Resubmissions
02-12-2021 12:25
211202-plxbhsbcd7 1001-12-2021 20:47
211201-zk4pbabab6 801-12-2021 17:08
211201-vnszrsebek 1026-11-2021 21:11
211126-z1qsdsabg9 1024-11-2021 20:39
211124-zfk2eagha8 1016-11-2021 05:27
211116-f5hg2acdg7 815-11-2021 06:03
211115-gshspsecdp 815-11-2021 05:57
211115-gnkfqseccr 815-11-2021 05:56
211115-gm6btahcg8 814-11-2021 21:12
211114-z2d5zsdgfq 8Analysis
-
max time kernel
3946s -
max time network
3977s -
platform
windows11_x64 -
resource
win11 -
submitted
01-12-2021 17:08
General
-
Target
DiscordSetup.exe
-
Size
79.1MB
-
MD5
3d99554cc8bdd96ab58483a21d821740
-
SHA1
85389db7e48c563d77cbef27e2f5724cbef4a151
-
SHA256
c6bd3da755f382466610ed96d363e701cf044819b925684896af26b797abaa6d
-
SHA512
be063484581b219ae27f6f515901bde14d03fa76adfe1bd33b9174a5551c719e09946548cd5acae0b5204dd21e6e349707cb06225a6d640a542eb15ec8aae183
Score
10/10
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs
-
Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs
-
Suspicious use of NtCreateUserProcessOtherParentProcess 5 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 64 IoCs
-
Modifies Installed Components in the registry 2 TTPs
-
Sets file execution options in registry 2 TTPs
-
Sets service image path in registry 2 TTPs
-
Loads dropped DLL 64 IoCs
-
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Adds Run key to start application 2 TTPs 11 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Installs/modifies Browser Helper Object 2 TTPs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory 2 IoCs
-
Suspicious use of NtCreateThreadExHideFromDebugger 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 28 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
-
Checks SCSI registry key(s) 3 TTPs 8 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 24 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 19 IoCs
-
Modifies Control Panel 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 24 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Modifies registry key 1 TTPs 11 IoCs
-
Modifies system certificate store 2 TTPs 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: LoadsDriver 10 IoCs
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 54 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 39 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
System policy modification 1 TTPs 6 IoCs
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\SystemSettingsAdminFlows.exe"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetTimeZoneAutoUpdate 02⤵
-
C:\Windows\system32\SystemSettingsAdminFlows.exe"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetTimeZoneAutoUpdate 02⤵
- Modifies data under HKEY_USERS
-
C:\Windows\system32\SystemSettingsAdminFlows.exe"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetInternetTime 02⤵
-
C:\Windows\system32\SystemSettingsAdminFlows.exe"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetInternetTime 12⤵
-
C:\Windows\system32\SystemSettingsAdminFlows.exe"C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC2⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"C:\Users\Admin\AppData\Local\Temp\DiscordSetup.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --squirrel-install 1.0.90033⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9003 --annotation=prod=Electron --annotation=ver=13.4.0 --initial-client-data=0x478,0x47c,0x480,0x474,0x484,0x7598820,0x7598830,0x759883c4⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Discord\Update.exeC:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=gpu-process --field-trial-handle=1680,140013293201451313,7099945613876548290,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1700 /prefetch:24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1680,140013293201451313,7099945613876548290,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 /prefetch:84⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "C:\Users\Admin\AppData\Local\Discord\Update.exe --processStart Discord.exe" /f4⤵
- Adds Run key to start application
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f4⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f4⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe\",-1" /f4⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe\" --url -- \"%1\"" /f4⤵
- Modifies registry key
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager1⤵
-
C:\Windows\System32\WaaSMedicAgent.exeC:\Windows\System32\WaaSMedicAgent.exe 197336ded18d3966a5fbced7cdf6571a 1ZmZbwWy60mrfX09VqzRrQ.0.1.0.3.01⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc1⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\uus\AMD64\MoUsoCoreWorker.exeC:\Windows\uus\AMD64\MoUsoCoreWorker.exe2⤵
-
C:\Windows\uus\AMD64\MoUsoCoreWorker.exeC:\Windows\uus\AMD64\MoUsoCoreWorker.exe2⤵
-
C:\Windows\uus\AMD64\MoUsoCoreWorker.exeC:\Windows\uus\AMD64\MoUsoCoreWorker.exe2⤵
-
C:\Windows\uus\AMD64\MoUsoCoreWorker.exeC:\Windows\uus\AMD64\MoUsoCoreWorker.exe2⤵
-
C:\Windows\uus\AMD64\MoUsoCoreWorker.exeC:\Windows\uus\AMD64\MoUsoCoreWorker.exe2⤵
-
C:\Windows\uus\AMD64\MoUsoCoreWorker.exeC:\Windows\uus\AMD64\MoUsoCoreWorker.exe2⤵
-
C:\Windows\System32\sihclient.exeC:\Windows\System32\sihclient.exe /cv 1ZmZbwWy60mrfX09VqzRrQ.0.21⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\WaaSMedicAgent.exeC:\Windows\System32\WaaSMedicAgent.exe 197336ded18d3966a5fbced7cdf6571a 1ZmZbwWy60mrfX09VqzRrQ.0.1.0.3.01⤵
- Modifies data under HKEY_USERS
-
C:\Users\Admin\AppData\Local\Discord\Update.exe"C:\Users\Admin\AppData\Local\Discord\Update.exe" --processStart Discord.exe1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exeC:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://sentry.io/api/146342/minidump/?sentry_key=384ce4413de74fe0be270abe03b2b35a "--annotation=_companyName=Discord Inc." --annotation=_productName=Discord --annotation=_version=1.0.9003 --annotation=prod=Electron --annotation=ver=13.4.0 --initial-client-data=0x470,0x474,0x478,0x46c,0x47c,0x7598820,0x7598830,0x759883c3⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=gpu-process --field-trial-handle=1652,9113317415708114879,15354172572374581408,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1672 /prefetch:23⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f3⤵
- Modifies registry class
- Modifies registry key
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1652,9113317415708114879,15354172572374581408,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:83⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=renderer --autoplay-policy=no-user-gesture-required --field-trial-handle=1652,9113317415708114879,15354172572374581408,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f3⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe\",-1" /f3⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe\" --url -- \"%1\"" /f3⤵
- Modifies registry key
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=renderer --autoplay-policy=no-user-gesture-required --field-trial-handle=1652,9113317415708114879,15354172572374581408,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --app-user-model-id=com.squirrel.Discord.Discord --app-path="C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2804 /prefetch:1 --enable-node-leakage-in-renderers3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /q /d /s /c "C:\Program^ Files\NVIDIA^ Corporation\NVSMI\nvidia-smi.exe"4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_hook-1\discord_hook\2b6f62ed4f4\DiscordHookHelper.exe\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_hook-1\discord_hook\2b6f62ed4f4\DiscordHookHelper.exe offsets 2748779118164⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_hook-1\discord_hook\2b6f62ed4f4\DiscordHookHelper64.exe\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_hook-1\discord_hook\2b6f62ed4f4\DiscordHookHelper64.exe offsets 1374389583444⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_hook-1\discord_hook\2b6f62ed4f4\DiscordHookHelper64.exe\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_hook-1\discord_hook\2b6f62ed4f4\DiscordHookHelper64.exe inject DiscordHook64.dll 0 55724⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_hook-1\discord_hook\2b6f62ed4f4\DiscordHookHelper.exe\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_hook-1\discord_hook\2b6f62ed4f4\DiscordHookHelper.exe inject DiscordHook.dll 0 8564⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 5572 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_hook-1\discord_hook\2b6f62ed4f4\DiscordHookHelper.exe\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_hook-1\discord_hook\2b6f62ed4f4\DiscordHookHelper.exe inject DiscordHook.dll 0 44444⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 4444 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe"\\?\C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\modules\discord_voice-4\discord_voice\capture_helper.exe" 856 d3d12.dll4⤵
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1652,9113317415708114879,15354172572374581408,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3984 /prefetch:83⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1652,9113317415708114879,15354172572374581408,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3992 /prefetch:83⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discordapp.com/handoff?rpc=6463&key=2a70569c-fad1-43aa-a114-4afc121b16f73⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcbb0946f8,0x7ffcbb094708,0x7ffcbb0947184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13548705465259459264,11326175473683666677,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13548705465259459264,11326175473683666677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13548705465259459264,11326175473683666677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13548705465259459264,11326175473683666677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13548705465259459264,11326175473683666677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,13548705465259459264,11326175473683666677,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:14⤵
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe query HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord3⤵
- Modifies registry key
-
C:\Windows\SysWOW64\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "C:\Users\Admin\AppData\Local\Discord\Update.exe --processStart Discord.exe" /f3⤵
- Adds Run key to start application
- Modifies registry key
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exe" --type=gpu-process --field-trial-handle=1652,9113317415708114879,15354172572374581408,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=880 /prefetch:23⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\ImmersiveControlPanel\SystemSettings.exe"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 936 -s 35922⤵
- Program crash
- Checks processor information in registry
- Enumerates system info in registry
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService1⤵
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Loads dropped DLL
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.107 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.62 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffccd0346f8,0x7ffccd034708,0x7ffccd0347182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3876 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6056 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6564 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1040 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6788 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6556 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5568 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6748 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5564 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4404 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3680 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2560 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4060 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6396 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.PageScreenshotProcessor --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5796 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7572 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9636 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9752 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9260 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10116 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10040 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9340 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9184 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,3170198927186214111,16288616603245565021,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window /prefetch:52⤵
- Enumerates system info in registry
- System policy modification
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=96.0.4664.55 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=96.0.1054.34 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcd063a740,0x7ffcd063a750,0x7ffcd063a7603⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,9507871376896950428,4583546990303575820,131072 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,9507871376896950428,4583546990303575820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:33⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 408 -p 936 -ip 9361⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.62\elevation_service.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir1100_2051141148\msedgerecovery.exe"C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir1100_2051141148\msedgerecovery.exe" --appguid={56EB18F8-B008-4CBD-B6D2-8C97FE7E9062} --browser-version=92.0.902.62 --sessionid={34de1386-6c3f-456f-b5ab-a0d17fc4847f} --system2⤵
-
C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir1100_2051141148\MicrosoftEdgeUpdateSetup.exe"C:\Program Files (x86)\Microsoft\Edge\MSEdgeRecovery\scoped_dir1100_2051141148\MicrosoftEdgeUpdateSetup.exe" /install "runtime=true&needsadmin=true" /installsource chromerecovery /silent3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Temp\EU929B.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU929B.tmp\MicrosoftEdgeUpdate.exe" /install "runtime=true&needsadmin=true" /installsource chromerecovery /silent4⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc5⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver5⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.151.27\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.151.27\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.151.27\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.151.27\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.151.27\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.151.27\MicrosoftEdgeUpdateComRegisterShell64.exe"6⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTEuMjciIHNoZWxsX3ZlcnNpb249IjEuMy4xNDMuNTciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QkY3MzZGODUtNzc2RS00QzRFLThGMzctNjIzMDRGQTdGMDhDfSIgdXNlcmlkPSJ7QzAyN0NGQzYtNTc0Qi00MDkzLTlFRjktRjc4NTk4QkNFN0NDfSIgaW5zdGFsbHNvdXJjZT0iY2hyb21lcmVjb3ZlcnkiIHJlcXVlc3RpZD0iezlFNzkyNjlBLUM1MUQtNDNCNy05NkMzLTIwQkIyODRFMDJCN30iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSIyIiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjAiIHNzZTQxPSIwIiBzc2U0Mj0iMCIgYXZ4PSIwIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuMTAwIiBzcD0iIiBhcmNoPSJ4NjQiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iIiBuZXh0dmVyc2lvbj0iMS4zLjE1MS4yNyIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgaW5zdGFsbF90aW1lX21zPSIxMjczIi8-PC9hcHA-PC9yZXF1ZXN0Pg5⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /machine /installsource chromerecovery3⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Loads dropped DLL
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource core3⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3A9A92D-2FF1-4B8D-8765-056C3AD7A806}\MicrosoftEdgeUpdateSetup_X86_1.3.153.53.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{A3A9A92D-2FF1-4B8D-8765-056C3AD7A806}\MicrosoftEdgeUpdateSetup_X86_1.3.153.53.exe" /update /sessionid "{26A1C3B2-7E93-4596-96AE-8AF482CE0E7D}"2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Temp\EU1A2A.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU1A2A.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{26A1C3B2-7E93-4596-96AE-8AF482CE0E7D}"3⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc4⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver4⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.153.53\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.153.53\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.153.53\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.153.53\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.153.53\MicrosoftEdgeUpdateComRegisterShell64.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.153.53\MicrosoftEdgeUpdateComRegisterShell64.exe"5⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTMuNTMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNDMuNTciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjZBMUMzQjItN0U5My00NTk2LTk2QUUtOEFGNDgyQ0UwRTdEfSIgdXNlcmlkPSJ7QzAyN0NGQzYtNTc0Qi00MDkzLTlFRjktRjc4NTk4QkNFN0NDfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QUYwNjMwOUQtOUNBQy00QzYzLUI3MzAtQTA2MDMwNTFFMENEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMCIgc3NlNDE9IjAiIHNzZTQyPSIwIiBhdng9IjAiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC4xMDAiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTUxLjI3IiBuZXh0dmVyc2lvbj0iMS4zLjE1My41MyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjaHJvbWVyZWMzPTIwMjE0OFIiIGluc3RhbGxhZ2U9IjExOCIgaW5zdGFsbGRhdGV0aW1lPSIxNjI4MTIxMzE2IiBjb2hvcnQ9InJyZkAwLjA5Ij48ZXZlbnQgZXZlbnR0eXBlPSIzIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PC9hcHA-PC9yZXF1ZXN0Pg4⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTEuMjciIHNoZWxsX3ZlcnNpb249IjEuMy4xNDMuNTciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjZBMUMzQjItN0U5My00NTk2LTk2QUUtOEFGNDgyQ0UwRTdEfSIgdXNlcmlkPSJ7QzAyN0NGQzYtNTc0Qi00MDkzLTlFRjktRjc4NTk4QkNFN0NDfSIgaW5zdGFsbHNvdXJjZT0iY2hyb21lcmVjb3ZlcnkiIHJlcXVlc3RpZD0iezNCMDc4ODYxLUYxQUItNDc5RS04MzM3LTI0MUI0MTYxMTI4MX0iIGRlZHVwPSJjciIgZG9tYWluam9pbmVkPSIwIj48aHcgbG9naWNhbF9jcHVzPSIyIiBwaHlzbWVtb3J5PSI0IiBkaXNrX3R5cGU9IjIiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjAiIHNzZTQxPSIwIiBzc2U0Mj0iMCIgYXZ4PSIwIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMjIwMDAuMTAwIiBzcD0iIiBhcmNoPSJ4NjQiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSJEQURZIiBwcm9kdWN0X25hbWU9IlN0YW5kYXJkIFBDIChRMzUgKyBJQ0g5LCAyMDA5KSIvPjxleHAgZXRhZz0iJnF1b3Q7cjQ1MnQxK2syVGdxL0hYemp2Rk5CUmhvcEJXUjlzYmpYeHFlVURIOXVYMD0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE1MS4yNyIgbmV4dHZlcnNpb249IjEuMy4xNTMuNTMiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY2hyb21lcmVjMz0yMDIxNDhSIiBpbnN0YWxsYWdlPSIxMTgiIGNvaG9ydD0icnJmQDAuMDkiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9hMWQ0MjdlNi00ZjdhLTQzNTQtYmQwMC0wNjAwMmEwZTE5OGM_UDE9MTYzODk4NDE2NCZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1rWmFKeGhyMiUyZlY5c2k2STE4S3JYM2ZLQmNQMDQ5MGlZaEVMSTcxYVZlSWY5R3NnWEZWeEhHSmhLNG8wNFMwOE1pRzZoZFYxaDB2JTJmZ0txJTJmbmhjdXB1ZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgZG93bmxvYWRlZD0iMTc3OTYxNiIgdG90YWw9IjE3Nzk2MTYiIGRvd25sb2FkX3RpbWVfbXM9IjM4NiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzb3VyY2VfdXJsX2luZGV4PSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48cGluZyByPSIxMTkiIHJkPSI1MzI5IiBwaW5nX2ZyZXNobmVzcz0ie0JCRUM0NUNBLUE2Q0EtNEEzNi05ODRFLTQ1RThCNjU0QzFGMX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjIiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBsYXN0X2xhdW5jaF90aW1lPSIxMzI4Mjg1MjM5NzM4MjI3NiI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9IjEyOCIgcj0iMTE5IiBhZD0iNTMyMCIgcmQ9IjUzMjkiIHBpbmdfZnJlc2huZXNzPSJ7MDZCNzg4OEEtQzcwMS00MkMyLTk5REEtNUZGRjhFNDU0NzE0fSIvPjwvYXBwPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42MiIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGNvaG9ydD0icnJmQDAuNDIiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMjcxNzQ1OTE1MDg5NTYyIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMCIgcj0iMTE5IiByZD0iNTMyOSIgcGluZ19mcmVzaG5lc3M9IntFODY1RENDMS1CRDI1LTQyODYtODZFNS0xNzFDNjc2MjkyMEV9Ii8-PC9hcHA-PC9yZXF1ZXN0Pg2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Loads dropped DLL
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource core3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource core3⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc1⤵
- Drops file in Program Files directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8E7D27C3-B524-4F5D-A8E1-87882DB9AAEC}\MicrosoftEdge_X64_96.0.1054.34.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8E7D27C3-B524-4F5D-A8E1-87882DB9AAEC}\MicrosoftEdge_X64_96.0.1054.34.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8E7D27C3-B524-4F5D-A8E1-87882DB9AAEC}\EDGEMITMP_3842B.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8E7D27C3-B524-4F5D-A8E1-87882DB9AAEC}\EDGEMITMP_3842B.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8E7D27C3-B524-4F5D-A8E1-87882DB9AAEC}\EDGEMITMP_3842B.tmp\MSEDGE.PACKED.7Z" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable3⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- System policy modification
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{438C4753-703B-4B5D-AAFE-5B4F22BB2E9C}\MicrosoftEdge_X64_96.0.1054.34.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{438C4753-703B-4B5D-AAFE-5B4F22BB2E9C}\MicrosoftEdge_X64_96.0.1054.34.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{438C4753-703B-4B5D-AAFE-5B4F22BB2E9C}\EDGEMITMP_E4CBF.tmp\setup.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{438C4753-703B-4B5D-AAFE-5B4F22BB2E9C}\EDGEMITMP_E4CBF.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{438C4753-703B-4B5D-AAFE-5B4F22BB2E9C}\EDGEMITMP_E4CBF.tmp\MSEDGE.PACKED.7Z" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level3⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNTMuNTMiIHNoZWxsX3ZlcnNpb249IjEuMy4xNDMuNTciIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7OEU0MDY5MEItN0VCNy00NzAxLTk1MDUtN0Y0MTcyMDNCQjMxfSIgdXNlcmlkPSJ7QzAyN0NGQzYtNTc0Qi00MDkzLTlFRjktRjc4NTk4QkNFN0NDfSIgaW5zdGFsbHNvdXJjZT0iY29yZSIgcmVxdWVzdGlkPSJ7QzEwNDU0MjAtNjQ2NS00MTU1LTlDMzktMzc3Q0UxRTYzMjM2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMCIgc3NlNDE9IjAiIHNzZTQyPSIwIiBhdng9IjAiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC4xMDAiIHNwPSIiIGFyY2g9Ing2NCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTUzLjUzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNocm9tZXJlYzM9MjAyMTQ4UiIgaW5zdGFsbGFnZT0iMTE4IiBjb2hvcnQ9InJyZkAwLjA5Ij48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI1NDQ4IiBwaW5nX2ZyZXNobmVzcz0ie0I1MEZCQjk2LTkzMzMtNERCRS1BNzM3LUFCOTBFMUU2OTM0Nn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7NTZFQjE4RjgtQjAwOC00Q0JELUI2RDItOEM5N0ZFN0U5MDYyfSIgdmVyc2lvbj0iOTIuMC45MDIuNjIiIG5leHR2ZXJzaW9uPSI5Ni4wLjEwNTQuMzQiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgbGFzdF9sYXVuY2hfdGltZT0iMTMyODI4NTIzOTczODIyNzYiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2UzZTc2NTg3LTA2OTktNDQ4ZS1iZjAzLTU0ZTg5MmEzZmEwMz9QMT0xNjM4OTg0MjE0JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUxQY3BxaU5PRHdpaFlyeXdLY3VWb3RUOFBxcGxxR3hqU29zeWFHNGNuTzVDczhmVUdzYzZReFIlMmIxRCUyYlZ3WVB3czRWSDJzZ2RjWlU1cDE2TDhiN0x6ZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjQiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmIudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvZTNlNzY1ODctMDY5OS00NDhlLWJmMDMtNTRlODkyYTNmYTAzP1AxPTE2Mzg5ODQyMTQmYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9TFBjcHFpTk9Ed2loWXJ5d0tjdVZvdFQ4UHFwbHFHeGpTb3N5YUc0Y25PNUNzOGZVR3NjNlF4UiUyYjFEJTJiVndZUHdzNFZIMnNnZGNaVTVwMTZMOGI3THpnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBkb3dubG9hZGVkPSIxMTI5MjMwMjQiIHRvdGFsPSIxMTI5MjMwMjQiIGRvd25sb2FkX3RpbWVfbXM9IjE2MTQwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHNvdXJjZV91cmxfaW5kZXg9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5NjYwOCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9IjUyOCIgZG93bmxvYWRfdGltZV9tcz0iMjE5NTQiIGRvd25sb2FkZWQ9IjExMjkyMzAyNCIgdG90YWw9IjExMjkyMzAyNCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iMTE4ODY4Ii8-PHBpbmcgYWN0aXZlPSIwIiByZD0iNTQ0OCIgcGluZ19mcmVzaG5lc3M9InsxRkEyMEY0Qy1DMjJDLTQ1MDAtQTg5Qi05QzI0RkVBQTlFOUZ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjkyLjAuOTAyLjYyIiBuZXh0dmVyc2lvbj0iOTYuMC4xMDU0LjM0IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGNvaG9ydD0icnJmQDAuNDIiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMjcxNzQ1OTE1MDg5NTYyIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjEyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxNCIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NjA4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iNTI3IiBkb3dubG9hZGVkPSIxMTI5MjMwMjQiIHRvdGFsPSIxMTI5MjMwMjQiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIyIiBpbnN0YWxsX3RpbWVfbXM9IjcyMDciLz48cGluZyBhY3RpdmU9IjAiIHJkPSI1NDQ4IiBwaW5nX2ZyZXNobmVzcz0iezQ1RDQwRDI3LUI3MDgtNDVBOS05REY0LTUzOUVCMkExRkM4N30iLz48L2FwcD48L3JlcXVlc3Q-2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\elevation_service.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\Installer\setup.exe" --rename-msedge-exe --system-level --verbose-logging --msedge --channel=stable2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\Installer\setup.exe" --msedge --channel=stable --delete-old-versions --system-level --verbose-logging3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Adds Run key to start application
- Checks whether UAC is enabled
- Enumerates system info in registry
- Modifies Control Panel
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- System policy modification
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=96.0.4664.55 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=96.0.1054.34 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcd063a740,0x7ffcd063a750,0x7ffcd063a7602⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2364 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:32⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=3456 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-client-side-phishing-detection --instant-process --display-capture-permissions-policy-allowed --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3476 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4848 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --mojo-platform-channel-handle=2768 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.34\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=5160 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6176 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5880 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6340 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=6496 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6532 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAIAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6432 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=1964 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=6548 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5576 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6584 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --disable-client-side-phishing-detection --display-capture-permissions-policy-allowed --field-trial-handle=1928,14783461504516815942,3561284234832663060,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5564 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k AppReadiness -p -s AppReadiness1⤵
-
C:\Windows\system32\werfault.exewerfault.exe /hc /shared Global\b62821c27179496fa0b0ee14c7d899a3 /t 0 /p 81⤵
- Suspicious use of NtCreateThreadExHideFromDebugger
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: MapViewOfSection
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\ImmersiveControlPanel\SystemSettings.exe"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -s W32Time1⤵
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa397b855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\bootim.exebootim.exe /startpage:11⤵
- Drops file in System32 directory
- Drops file in Windows directory
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Discord\SquirrelSetup.logMD5
7e02f90be9995dd2fe4e69d77b36fa6c
SHA1c1dbaa73003797fde3193a315e7c8c2c1cc5d679
SHA256351440073df134464bef1ddc7c1e5277540d08e016d97626c380ef757d7ef100
SHA512fd1caaa1ea9f977d30ab39c13f4a59464da95fcf8a48e7cbb314cdfb6811a05d361ac56fda55008dbbfb201fae6d22e58e3b5ab84fbb8e2d6585950df3cc14d6
-
C:\Users\Admin\AppData\Local\Discord\Update.exeMD5
e039f56dc6315942bc3e3d9ad4d586e7
SHA15158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50
SHA256e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1
SHA5122b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60
-
C:\Users\Admin\AppData\Local\Discord\Update.exeMD5
e039f56dc6315942bc3e3d9ad4d586e7
SHA15158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50
SHA256e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1
SHA5122b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\D3DCompiler_47.dllMD5
cd8a3be4d5871171fd0b107132d97be8
SHA1415258c10477a49d0c046a12123ff7abe957612e
SHA2564a62063a3c7efcf0faa3800a93fcd26728ef753d3b83bc919c12cebfb582f0f0
SHA5124acb09bf0c4c8e704fa6e2a20d98c5ff17ef77fc30b8c86b975f5aff8d6448c6e521588106b7810a2c0ab4c5af63519821da590830b37cf2faec380c8ae9e2af
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exeMD5
1c13935aeff94d2473978482644cc599
SHA1cbc38180cd5c659b0e48d95676b730b70f3de77f
SHA256688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db
SHA51217b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exeMD5
1c13935aeff94d2473978482644cc599
SHA1cbc38180cd5c659b0e48d95676b730b70f3de77f
SHA256688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db
SHA51217b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exeMD5
1c13935aeff94d2473978482644cc599
SHA1cbc38180cd5c659b0e48d95676b730b70f3de77f
SHA256688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db
SHA51217b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exeMD5
1c13935aeff94d2473978482644cc599
SHA1cbc38180cd5c659b0e48d95676b730b70f3de77f
SHA256688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db
SHA51217b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exeMD5
1c13935aeff94d2473978482644cc599
SHA1cbc38180cd5c659b0e48d95676b730b70f3de77f
SHA256688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db
SHA51217b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exeMD5
1c13935aeff94d2473978482644cc599
SHA1cbc38180cd5c659b0e48d95676b730b70f3de77f
SHA256688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db
SHA51217b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exeMD5
1c13935aeff94d2473978482644cc599
SHA1cbc38180cd5c659b0e48d95676b730b70f3de77f
SHA256688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db
SHA51217b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exeMD5
1c13935aeff94d2473978482644cc599
SHA1cbc38180cd5c659b0e48d95676b730b70f3de77f
SHA256688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db
SHA51217b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exeMD5
1c13935aeff94d2473978482644cc599
SHA1cbc38180cd5c659b0e48d95676b730b70f3de77f
SHA256688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db
SHA51217b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exeMD5
1c13935aeff94d2473978482644cc599
SHA1cbc38180cd5c659b0e48d95676b730b70f3de77f
SHA256688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db
SHA51217b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\Discord.exeMD5
1c13935aeff94d2473978482644cc599
SHA1cbc38180cd5c659b0e48d95676b730b70f3de77f
SHA256688709b3754c5446702062dff138369df87b5c21c865d40430628890b95f66db
SHA51217b6b5e0dae4e3f1c50d0830fb17d1d8cc95715a79e0c73c8ba6a7be72d72c59800bf6dc0c273319c1e16aa9cc97384b634ce718b48d9193c9cf8108cdb5e144
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\app.icoMD5
084f9bc0136f779f82bea88b5c38a358
SHA164f210b7888e5474c3aabcb602d895d58929b451
SHA256dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43
SHA51265bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\chrome_100_percent.pakMD5
da26775fd7a54d4e8755fd667b5f70db
SHA16ff37c107fed247d3717c855287d5de3142a9531
SHA25643b28df6f3428378a0a630492a3405e613bc816cd2a390c56e44cd6b49dbe5b4
SHA512b16ccad1fc8c7dfc08d0d8877c05d41c494b1546836399e06bd04354b3e387c155d9d74812cf01e20dde946fdb2e547549599d8907d828ab1cebffa584d8db15
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\chrome_200_percent.pakMD5
d4bd33dcff9d6361b6c985d958953373
SHA138f866b35cd642d4acb4f7efadc6d9f899b55d30
SHA256abb69e43745fbd63be2933204ed98c387ae703487283509c65415867e3c867ab
SHA51278a687ffac48b7d422bb33f43bbb8b7511879b287f20484c6fd591343428cff1d2cc07521b982eb4cba5a22324ee7f4dab031fdeff05462ca43b81a528c878f7
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\d3dcompiler_47.dllMD5
cd8a3be4d5871171fd0b107132d97be8
SHA1415258c10477a49d0c046a12123ff7abe957612e
SHA2564a62063a3c7efcf0faa3800a93fcd26728ef753d3b83bc919c12cebfb582f0f0
SHA5124acb09bf0c4c8e704fa6e2a20d98c5ff17ef77fc30b8c86b975f5aff8d6448c6e521588106b7810a2c0ab4c5af63519821da590830b37cf2faec380c8ae9e2af
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\d3dcompiler_47.dllMD5
cd8a3be4d5871171fd0b107132d97be8
SHA1415258c10477a49d0c046a12123ff7abe957612e
SHA2564a62063a3c7efcf0faa3800a93fcd26728ef753d3b83bc919c12cebfb582f0f0
SHA5124acb09bf0c4c8e704fa6e2a20d98c5ff17ef77fc30b8c86b975f5aff8d6448c6e521588106b7810a2c0ab4c5af63519821da590830b37cf2faec380c8ae9e2af
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dllMD5
407ba824c9b7d2b78fcae3ec432edc95
SHA13de02857254717947d8eef639eab977ee3f68106
SHA25670b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37
SHA512bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dllMD5
407ba824c9b7d2b78fcae3ec432edc95
SHA13de02857254717947d8eef639eab977ee3f68106
SHA25670b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37
SHA512bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dllMD5
407ba824c9b7d2b78fcae3ec432edc95
SHA13de02857254717947d8eef639eab977ee3f68106
SHA25670b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37
SHA512bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dllMD5
407ba824c9b7d2b78fcae3ec432edc95
SHA13de02857254717947d8eef639eab977ee3f68106
SHA25670b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37
SHA512bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dllMD5
407ba824c9b7d2b78fcae3ec432edc95
SHA13de02857254717947d8eef639eab977ee3f68106
SHA25670b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37
SHA512bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dllMD5
407ba824c9b7d2b78fcae3ec432edc95
SHA13de02857254717947d8eef639eab977ee3f68106
SHA25670b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37
SHA512bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dllMD5
407ba824c9b7d2b78fcae3ec432edc95
SHA13de02857254717947d8eef639eab977ee3f68106
SHA25670b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37
SHA512bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dllMD5
407ba824c9b7d2b78fcae3ec432edc95
SHA13de02857254717947d8eef639eab977ee3f68106
SHA25670b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37
SHA512bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dllMD5
407ba824c9b7d2b78fcae3ec432edc95
SHA13de02857254717947d8eef639eab977ee3f68106
SHA25670b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37
SHA512bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dllMD5
407ba824c9b7d2b78fcae3ec432edc95
SHA13de02857254717947d8eef639eab977ee3f68106
SHA25670b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37
SHA512bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\ffmpeg.dllMD5
407ba824c9b7d2b78fcae3ec432edc95
SHA13de02857254717947d8eef639eab977ee3f68106
SHA25670b31e0f5e3b088fff6346f990ec43e358984ddd2546e803a4d16f9febf49b37
SHA512bda82d039054d66d59087cd36670a8c98537be4b198518722ee69ee8c4ec2d621aa63549f4965dc2abd215f5ee3947d6b7df024c52d4fae972d3d8342731ff19
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\icudtl.datMD5
80a7528515595d8b0bf99a477a7eff0d
SHA1fde9a195fc5a6a23ec82b8594f958cfcf3159437
SHA2566e0b6b0d9e14c905f2278dbf25b7bb58cc0622b7680e3b6ff617a1d42348736b
SHA512c8df47a00f7b2472d272a26b3600b7e82be7ca22526d6453901ff06370b3abb66328655868db9d4e0a11dcba02e3788cc4883261fd9a7d3e521577dde1b88459
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\installer.dbMD5
07cdc0b21b7cdf66368b835ab883a294
SHA123c0b1a607c183e99ecb98978ab75ebeddb8e4b5
SHA256574316b78ddacc5b38123b3a9bee9bd9cdfde2854e1e8850f633eefb44528463
SHA51288d3d98de0ec3a95eb54b8e7d71239cdba9d15b9115b896c42dbfbedb887dc0e2b19f947162f914213f3696585ef6ef00879fcccb62718207a09ca13665ac08f
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\locales\en-US.pakMD5
af5c77e1d94dc4f772cb641bd310bc87
SHA10ceeb456e2601e22d873250bcc713bab573f2247
SHA256781ef5aa8dce072a3e7732f39a7e991c497c70bfaec2264369d0d790ab7660a4
SHA5128c3217b7d9b529d00785c7a1b2417a3297c234dec8383709c89c7ff9296f8ed4e9e6184e4304838edc5b4da9c9c3fe329b792c462e48b7175250ea3ea3acc70c
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\resources.pakMD5
272ebe38583668306068b8279ad20419
SHA1e098918867c2aa0020bc7bf70466c2a1ac69b650
SHA256987d662cf3c669c89c2e88216478cf317ab0ea99c1074ad711ba7d94f87439c6
SHA512acc901974fa6b253ec5da72e46fe316194c64e0a5f20fdda3321b88af7de1b4fe07d3322306d1bf06422f247c7175db8752b7a6330a959f3a1198063dd0aca87
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\resources\app.asarMD5
a6ef068d647227ef5ed00cedd647ac65
SHA1a49f14b97341e10419ff8fde777a55bb4fc6701e
SHA25624f9c1efd70c682715b61a6876911dbac70c1def99933ed8854285481fac7605
SHA51236f222b8a5417482ff74e216591ff95b4838d34ca2607e0d7006c2d29390f05cb4d961b344ed36b910d6cc7dce2b810a5d83c69c9c7dccb8be9af0c2b4172c61
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\resources\build_info.jsonMD5
e2bc5394ef2535b89f0a843bde4f386a
SHA133957d4aad2ae5fa3df8939c8aaeab791d86022b
SHA2563455a01355c9ed76dcc6ba193943147b508c1463520c0ef71992d78c9d447ae7
SHA5121ccb4bb5103fa551638e7f51ddf5a38818d09f8673575897544bf0ab6ebc80d8e65628caf187edbad8afbd83ab053084c2db051ecb072464596c91e2ad85a95b
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\swiftshader\libEGL.dllMD5
e2f0b2265c6cc828424c9f681c308b83
SHA1ab0b2cc60ab5d1f04e13903eccdddde636aa04b6
SHA25661f517bb5ac698a92beea73d2962b3252f11b63468053973a3d0817e162bd803
SHA5126acbbb4f52633a225074e54e2bbfec4d631d86b849f2f098d4ae48ae4f6b705c874a72dea6211080a2fb60c5d02ef4f56ad85395966256b3768ed75ca0df0081
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\swiftshader\libEGL.dllMD5
e2f0b2265c6cc828424c9f681c308b83
SHA1ab0b2cc60ab5d1f04e13903eccdddde636aa04b6
SHA25661f517bb5ac698a92beea73d2962b3252f11b63468053973a3d0817e162bd803
SHA5126acbbb4f52633a225074e54e2bbfec4d631d86b849f2f098d4ae48ae4f6b705c874a72dea6211080a2fb60c5d02ef4f56ad85395966256b3768ed75ca0df0081
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\swiftshader\libGLESv2.dllMD5
ade2fe4065e8f0ebc6898f2835b0d96c
SHA1e1b624cfd76267bc39b2afa2869cbb87b742c2d2
SHA256251069a067131fdd4cc6f4237c93c3de087882fabea0dbcda49df28c6ad4b3a7
SHA512d5462f84b9fa493cc73b18b32921b26077c1eded9758852571db1f311b2a504c4cd4d44c14c2f10108030908cbee59907093ae967031a5435912103280240d58
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\swiftshader\libGLESv2.dllMD5
ade2fe4065e8f0ebc6898f2835b0d96c
SHA1e1b624cfd76267bc39b2afa2869cbb87b742c2d2
SHA256251069a067131fdd4cc6f4237c93c3de087882fabea0dbcda49df28c6ad4b3a7
SHA512d5462f84b9fa493cc73b18b32921b26077c1eded9758852571db1f311b2a504c4cd4d44c14c2f10108030908cbee59907093ae967031a5435912103280240d58
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\swiftshader\libegl.dllMD5
e2f0b2265c6cc828424c9f681c308b83
SHA1ab0b2cc60ab5d1f04e13903eccdddde636aa04b6
SHA25661f517bb5ac698a92beea73d2962b3252f11b63468053973a3d0817e162bd803
SHA5126acbbb4f52633a225074e54e2bbfec4d631d86b849f2f098d4ae48ae4f6b705c874a72dea6211080a2fb60c5d02ef4f56ad85395966256b3768ed75ca0df0081
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\swiftshader\libglesv2.dllMD5
ade2fe4065e8f0ebc6898f2835b0d96c
SHA1e1b624cfd76267bc39b2afa2869cbb87b742c2d2
SHA256251069a067131fdd4cc6f4237c93c3de087882fabea0dbcda49df28c6ad4b3a7
SHA512d5462f84b9fa493cc73b18b32921b26077c1eded9758852571db1f311b2a504c4cd4d44c14c2f10108030908cbee59907093ae967031a5435912103280240d58
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\updater.nodeMD5
840328c4430f4594df456f3d635265b8
SHA1d8033a713be2f9df79e4ff01116c2220aa807cc6
SHA256db9427191fd986ea05c9a11cf0afb6033deb1a034493f30861754406fe3c5038
SHA512026b05c06eb0c33a70ef498282375b9de1fded1735811df9d21848836b6d68f33cb4c06a7e981e0300cc25971483b114be697cb2f0387bad69f1f5e108b3eb6e
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\updater.nodeMD5
840328c4430f4594df456f3d635265b8
SHA1d8033a713be2f9df79e4ff01116c2220aa807cc6
SHA256db9427191fd986ea05c9a11cf0afb6033deb1a034493f30861754406fe3c5038
SHA512026b05c06eb0c33a70ef498282375b9de1fded1735811df9d21848836b6d68f33cb4c06a7e981e0300cc25971483b114be697cb2f0387bad69f1f5e108b3eb6e
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9003\v8_context_snapshot.binMD5
55996dd167b35c9c8348478ab602d4ba
SHA13a1f119ef7f65c7525f556599e1011c4a24c3cdb
SHA25659a39e3608b76475950ccd44e8b6fa554e315b8844b650b66ca2f454b939a1ac
SHA51205233744549f6a9a67ddccc6b522f11c7ffbe7ef98cf9de1818709b506b0f186f5c53178c9db47c44b2b9b22ba5e91396e1780d37d492c3fdac7d7ede495be34
-
C:\Users\Admin\AppData\Local\Discord\app.icoMD5
084f9bc0136f779f82bea88b5c38a358
SHA164f210b7888e5474c3aabcb602d895d58929b451
SHA256dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43
SHA51265bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb
-
C:\Users\Admin\AppData\Local\Discord\packages\Discord-1.0.9003-full.nupkgMD5
24e50576eff5f4e60fe8c8ebab1796c8
SHA13a92638a0471f7dc9c12298d3b3fc71c84b6f4d9
SHA256b5eb40bfdc4fcbac224e5acad0e46f188a71061edf36ea65e4e7e3817a3d8724
SHA5122bb6dd433d2b093b7f751d0ffb3c0f6ed3f0d38bb5ede62987d300aa9f458f85124ca6677054fce93a616d646b03ca98413ad0e60e883fb447d5c07ce0e9862e
-
C:\Users\Admin\AppData\Local\Discord\packages\RELEASESMD5
867e283b0f115cf51f1e3f917820a060
SHA1bef3948d11f745dbbff3881636178a95cda9c65a
SHA256fb83cde18197b12c25b69334903ec4b9ba5a2b64ad5a74f33fb6abe61bd7c58b
SHA51275a0a64ce15f26b7d2ca61a00c885f3c54168525b6c5be4f4a4369a367f8d93f61aebc7d14f64aa65edd26b73b424e7c6f483ed85e4cbc7f5fe588a07aca71b9
-
C:\Users\Admin\AppData\Local\Discord\update.exeMD5
e039f56dc6315942bc3e3d9ad4d586e7
SHA15158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50
SHA256e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1
SHA5122b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Update.exe.logMD5
f0874317040f2d2734e7b24383f2df86
SHA1b8ea1bc430a990b2cb714eff8030de2b0959cbff
SHA256057825b2b8bde623e9dcffd1e405085a866ada2bd00dfafa6483c8deb1a59358
SHA512032490c5560a6e51be8bf0a0cdbb350b4338e7e3086378907c234e111da1ebac2114d33e04d628a9760f50579a175151a97874c2bae8e056ddc01f3acc2fe937
-
C:\Users\Admin\AppData\Local\SquirrelTemp\Discord-1.0.9003-full.nupkgMD5
24e50576eff5f4e60fe8c8ebab1796c8
SHA13a92638a0471f7dc9c12298d3b3fc71c84b6f4d9
SHA256b5eb40bfdc4fcbac224e5acad0e46f188a71061edf36ea65e4e7e3817a3d8724
SHA5122bb6dd433d2b093b7f751d0ffb3c0f6ed3f0d38bb5ede62987d300aa9f458f85124ca6677054fce93a616d646b03ca98413ad0e60e883fb447d5c07ce0e9862e
-
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASESMD5
867e283b0f115cf51f1e3f917820a060
SHA1bef3948d11f745dbbff3881636178a95cda9c65a
SHA256fb83cde18197b12c25b69334903ec4b9ba5a2b64ad5a74f33fb6abe61bd7c58b
SHA51275a0a64ce15f26b7d2ca61a00c885f3c54168525b6c5be4f4a4369a367f8d93f61aebc7d14f64aa65edd26b73b424e7c6f483ed85e4cbc7f5fe588a07aca71b9
-
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exeMD5
e039f56dc6315942bc3e3d9ad4d586e7
SHA15158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50
SHA256e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1
SHA5122b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60
-
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exeMD5
e039f56dc6315942bc3e3d9ad4d586e7
SHA15158b6bf1f2b278e9524d48fab8d9bfdcdf0ed50
SHA256e510ae1a59dd629d0c03425bcc4457e68926fe7b204154d9eebce9d2985925a1
SHA5122b20a423f7d54c1c3009a30f47ee7774e0b6170c03c3fbb63804551e43751d31bfa16762fb63dae0349a7e93e8009c98e9cec56bf6acc6151e283f7774619a60
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnkMD5
6b1e9b393153b9bb5bb4b25a570b7f83
SHA1ecf01e9056fa801d3327acf7baa06aaf82c5d717
SHA2569d202b32666e0a92ecb01adbe4fe196b69162380970b826204f5fdaa3b5f2b72
SHA512c995085575e6d69cbee22438e06c7704c9e0f7c17b9cad21e0a331b35e69c675b7e3dea4ac548f0f506c9bb2cf98bd97177f424b10d8677156c7774133d02434
-
C:\Users\Admin\AppData\Roaming\discord\Crashpad\settings.datMD5
5d1e153cd634edd713cda70d0cafb770
SHA1b5200a6f67296e350a1a753506e88abe038cc1ea
SHA2568a9a48910fce95aa00586d83a6a8899dd0218aa602e0eb1860420a442a373303
SHA512d75d771e2ff5aede82c37b161be4fd4eebec8923ec5b26a908aae1f7d7f58b0ab7d00ae95af18d5e68fe7c3e14bff7a5909b43befc1218d1cbde8ad034cc7b0b
-
C:\Users\Admin\AppData\Roaming\discord\Crashpad\settings.datMD5
5d1e153cd634edd713cda70d0cafb770
SHA1b5200a6f67296e350a1a753506e88abe038cc1ea
SHA2568a9a48910fce95aa00586d83a6a8899dd0218aa602e0eb1860420a442a373303
SHA512d75d771e2ff5aede82c37b161be4fd4eebec8923ec5b26a908aae1f7d7f58b0ab7d00ae95af18d5e68fe7c3e14bff7a5909b43befc1218d1cbde8ad034cc7b0b
-
C:\Users\Admin\Desktop\Discord.lnkMD5
88a5e8097f3e685535fb4b5127987624
SHA106330fbdd90326ce4f123f20383c7d2814f85735
SHA25612e95a1e86411d23446f208992dc11df1b848183457095918e6ab15e718fb0ad
SHA51214abc3e5056674ec0e5c77571d93909d2950a9458b789d4512a505c401ee71bd1042e86a9f4b4dd4ff67917ce7a6e7e05b9fbc7289f36fb35e52cafe6cd1b09b
-
\??\pipe\crashpad_3440_YQVIJYIKYQUMOTNXMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\crashpad_4444_NMSWBGTCMGJCJHILMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/248-395-0x0000000000000000-mapping.dmp
-
memory/480-223-0x0000000000000000-mapping.dmp
-
memory/668-438-0x0000000000000000-mapping.dmp
-
memory/856-172-0x0000000008D90000-0x0000000008D91000-memory.dmpFilesize
4KB
-
memory/856-154-0x0000000005680000-0x0000000005681000-memory.dmpFilesize
4KB
-
memory/856-161-0x0000000006B70000-0x0000000006B71000-memory.dmpFilesize
4KB
-
memory/856-166-0x0000000008CC0000-0x0000000008CC1000-memory.dmpFilesize
4KB
-
memory/856-165-0x00000000055D1000-0x00000000055D2000-memory.dmpFilesize
4KB
-
memory/856-151-0x0000000005BF0000-0x0000000005BF1000-memory.dmpFilesize
4KB
-
memory/856-146-0x0000000000000000-mapping.dmp
-
memory/856-149-0x00000000009B0000-0x00000000009B1000-memory.dmpFilesize
4KB
-
memory/856-162-0x0000000006E70000-0x0000000006E71000-memory.dmpFilesize
4KB
-
memory/856-152-0x0000000006200000-0x0000000006582000-memory.dmpFilesize
3.5MB
-
memory/856-153-0x00000000055D0000-0x00000000055D1000-memory.dmpFilesize
4KB
-
memory/856-164-0x0000000008A70000-0x0000000008A71000-memory.dmpFilesize
4KB
-
memory/856-163-0x0000000006C60000-0x0000000006C61000-memory.dmpFilesize
4KB
-
memory/936-287-0x0000023B5C5B0000-0x0000023B5C5B1000-memory.dmpFilesize
4KB
-
memory/936-289-0x0000023B5C5B0000-0x0000023B5C5B1000-memory.dmpFilesize
4KB
-
memory/936-293-0x0000023B58EC0000-0x0000023B58EC2000-memory.dmpFilesize
8KB
-
memory/936-296-0x0000023B58EC0000-0x0000023B58EC2000-memory.dmpFilesize
8KB
-
memory/936-297-0x0000023B5C5B0000-0x0000023B5C5B1000-memory.dmpFilesize
4KB
-
memory/936-294-0x0000023B5C5B0000-0x0000023B5C5B1000-memory.dmpFilesize
4KB
-
memory/936-284-0x0000023B58EC0000-0x0000023B58EC2000-memory.dmpFilesize
8KB
-
memory/936-286-0x0000023B58EC0000-0x0000023B58EC2000-memory.dmpFilesize
8KB
-
memory/936-290-0x0000023B5C5B0000-0x0000023B5C5B1000-memory.dmpFilesize
4KB
-
memory/936-291-0x0000023B58EC0000-0x0000023B58EC2000-memory.dmpFilesize
8KB
-
memory/936-285-0x0000023B58EC0000-0x0000023B58EC2000-memory.dmpFilesize
8KB
-
memory/936-288-0x0000023B5C5B0000-0x0000023B5C5B1000-memory.dmpFilesize
4KB
-
memory/1092-242-0x00000000052D0000-0x00000000052D1000-memory.dmpFilesize
4KB
-
memory/1308-349-0x0000000000000000-mapping.dmp
-
memory/1364-179-0x0000000000000000-mapping.dmp
-
memory/1364-182-0x000000000C110000-0x000000000C111000-memory.dmpFilesize
4KB
-
memory/1364-181-0x000000000C110000-0x000000000C111000-memory.dmpFilesize
4KB
-
memory/1484-474-0x0000000000000000-mapping.dmp
-
memory/1512-375-0x0000000000000000-mapping.dmp
-
memory/1544-160-0x0000000000000000-mapping.dmp
-
memory/1608-272-0x000000000C030000-0x000000000C031000-memory.dmpFilesize
4KB
-
memory/1608-273-0x000000000C030000-0x000000000C031000-memory.dmpFilesize
4KB
-
memory/1608-268-0x0000000000000000-mapping.dmp
-
memory/1776-264-0x0000000000770000-0x0000000000771000-memory.dmpFilesize
4KB
-
memory/1776-262-0x0000000000000000-mapping.dmp
-
memory/1776-269-0x0000000000770000-0x0000000000771000-memory.dmpFilesize
4KB
-
memory/1828-420-0x0000000000000000-mapping.dmp
-
memory/1840-155-0x000001F3E9420000-0x000001F3E9430000-memory.dmpFilesize
64KB
-
memory/1840-157-0x000001F3EBBD0000-0x000001F3EBBD4000-memory.dmpFilesize
16KB
-
memory/1840-156-0x000001F3E94A0000-0x000001F3E94B0000-memory.dmpFilesize
64KB
-
memory/1884-354-0x0000000000000000-mapping.dmp
-
memory/2196-396-0x0000000000000000-mapping.dmp
-
memory/2196-278-0x0000000000000000-mapping.dmp
-
memory/2200-388-0x0000000000000000-mapping.dmp
-
memory/2260-224-0x0000000000000000-mapping.dmp
-
memory/2296-226-0x0000000000000000-mapping.dmp
-
memory/2464-383-0x0000000000000000-mapping.dmp
-
memory/2596-227-0x0000000000000000-mapping.dmp
-
memory/2912-472-0x0000000000000000-mapping.dmp
-
memory/2928-401-0x0000000000000000-mapping.dmp
-
memory/3016-376-0x0000000000000000-mapping.dmp
-
memory/3168-259-0x000000000C130000-0x000000000C131000-memory.dmpFilesize
4KB
-
memory/3168-257-0x000000000C130000-0x000000000C131000-memory.dmpFilesize
4KB
-
memory/3168-254-0x0000000000000000-mapping.dmp
-
memory/3272-196-0x000000000BF54000-0x000000000BF55000-memory.dmpFilesize
4KB
-
memory/3272-202-0x000000000C070000-0x000000000C071000-memory.dmpFilesize
4KB
-
memory/3272-205-0x000000000C070000-0x000000000C071000-memory.dmpFilesize
4KB
-
memory/3272-198-0x0000000000000000-mapping.dmp
-
memory/3272-200-0x000000000BE20000-0x000000000BE21000-memory.dmpFilesize
4KB
-
memory/3436-217-0x0000000000000000-mapping.dmp
-
memory/3436-219-0x000000000C110000-0x000000000C111000-memory.dmpFilesize
4KB
-
memory/3436-220-0x000000000C110000-0x000000000C111000-memory.dmpFilesize
4KB
-
memory/3440-167-0x0000000000000000-mapping.dmp
-
memory/3440-170-0x000000000C030000-0x000000000C031000-memory.dmpFilesize
4KB
-
memory/3440-169-0x000000000C030000-0x000000000C031000-memory.dmpFilesize
4KB
-
memory/3488-225-0x0000000000000000-mapping.dmp
-
memory/3724-276-0x0000000000000000-mapping.dmp
-
memory/3984-374-0x0000000000000000-mapping.dmp
-
memory/3984-358-0x0000000000000000-mapping.dmp
-
memory/3996-447-0x0000000000000000-mapping.dmp
-
memory/4056-243-0x0000000000000000-mapping.dmp
-
memory/4056-245-0x00000000006E0000-0x00000000006E1000-memory.dmpFilesize
4KB
-
memory/4056-246-0x00000000006E0000-0x00000000006E1000-memory.dmpFilesize
4KB
-
memory/4120-208-0x0000000004F10000-0x0000000004F11000-memory.dmpFilesize
4KB
-
memory/4120-186-0x0000000000000000-mapping.dmp
-
memory/4120-213-0x0000000004C70000-0x0000000004C71000-memory.dmpFilesize
4KB
-
memory/4120-207-0x0000000004EC0000-0x0000000004EC1000-memory.dmpFilesize
4KB
-
memory/4444-240-0x0000000000780000-0x0000000000781000-memory.dmpFilesize
4KB
-
memory/4444-239-0x0000000000780000-0x0000000000781000-memory.dmpFilesize
4KB
-
memory/4444-237-0x0000000000000000-mapping.dmp
-
memory/4616-277-0x0000000000000000-mapping.dmp
-
memory/4636-380-0x0000000000000000-mapping.dmp
-
memory/4640-434-0x0000000000000000-mapping.dmp
-
memory/4828-428-0x0000000000000000-mapping.dmp
-
memory/4872-282-0x000000000C0F0000-0x000000000C0F1000-memory.dmpFilesize
4KB
-
memory/4872-281-0x000000000C0F0000-0x000000000C0F1000-memory.dmpFilesize
4KB
-
memory/4872-279-0x0000000000000000-mapping.dmp
-
memory/5020-260-0x0000000000000000-mapping.dmp
-
memory/5064-490-0x0000000000000000-mapping.dmp
-
memory/5064-387-0x0000000000000000-mapping.dmp
-
memory/5152-457-0x0000000000000000-mapping.dmp
-
memory/5216-331-0x0000000000000000-mapping.dmp
-
memory/5316-414-0x0000000000000000-mapping.dmp
-
memory/5540-406-0x0000000000000000-mapping.dmp
-
memory/5572-334-0x0000000000000000-mapping.dmp
-
memory/5628-292-0x0000000000746000-0x0000000000747000-memory.dmpFilesize
4KB
-
memory/5628-295-0x0000000000000000-mapping.dmp
-
memory/5644-381-0x0000000000000000-mapping.dmp
-
memory/5668-298-0x0000000000000000-mapping.dmp
-
memory/5668-379-0x0000000000000000-mapping.dmp
-
memory/5712-382-0x0000000000000000-mapping.dmp
-
memory/5780-391-0x0000000000000000-mapping.dmp
-
memory/5820-483-0x0000000000000000-mapping.dmp
-
memory/5908-338-0x0000000000000000-mapping.dmp
-
memory/5936-340-0x0000000000000000-mapping.dmp
-
memory/5936-386-0x0000000000000000-mapping.dmp
-
memory/5936-464-0x0000000000000000-mapping.dmp
-
memory/5952-385-0x0000000000000000-mapping.dmp
-
memory/5984-441-0x0000000000000000-mapping.dmp
-
memory/5992-365-0x0000000000000000-mapping.dmp
-
memory/6020-384-0x0000000000000000-mapping.dmp
-
memory/6056-330-0x0000000000000000-mapping.dmp