d629fec31d6cf08af1fc6b5d2d449b95a13ea34034c78ddedf6890c4fd867edd44644125b6482ff13f505f86b4b88652a0adddc3c73584989
-
Filesize
22B
MD584e950a7708ef522a79d9931a2ae6955
SHA18d8493b417e5e0322f96486f2c2cd8c089cfeed3
SHA2561048527cc96078d6cfb412572dedb7854cfec47a596dea5622dc572ae770c296
SHA51260344904789b7db2c05e351a8ab2f14910f7eac8838a8acae4daa2849900059a4604cc2971635678f0430f88e09d80f095b602c3431001163d73f11c07177b6a