Analysis
-
max time kernel
1527357s -
max time network
1528336s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
25-03-2022 21:28
General
-
Target
2_AutoClicker.exe
-
Size
243KB
-
MD5
edbff0a5ec26bf14a10dc04670c2aa95
-
SHA1
3de37335be986d68ba4cdd0fc6ab1b78ca45e2b6
-
SHA256
43bab7ce6548eb084a181523a876f50dd378d3dcbb18327b75b5dd2c4fe8597b
-
SHA512
8f3982aede528ab99710efbbe0ccfe6406a8eb3d1cc12ae295755032a0db193a03ca73e4b72ad3b024ae0b85430483c62c7d6e9c4355978b2113c54243cf7bd3
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\AppData\Local\Temp\1584_2040854243\english_wikipedia.txt
Family
prometheus
Ransom Note
the
of
and
in
was
is
for
as
on
with
by
he
at
from
his
an
were
are
which
doc
https
also
or
has
had
first
one
their
its
after
new
who
they
two
her
she
been
other
when
time
during
there
into
school
more
may
years
over
only
year
most
would
world
city
some
where
between
later
three
state
such
then
national
used
made
known
under
many
university
united
while
part
season
team
these
american
than
film
second
born
south
became
states
war
through
being
including
both
before
north
high
however
people
family
early
history
album
area
them
series
against
until
since
district
county
name
work
life
group
music
following
number
company
several
four
called
played
released
career
league
game
government
house
each
based
day
same
won
use
station
club
international
town
located
population
general
college
east
found
age
march
end
september
began
home
public
church
line
june
river
member
system
place
century
band
july
york
january
october
song
august
best
former
british
party
named
held
village
show
local
november
took
service
december
built
another
major
within
along
members
five
single
due
although
small
old
left
final
large
include
building
served
president
received
games
death
february
main
third
set
children
own
order
species
park
law
air
published
road
died
book
men
women
army
often
according
education
central
country
division
english
top
included
development
french
community
among
water
play
side
list
times
near
late
form
original
different
center
power
led
students
german
moved
court
six
land
council
island
u.s.
record
million
research
art
established
award
street
military
television
given
region
support
western
production
non
political
point
cup
period
business
title
started
various
election
using
england
role
produced
become
program
works
field
total
office
class
written
association
radio
union
level
championship
director
few
force
created
department
founded
services
married
though
per
n't
site
open
act
short
society
version
royal
present
northern
worked
professional
full
returned
joined
story
france
european
currently
language
social
california
india
days
design
st.
further
round
australia
wrote
san
project
control
southern
railway
board
popular
continued
free
battle
considered
video
common
position
living
half
playing
recorded
red
post
described
average
records
special
modern
appeared
announced
areas
rock
release
elected
others
example
term
opened
similar
formed
route
census
current
schools
originally
lake
developed
race
himself
forces
addition
information
upon
province
match
event
songs
result
events
win
eastern
track
lead
teams
science
human
construction
minister
germany
awards
available
throughout
training
style
body
museum
australian
health
seven
signed
chief
eventually
appointed
sea
centre
debut
tour
points
media
light
range
character
across
features
families
largest
indian
network
less
performance
players
refer
europe
sold
festival
usually
taken
despite
designed
committee
process
return
official
episode
institute
stage
followed
performed
japanese
personal
thus
arts
space
low
months
includes
china
study
middle
magazine
leading
japan
groups
aircraft
featured
federal
civil
rights
model
coach
canadian
books
remained
eight
type
independent
completed
capital
academy
instead
kingdom
organization
countries
studies
competition
sports
size
above
section
finished
gold
involved
reported
management
systems
industry
directed
market
fourth
movement
technology
bank
ground
campaign
base
lower
sent
rather
added
provided
coast
grand
historic
valley
conference
bridge
winning
approximately
films
chinese
awarded
degree
russian
shows
native
female
replaced
municipality
square
studio
medical
data
african
successful
mid
bay
attack
previous
operations
spanish
theatre
student
republic
beginning
provide
ship
primary
owned
writing
tournament
culture
introduced
texas
related
natural
parts
governor
reached
ireland
units
senior
decided
italian
whose
higher
africa
standard
income
professor
placed
regional
los
buildings
championships
active
novel
energy
generally
interest
via
economic
previously
stated
itself
channel
below
operation
leader
traditional
trade
structure
limited
runs
prior
regular
famous
saint
navy
foreign
listed
artist
catholic
airport
results
parliament
collection
unit
officer
goal
attended
command
staff
commission
lived
location
plays
commercial
places
foundation
significant
older
medal
self
scored
companies
highway
activities
programs
wide
musical
notable
library
numerous
paris
towards
individual
allowed
plant
property
annual
contract
whom
highest
initially
required
earlier
assembly
artists
rural
seat
practice
defeated
ended
soviet
length
spent
manager
press
associated
author
issues
additional
characters
lord
zealand
policy
engine
township
noted
historical
complete
financial
religious
mission
contains
nine
recent
represented
pennsylvania
administration
opening
secretary
lines
report
executive
youth
closed
theory
writer
italy
angeles
appearance
feature
queen
launched
legal
terms
entered
issue
edition
singer
greek
majority
background
source
anti
cultural
complex
changes
recording
stadium
islands
operated
particularly
basketball
month
uses
port
castle
mostly
names
fort
selected
increased
status
earth
subsequently
pacific
cover
variety
certain
goals
remains
upper
congress
becoming
studied
irish
nature
particular
loss
caused
chart
dr.
forced
create
era
retired
material
review
rate
singles
referred
larger
individuals
shown
provides
products
speed
democratic
poland
parish
olympics
cities
themselves
temple
wing
genus
households
serving
cost
wales
stations
passed
supported
view
cases
forms
actor
male
matches
males
stars
tracks
females
administrative
median
effect
biography
train
engineering
camp
offered
chairman
houses
mainly
19th
surface
therefore
nearly
score
ancient
subject
prime
seasons
claimed
experience
specific
jewish
failed
overall
believed
plot
troops
greater
spain
consists
broadcast
heavy
increase
raised
separate
campus
1980s
appears
presented
lies
composed
recently
influence
fifth
nations
creek
references
elections
britain
double
cast
meaning
earned
carried
producer
latter
housing
brothers
attempt
article
response
border
remaining
nearby
direct
ships
value
workers
politician
academic
label
1970s
commander
rule
fellow
residents
authority
editor
transport
dutch
projects
responsible
covered
territory
flight
races
defense
tower
emperor
albums
facilities
daily
stories
assistant
managed
primarily
quality
function
proposed
distribution
conditions
prize
journal
code
vice
newspaper
corps
highly
constructed
mayor
critical
secondary
corporation
rugby
regiment
ohio
appearances
serve
allow
nation
multiple
discovered
directly
scene
levels
growth
elements
acquired
1990s
officers
physical
20th
latin
host
jersey
graduated
arrived
issued
literature
metal
estate
vote
immediately
quickly
asian
competed
extended
produce
urban
1960s
promoted
contemporary
global
formerly
appear
industrial
types
opera
ministry
soldiers
commonly
mass
formation
smaller
typically
drama
shortly
density
senate
effects
iran
polish
prominent
naval
settlement
divided
basis
republican
languages
distance
treatment
continue
product
mile
sources
footballer
format
clubs
leadership
initial
offers
operating
avenue
officially
columbia
grade
squadron
fleet
percent
farm
leaders
agreement
likely
equipment
website
mount
grew
method
transferred
intended
renamed
iron
asia
reserve
capacity
politics
widely
activity
advanced
relations
scottish
dedicated
crew
founder
episodes
lack
amount
build
efforts
concept
follows
ordered
leaves
positive
economy
entertainment
affairs
memorial
ability
illinois
communities
color
text
railroad
scientific
focus
comedy
serves
exchange
environment
cars
direction
organized
firm
description
agency
analysis
purpose
destroyed
reception
planned
revealed
infantry
architecture
growing
featuring
household
candidate
removed
situated
models
knowledge
solo
technical
organizations
assigned
conducted
participated
largely
purchased
register
gained
combined
headquarters
adopted
potential
protection
scale
approach
spread
independence
mountains
titled
geography
applied
safety
mixed
accepted
continues
captured
rail
defeat
principal
recognized
lieutenant
mentioned
semi
owner
joint
liberal
actress
traffic
creation
basic
notes
unique
supreme
declared
simply
plants
sales
massachusetts
designated
parties
jazz
compared
becomes
resources
titles
concert
learning
remain
teaching
versions
content
alongside
revolution
sons
block
premier
impact
champions
districts
generation
estimated
volume
image
sites
account
roles
sport
quarter
providing
zone
yard
scoring
classes
presence
performances
representatives
hosted
split
taught
origin
olympic
claims
critics
facility
occurred
suffered
municipal
damage
defined
resulted
respectively
expanded
platform
draft
opposition
expected
educational
ontario
climate
reports
atlantic
surrounding
performing
reduced
ranked
allows
birth
nominated
younger
newly
kong
positions
theater
philadelphia
heritage
finals
disease
sixth
laws
reviews
constitution
tradition
swedish
theme
fiction
rome
medicine
trains
resulting
existing
deputy
environmental
labour
classical
develop
fans
granted
receive
alternative
begins
nuclear
fame
buried
connected
identified
palace
falls
letters
combat
sciences
effort
villages
inspired
regions
towns
conservative
chosen
animals
labor
attacks
materials
yards
steel
representative
orchestra
peak
entitled
officials
returning
reference
northwest
imperial
convention
examples
ocean
publication
painting
subsequent
frequently
religion
brigade
fully
sides
acts
cemetery
relatively
oldest
suggested
succeeded
achieved
application
programme
cells
votes
promotion
graduate
armed
supply
flying
communist
figures
literary
netherlands
korea
worldwide
citizens
1950s
faculty
draw
stock
seats
occupied
methods
unknown
articles
claim
holds
authorities
audience
sweden
interview
obtained
covers
settled
transfer
marked
allowing
funding
challenge
southeast
unlike
crown
rise
portion
transportation
sector
phase
properties
edge
tropical
standards
institutions
philosophy
legislative
hills
brand
fund
conflict
unable
founding
refused
attempts
metres
permanent
starring
applications
creating
effective
aired
extensive
employed
enemy
expansion
billboard
rank
battalion
multi
vehicle
fought
alliance
category
perform
federation
poetry
bronze
bands
entry
vehicles
bureau
maximum
billion
trees
intelligence
greatest
screen
refers
commissioned
gallery
injury
confirmed
setting
treaty
adult
americans
broadcasting
supporting
pilot
mobile
writers
programming
existence
squad
minnesota
copies
korean
provincial
sets
defence
offices
agricultural
internal
core
northeast
retirement
factory
actions
prevent
communications
ending
weekly
containing
functions
attempted
interior
weight
bowl
recognition
incorporated
increasing
ultimately
documentary
derived
attacked
lyrics
mexican
external
churches
centuries
metropolitan
selling
opposed
personnel
mill
visited
presidential
roads
pieces
norwegian
controlled
18th
rear
influenced
wrestling
weapons
launch
composer
locations
developing
circuit
specifically
studios
shared
canal
wisconsin
publishing
approved
domestic
consisted
determined
comic
establishment
exhibition
southwest
fuel
electronic
cape
converted
educated
melbourne
hits
wins
producing
norway
slightly
occur
surname
identity
represent
constituency
funds
proved
links
structures
athletic
birds
contest
users
poet
institution
display
receiving
rare
contained
guns
motion
piano
temperature
publications
passenger
contributed
toward
cathedral
inhabitants
architect
exist
athletics
muslim
courses
abandoned
signal
successfully
disambiguation
tennessee
dynasty
heavily
maryland
jews
representing
budget
weather
missouri
introduction
faced
pair
chapel
reform
height
vietnam
occurs
motor
cambridge
lands
focused
sought
patients
shape
invasion
chemical
importance
communication
selection
regarding
homes
voivodeship
maintained
borough
failure
aged
passing
agriculture
oregon
teachers
flow
philippines
trail
seventh
portuguese
resistance
reaching
negative
fashion
scheduled
downtown
universities
trained
skills
scenes
views
notably
typical
incident
candidates
engines
decades
composition
commune
chain
inc.
austria
sale
values
employees
chamber
regarded
winners
registered
task
investment
colonial
swiss
user
entirely
flag
stores
closely
entrance
laid
journalist
coal
equal
causes
turkish
quebec
techniques
promote
junction
easily
dates
kentucky
singapore
residence
violence
advance
survey
humans
expressed
passes
streets
distinguished
qualified
folk
establish
egypt
artillery
visual
improved
actual
finishing
medium
protein
switzerland
productions
operate
poverty
neighborhood
organisation
consisting
consecutive
sections
partnership
extension
reaction
factor
costs
bodies
device
ethnic
racial
flat
objects
chapter
improve
musicians
courts
controversy
membership
merged
wars
expedition
interests
arab
comics
gain
describes
mining
bachelor
crisis
joining
decade
1930s
distributed
habitat
routes
arena
cycle
divisions
briefly
vocals
directors
degrees
object
recordings
installed
adjacent
demand
voted
causing
businesses
ruled
grounds
starred
drawn
opposite
stands
formal
operates
persons
counties
compete
wave
israeli
ncaa
resigned
brief
greece
combination
demographics
historian
contain
commonwealth
musician
collected
argued
louisiana
session
cabinet
parliamentary
electoral
loan
profit
regularly
conservation
islamic
purchase
17th
charts
residential
earliest
designs
paintings
survived
moth
items
goods
grey
anniversary
criticism
images
discovery
observed
underground
progress
additionally
participate
thousands
reduce
elementary
owners
stating
iraq
resolution
capture
tank
rooms
hollywood
finance
queensland
reign
maintain
iowa
landing
broad
outstanding
circle
path
manufacturing
assistance
sequence
gmina
crossing
leads
universal
shaped
kings
attached
medieval
ages
metro
colony
affected
scholars
oklahoma
coastal
soundtrack
painted
attend
definition
meanwhile
purposes
trophy
require
marketing
popularity
cable
mathematics
mississippi
represents
scheme
appeal
distinct
factors
acid
subjects
roughly
terminal
economics
senator
diocese
prix
contrast
argentina
czech
wings
relief
stages
duties
16th
novels
accused
whilst
equivalent
charged
measure
documents
couples
request
danish
defensive
guide
devices
statistics
credited
tries
passengers
allied
frame
puerto
peninsula
concluded
instruments
wounded
differences
associate
forests
afterwards
replace
requirements
aviation
solution
offensive
ownership
inner
legislation
hungarian
contributions
actors
translated
denmark
steam
depending
aspects
assumed
injured
severe
admitted
determine
shore
technique
arrival
measures
translation
debuted
delivered
returns
rejected
separated
visitors
damaged
storage
accompanied
markets
industries
losses
gulf
charter
strategy
corporate
socialist
somewhat
significantly
physics
mounted
satellite
experienced
constant
relative
pattern
restored
belgium
connecticut
partners
harvard
retained
networks
protected
mode
artistic
parallel
collaboration
debate
involving
journey
linked
salt
authors
components
context
occupation
requires
occasionally
policies
tamil
ottoman
revolutionary
hungary
poem
versus
gardens
amongst
audio
makeup
frequency
meters
orthodox
continuing
suggests
legislature
coalition
guitarist
eighth
classification
practices
soil
tokyo
instance
limit
coverage
considerable
ranking
colleges
cavalry
centers
daughters
twin
equipped
broadway
narrow
hosts
rates
domain
boundary
arranged
12th
whereas
brazilian
forming
rating
strategic
competitions
trading
covering
baltimore
commissioner
infrastructure
origins
replacement
praised
disc
collections
expression
ukraine
driven
edited
austrian
solar
ensure
premiered
successor
wooden
operational
hispanic
concerns
rapid
prisoners
childhood
meets
influential
tunnel
employment
tribe
qualifying
adapted
temporary
celebrated
appearing
increasingly
depression
adults
cinema
entering
laboratory
script
flows
romania
accounts
fictional
pittsburgh
achieve
monastery
franchise
formally
tools
newspapers
revival
sponsored
processes
vienna
springs
missions
classified
13th
annually
branches
lakes
gender
manner
advertising
normally
maintenance
adding
characteristics
integrated
decline
modified
strongly
critic
victims
malaysia
arkansas
nazi
restoration
powered
monument
hundreds
depth
15th
controversial
admiral
criticized
brick
honorary
initiative
output
visiting
birmingham
progressive
existed
carbon
1920s
credits
colour
rising
hence
defeating
s
URLs
https
http
Signatures
-
Prometheus Ransomware
Ransomware family mostly targeting manufacturing industry and claims to be affiliated with REvil.
-
Downloads MZ/PE file
-
Executes dropped EXE 20 IoCs
-
Loads dropped DLL 57 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 8 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 48 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Windows directory 14 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 43 IoCs
-
Modifies registry class 27 IoCs
-
Opens file in notepad (likely ransom note) 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 27 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 3 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2_AutoClicker.exe"C:\Users\Admin\AppData\Local\Temp\2_AutoClicker.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6d34f50,0x7fef6d34f60,0x7fef6d34f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1132 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1256 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1684 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2076 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3148 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3052 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2540 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3532 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3640 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3992 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4124 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3076 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3604 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3672 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3124 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3660 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3720 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2412 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4224 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3592 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4144 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1476 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1476 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4736 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4668 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3960 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4596 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1576 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4212 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2444 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4028 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4652 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3288 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4212 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1704 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4332 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2268 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4304 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3300 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4104 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3116 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2276 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2676 /prefetch:82⤵
-
C:\Users\Admin\Downloads\HotspotShield-11.0.1-plain-773-plain.exe"C:\Users\Admin\Downloads\HotspotShield-11.0.1-plain-773-plain.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\Temp\{0966D87D-21FC-4D3F-9024-4288C0943BD7}\.cr\HotspotShield-11.0.1-plain-773-plain.exe"C:\Windows\Temp\{0966D87D-21FC-4D3F-9024-4288C0943BD7}\.cr\HotspotShield-11.0.1-plain-773-plain.exe" -burn.clean.room="C:\Users\Admin\Downloads\HotspotShield-11.0.1-plain-773-plain.exe" -burn.filehandle.attached=180 -burn.filehandle.self=1883⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\Temp\{4F4D3080-1BCF-4D40-B09E-170B65B18193}\.be\HSS-11.0.1-install-plain-773-plain.exe"C:\Windows\Temp\{4F4D3080-1BCF-4D40-B09E-170B65B18193}\.be\HSS-11.0.1-install-plain-773-plain.exe" -q -burn.elevated BurnPipe.{F7AA2157-D8BB-44F6-AB94-AC90D407FD05} {9ACCCADD-02DB-4BD3-BC07-71AB16EF852D} 27004⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Modifies registry class
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
C:\Users\Admin\Downloads\HotspotShield-11.0.1-plain-773-plain.exe"C:\Users\Admin\Downloads\HotspotShield-11.0.1-plain-773-plain.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\Temp\{E615D487-E3AD-4D5B-8F27-0E25E289F02D}\.cr\HotspotShield-11.0.1-plain-773-plain.exe"C:\Windows\Temp\{E615D487-E3AD-4D5B-8F27-0E25E289F02D}\.cr\HotspotShield-11.0.1-plain-773-plain.exe" -burn.clean.room="C:\Users\Admin\Downloads\HotspotShield-11.0.1-plain-773-plain.exe" -burn.filehandle.attached=180 -burn.filehandle.self=1883⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\Temp\{F4258B87-A210-42C0-AF30-50DCC547D796}\.be\HSS-11.0.1-install-plain-773-plain.exe"C:\Windows\Temp\{F4258B87-A210-42C0-AF30-50DCC547D796}\.be\HSS-11.0.1-install-plain-773-plain.exe" -q -burn.elevated BurnPipe.{3589FC8B-FB8D-4197-A4C3-821D6C3AA37D} {B1BB3325-1CA7-461D-8413-564724187B47} 5244⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Modifies registry class
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=540 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\99.279.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=LU6a5zZu+noO58yHFYicnnntBEVyS0TtcVMBxzHS --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=NewCleanerUIExperiment2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=99.279.200 --initial-client-data=0x160,0x164,0x168,0x134,0x16c,0x13f3025a0,0x13f3025b0,0x13f3025c03⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_2324_UQKHJFOAAJREORFM" --sandboxed-process-id=2 --init-done-notifier=492 --sandbox-mojo-pipe-token=3506992109939782783 --mojo-platform-channel-handle=460 --engine=23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe"c:\users\admin\appdata\local\google\chrome\user data\swreporter\99.279.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_2324_UQKHJFOAAJREORFM" --sandboxed-process-id=3 --init-done-notifier=644 --sandbox-mojo-pipe-token=7385417880199177433 --mojo-platform-channel-handle=6403⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2168 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4940 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5040 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=620 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5092 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4968 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1012 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3116 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2040 /prefetch:82⤵
-
C:\Users\Admin\Downloads\ndp48-devpack-enu.exe"C:\Users\Admin\Downloads\ndp48-devpack-enu.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\Temp\{3CEC6CF0-FBE0-4905-A485-D85D141946A3}\.cr\ndp48-devpack-enu.exe"C:\Windows\Temp\{3CEC6CF0-FBE0-4905-A485-D85D141946A3}\.cr\ndp48-devpack-enu.exe" -burn.clean.room="C:\Users\Admin\Downloads\ndp48-devpack-enu.exe" -burn.filehandle.attached=180 -burn.filehandle.self=1883⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in Windows directory
-
C:\Windows\Temp\{97C86A3D-D2CB-488C-BFC9-93CE86EC7690}\.be\NDP48-DevPack-ENU.exe"C:\Windows\Temp\{97C86A3D-D2CB-488C-BFC9-93CE86EC7690}\.be\NDP48-DevPack-ENU.exe" -q -burn.elevated BurnPipe.{9D38FA3D-AC49-4B2A-A7B9-7C035FC80753} {8721D82B-0F9C-4212-8D98-6CF12454729B} 21364⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=992 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1856 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1632 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4264 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5168 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3412 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3448 /prefetch:82⤵
-
C:\Users\Admin\Downloads\ndp48-x86-x64-allos-enu.exe"C:\Users\Admin\Downloads\ndp48-x86-x64-allos-enu.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\0677a4ed283bba2ebbc57b43b6ab71\Setup.exeC:\0677a4ed283bba2ebbc57b43b6ab71\\Setup.exe /x86 /x64 /redist3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\0677a4ed283bba2ebbc57b43b6ab71\SetupUtility.exeSetupUtility.exe /aupause4⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2416 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4160 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:12⤵
-
C:\Users\Admin\Downloads\HotspotShield-11.0.1-plain-773-plain.exe"C:\Users\Admin\Downloads\HotspotShield-11.0.1-plain-773-plain.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\Temp\{14145962-AE3D-4E07-9BFB-08EC7B32023C}\.cr\HotspotShield-11.0.1-plain-773-plain.exe"C:\Windows\Temp\{14145962-AE3D-4E07-9BFB-08EC7B32023C}\.cr\HotspotShield-11.0.1-plain-773-plain.exe" -burn.clean.room="C:\Users\Admin\Downloads\HotspotShield-11.0.1-plain-773-plain.exe" -burn.filehandle.attached=180 -burn.filehandle.self=1883⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Windows\Temp\{6264AEB9-7CC7-4289-A3DA-2D19725FC438}\.be\HSS-11.0.1-install-plain-773-plain.exe"C:\Windows\Temp\{6264AEB9-7CC7-4289-A3DA-2D19725FC438}\.be\HSS-11.0.1-install-plain-773-plain.exe" -q -burn.elevated BurnPipe.{E7EE4ED9-8EB0-41D1-9AE4-99CD07873F80} {1C0B83EC-274E-4696-B0FB-56C6C33F4137} 22204⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Modifies registry class
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4020 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1704 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3452 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4204 /prefetch:82⤵
-
C:\Users\Admin\Downloads\ProtonVPN_win_v1.26.0.exe"C:\Users\Admin\Downloads\ProtonVPN_win_v1.26.0.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\{D84BF03F-46AB-491B-9185-56732D3C3C2D}\check-KB2992611.bat" "3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic qfe get hotfixid4⤵
-
C:\Windows\SysWOW64\findstr.exeFindStr "KB2992611"4⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\{D84BF03F-46AB-491B-9185-56732D3C3C2D}\check-KB3033929.bat" "3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic qfe get hotfixid4⤵
-
C:\Windows\SysWOW64\findstr.exeFindStr "KB3033929 KB4019264 KB4022719 KB4025341 KB4034664 KB4038777 KB4041681 KB4343900 KB4457144 KB4462923 KB4467107 KB4471318 KB4480970 KB4486563 KB4489878 KB4474419 KB4493472 KB4499164 KB4499175 KB4503292 KB4503269 KB4507449 KB4507456 KB4512506 KB4516065 KB4519976 KB4524157 KB4015549 KB3197868 KB3185330"4⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\{D84BF03F-46AB-491B-9185-56732D3C3C2D}\check-KB3063858.bat" "3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic qfe get hotfixid4⤵
-
C:\Windows\SysWOW64\findstr.exeFindStr "KB3063858 KB2533623 KB4457144 KB3126587 KB3126593 KB3146706 KB4014793"4⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\{D84BF03F-46AB-491B-9185-56732D3C3C2D}\check-KB2921916.bat" "3⤵
-
C:\Windows\SysWOW64\Wbem\WMIC.exewmic qfe get hotfixid4⤵
-
C:\Windows\SysWOW64\findstr.exeFindStr "KB2921916"4⤵
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\EXE4056.bat" "3⤵
-
C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Local\Temp\AIE4CCE.tmp"4⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Local\Temp\EXE4056.bat"4⤵
- Views/modifies file attributes
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE4056.bat" "4⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" cls"4⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=532 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1120,11950793431525503215,10357421546827139221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4152 /prefetch:82⤵
-
C:\Users\Admin\Desktop\New folder\SpeedifyInstaller.exe"C:\Users\Admin\Desktop\New folder\SpeedifyInstaller.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
-
C:\Windows\SysWOW64\wusa.exewusa.exe "C:\Users\Admin\AppData\Local\Temp\Speedify\Windows6.1-KB3033929.msu"2⤵
- Drops file in Windows directory
-
C:\Users\Admin\Desktop\New folder\SpeedifyInstaller.exe"C:\Users\Admin\Desktop\New folder\SpeedifyInstaller.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Users\Admin\Desktop\New folder\SpeedifyInstaller.exe"C:\Users\Admin\Desktop\New folder\SpeedifyInstaller.exe"1⤵
- Loads dropped DLL
-
C:\Users\Admin\Desktop\New folder\SpeedifyInstaller.exe"C:\Users\Admin\Desktop\New folder\SpeedifyInstaller.exe"1⤵
- Loads dropped DLL
-
C:\Users\Admin\Desktop\New folder\SpeedifyInstaller.exe"C:\Users\Admin\Desktop\New folder\SpeedifyInstaller.exe"1⤵
- Loads dropped DLL
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1a41⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe" C:\Users\Admin\AppData\Local\Temp\Hotspot_Shield_11.0.1_20220325224930.log1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe" C:\Users\Admin\AppData\Local\Temp\Hotspot_Shield_11.0.1_20220325224930.log1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot19" "" "" "61530dda3" "0000000000000000" "00000000000003A4" "0000000000000300"1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Desktop\New folder\SpeedifyInstaller.exe"C:\Users\Admin\Desktop\New folder\SpeedifyInstaller.exe"1⤵
- Loads dropped DLL
-
C:\Users\Admin\Desktop\New folder\SpeedifyInstaller.exe"C:\Users\Admin\Desktop\New folder\SpeedifyInstaller.exe"1⤵
- Loads dropped DLL
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 968105F585BA0EDC2E9157538551D04B C2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding DB4D01DFACB1C2B2CFCE0088DFAAA0E9 C2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015MD5
06cceaeb3d5e9aefe3f41e4a3f6a9100
SHA1687f4a28471a0f4fcd9ad1bb2e8f61aa3cd386e5
SHA256dff5ff7100879d69cf1a93759000d0751d420e49161cc7551a603da571eebce8
SHA512a2e4660dd6bd8f134ca2c60a80e99795561337d45f2f703e0defe9eed4a6f0e4412bed7320ddf49967553b79b354aa5910fb6f747589596f02a8536f211e10e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015MD5
08e32c42d49168e4727accb16ff00621
SHA192a592dd114ccdd867bc007447ad35d9086178be
SHA256693267cc9b0709cdb91abaf05f63f9dbeb425f3536e8ee84b4680e6758851281
SHA512d53e10446953e3aba46a0f4b14e7c0b3230996b9afd3cf77970196339e273128068ed6413a50c57d4d4151734dfcf43abd9e8bf1f6398edf6986a908a46c454c
-
C:\Users\Admin\AppData\Local\Temp\SpeedifyUnicodeInstall.txtMD5
14d1385ac4d8ac05f8e213cd1c34dfe6
SHA1c70470c228f9ada535eeaf52a490ff95106e5d36
SHA2567a46c33d3ac127cdef099c3130348b4491fa3a11cbdd9ad6e30b8680e19d9856
SHA5120a9e33e5e7b44721c69a2123c3f48f731d10e47ee5b9d9ce4437e92955de7dac190f6e30308c64249c01463522dba1bfd91ae9e597227f74f4dd02ef01d9897a
-
C:\Users\Admin\AppData\Local\Temp\SpeedifyUnicodeInstall.txtMD5
6cd77d6d94c9197efa9a53b5750f0cd8
SHA1779ad5b03f91cdf4d5c24fff351c8ddf123fe7c4
SHA25600d0c47414a22dd63054b86f50fb42451925ac9c6e2e2258c7d3b57c0a494dbc
SHA512b25ef90c135597034d0f7c9db565d710de1ead38f58d30c7a2168bd62db0e56ee9eb4fc625f30f9223dd4c224066f9c4a00145a5ce2e637b0629454fce20ef95
-
C:\Users\Admin\AppData\Local\Temp\SpeedifyUnicodeInstall.txtMD5
63b04b255afebc7c09ffc6561b17f3b9
SHA12a16dcc713b29b7806d03d1c709be95c81ef963c
SHA2562a5e7ceaba6f46e9d0d48f68a0a1db19c9d79bc348523001e587e8a73c7a2518
SHA5125d525508f371218e443c9544782c4fef4b887c029b1a1379f25bab320c7fbb277995a807345e47409c19d862083a61d355b8f73bd617ea526bcd0afa9b6e0245
-
C:\Users\Admin\AppData\Local\Temp\Speedify\SpeedifyInstaller.exeMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Temp\Speedify\SpeedifyInstaller.exeMD5
ef874412f3c62915f8a1afbd2a66dfaf
SHA1999e9ad4cbcfc3e1e5934e7aafdabf0672fe37f9
SHA2561193755f11a8eb1c3f673aae00afc65cc17948ffac0e8908cb4f888ebd34db1c
SHA512629da2d362c08a917a15b7510c9f9c7d64020ac9aa41252300e7750f8695f64494eef9420f6ac9908bc5f0c989ab73544b49fe9a734d5557318253aed0953a5a
-
C:\Users\Admin\AppData\Local\Temp\Speedify\SpeedifyInstaller.exeMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Temp\Speedify\SpeedifyShutdown.exeMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Temp\Speedify\SpeedifyShutdown.exeMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Temp\Speedify\SpeedifyShutdown.exeMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Temp\Speedify\Windows6.1-KB3033929.msuMD5
87ff18974de76144206910d0d41a8ae5
SHA15c56222b0caf43030addc9ad262633fcbddfcd41
SHA2565318587007edb6c8b29310ff18da479a162b486b9101a7de735f94a70dbc3b31
SHA51210d9180affd860c26fa4022ab26e8640397f4006bbfd5ac4c50ac0ed9cb72a0e591a71ef071d2087893f3769e83f62f4d45674342653b7d44df421440b15a059
-
\??\pipe\crashpad_1584_IACNEXDBJWFDHYEMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\Users\Admin\AppData\Local\Temp\nse2628.tmp\INetC.dllMD5
40d7eca32b2f4d29db98715dd45bfac5
SHA1124df3f617f562e46095776454e1c0c7bb791cc7
SHA25685e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA5125fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d
-
\Users\Admin\AppData\Local\Temp\nse2628.tmp\System.dllMD5
cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
\Users\Admin\AppData\Local\Temp\nse2628.tmp\UAC.dllMD5
adb29e6b186daa765dc750128649b63d
SHA1160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA2562f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
\Users\Admin\AppData\Local\Temp\nse2628.tmp\nsExec.dllMD5
675c4948e1efc929edcabfe67148eddd
SHA1f5bdd2c4329ed2732ecfe3423c3cc482606eb28e
SHA2561076ca39c449ed1a968021b76ef31f22a5692dfafeea29460e8d970a63c59906
SHA51261737021f86f54279d0a4e35db0d0808e9a55d89784a31d597f2e4b65b7bbeec99aa6c79d65258259130eeda2e5b2820f4f1247777a3010f2dc53e30c612a683
-
\Users\Admin\AppData\Local\Temp\nsg70EE.tmp\INetC.dllMD5
40d7eca32b2f4d29db98715dd45bfac5
SHA1124df3f617f562e46095776454e1c0c7bb791cc7
SHA25685e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA5125fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d
-
\Users\Admin\AppData\Local\Temp\nsg70EE.tmp\INetC.dllMD5
40d7eca32b2f4d29db98715dd45bfac5
SHA1124df3f617f562e46095776454e1c0c7bb791cc7
SHA25685e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA5125fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d
-
\Users\Admin\AppData\Local\Temp\nsg70EE.tmp\INetC.dllMD5
40d7eca32b2f4d29db98715dd45bfac5
SHA1124df3f617f562e46095776454e1c0c7bb791cc7
SHA25685e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA5125fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d
-
\Users\Admin\AppData\Local\Temp\nsg70EE.tmp\INetC.dllMD5
40d7eca32b2f4d29db98715dd45bfac5
SHA1124df3f617f562e46095776454e1c0c7bb791cc7
SHA25685e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA5125fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d
-
\Users\Admin\AppData\Local\Temp\nsg70EE.tmp\System.dllMD5
cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
\Users\Admin\AppData\Local\Temp\nsg70EE.tmp\UAC.dllMD5
adb29e6b186daa765dc750128649b63d
SHA1160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA2562f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
\Users\Admin\AppData\Local\Temp\nskF04A.tmp\System.dllMD5
cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
\Users\Admin\AppData\Local\Temp\nskF04A.tmp\UAC.dllMD5
adb29e6b186daa765dc750128649b63d
SHA1160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA2562f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
\Users\Admin\AppData\Local\Temp\nsq1576.tmp\System.dllMD5
cff85c549d536f651d4fb8387f1976f2
SHA1d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e
SHA2568dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8
SHA512531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88
-
\Users\Admin\AppData\Local\Temp\nsq1576.tmp\UAC.dllMD5
adb29e6b186daa765dc750128649b63d
SHA1160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA2562f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
memory/524-100-0x00000000743B1000-0x00000000743B3000-memory.dmpFilesize
8KB
-
memory/524-98-0x0000000000000000-mapping.dmp
-
memory/656-187-0x0000000000000000-mapping.dmp
-
memory/1056-196-0x0000000000000000-mapping.dmp
-
memory/1688-54-0x0000000075D01000-0x0000000075D03000-memory.dmpFilesize
8KB
-
memory/1728-190-0x0000000000000000-mapping.dmp
-
memory/1780-142-0x000000013F307000-0x000000013F308000-memory.dmpFilesize
4KB
-
memory/1780-144-0x0000000000000000-mapping.dmp
-
memory/1780-143-0x000000013F307000-0x000000013F308000-memory.dmpFilesize
4KB
-
memory/1816-195-0x0000000000000000-mapping.dmp
-
memory/1976-189-0x0000000000000000-mapping.dmp
-
memory/1988-181-0x0000000000000000-mapping.dmp
-
memory/2012-89-0x0000000000000000-mapping.dmp
-
memory/2064-184-0x0000000000000000-mapping.dmp
-
memory/2084-159-0x0000000000000000-mapping.dmp
-
memory/2128-188-0x0000000000000000-mapping.dmp
-
memory/2136-151-0x0000000000000000-mapping.dmp
-
memory/2136-153-0x0000000074521000-0x0000000074523000-memory.dmpFilesize
8KB
-
memory/2140-185-0x0000000000000000-mapping.dmp
-
memory/2156-96-0x0000000000000000-mapping.dmp
-
memory/2176-180-0x0000000000000000-mapping.dmp
-
memory/2188-178-0x0000000000000000-mapping.dmp
-
memory/2220-165-0x0000000000000000-mapping.dmp
-
memory/2300-191-0x0000000000000000-mapping.dmp
-
memory/2308-176-0x0000000000000000-mapping.dmp
-
memory/2320-123-0x000000013F307000-0x000000013F308000-memory.dmpFilesize
4KB
-
memory/2320-124-0x0000000000000000-mapping.dmp
-
memory/2320-122-0x000000013F307000-0x000000013F308000-memory.dmpFilesize
4KB
-
memory/2320-147-0x00000000002F0000-0x0000000000330000-memory.dmpFilesize
256KB
-
memory/2320-148-0x0000000000330000-0x0000000000370000-memory.dmpFilesize
256KB
-
memory/2320-158-0x00000000002F0000-0x0000000000330000-memory.dmpFilesize
256KB
-
memory/2324-103-0x0000000000000000-mapping.dmp
-
memory/2452-101-0x0000000000000000-mapping.dmp
-
memory/2548-104-0x0000000000000000-mapping.dmp
-
memory/2560-161-0x0000000000000000-mapping.dmp
-
memory/2580-193-0x0000000000000000-mapping.dmp
-
memory/2668-183-0x0000000000000000-mapping.dmp
-
memory/2700-93-0x00000000743C1000-0x00000000743C3000-memory.dmpFilesize
8KB
-
memory/2700-91-0x0000000000000000-mapping.dmp
-
memory/2736-94-0x0000000000000000-mapping.dmp
-
memory/2748-154-0x0000000000000000-mapping.dmp
-
memory/2812-163-0x0000000000000000-mapping.dmp
-
memory/2840-149-0x0000000000000000-mapping.dmp
-
memory/2856-186-0x0000000000000000-mapping.dmp
-
memory/2864-156-0x0000000000000000-mapping.dmp
-
memory/2888-168-0x0000000000000000-mapping.dmp
-
memory/2892-146-0x000007FEFBE41000-0x000007FEFBE43000-memory.dmpFilesize
8KB
-
memory/2896-172-0x0000000000000000-mapping.dmp
-
memory/2896-174-0x0000000074181000-0x0000000074183000-memory.dmpFilesize
8KB
-
memory/2936-194-0x0000000000000000-mapping.dmp
-
memory/2980-192-0x0000000000000000-mapping.dmp
-
memory/2992-182-0x0000000000000000-mapping.dmp
-
memory/3020-62-0x0000000000000000-mapping.dmp