Analysis
-
max time kernel
557s -
max time network
551s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
29-11-2022 08:00
General
-
Target
https://drive.google.com/uc?id=1cftqZwMjx3KPo1xvuOaPBeO3QVZYxza9
Score
8/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Registers COM server for autorun 1 TTPs 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops desktop.ini file(s) 2 IoCs
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Drops file in System32 directory 64 IoCs
-
Drops file in Program Files directory 7 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 32 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://drive.google.com/uc?id=1cftqZwMjx3KPo1xvuOaPBeO3QVZYxza91⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1a3d4f50,0x7ffe1a3d4f60,0x7ffe1a3d4f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1632 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1632 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2344 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4236 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5292 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5368 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4272 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3252 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4744 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4384 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4308 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5292 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,15257866929709585495,1627901948093630768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2108 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Desktop\SDT2 0.1.0\SDT2.exe"C:\Users\Admin\Desktop\SDT2 0.1.0\SDT2.exe"1⤵
-
C:\Users\Admin\Desktop\SDT2 0.1.0\SDT2.exe"C:\Users\Admin\Desktop\SDT2 0.1.0\SDT2.exe"1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe1a3d4f50,0x7ffe1a3d4f60,0x7ffe1a3d4f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1656 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1804 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2560 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2552 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4396 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4388 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4516 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5032 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2780 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2324 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5196 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5164 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5328 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5172 /prefetch:82⤵
-
C:\Users\Admin\Downloads\dxwebsetup.exe"C:\Users\Admin\Downloads\dxwebsetup.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\dxwsetup.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx9_24_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx9_25_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx9_26_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx9_27_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx9_28_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx9_29_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT_x64.inf4⤵
- Executes dropped EXE
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_0.dll4⤵
- Loads dropped DLL
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx9_30_x64.inf4⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT2_1_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_1.dll4⤵
- Registers COM server for autorun
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe xinput1_1_x64.inf, Install_Driver4⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT2_2_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_2.dll4⤵
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe xinput1_2_x64.inf, Install_Driver4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT2_3_x64.inf4⤵
- Executes dropped EXE
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_3.dll4⤵
- Registers COM server for autorun
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx9_31_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT2_4_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_4.dll4⤵
- Registers COM server for autorun
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx9_32_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx10_00_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT2_5_x64.inf4⤵
- Executes dropped EXE
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_5.dll4⤵
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT2_6_x64.inf4⤵
- Executes dropped EXE
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_6.dll4⤵
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx9_33_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx10_33_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT2_7_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_7.dll4⤵
- Registers COM server for autorun
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe xinput1_3_x64.inf, Install_Driver4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx9_34_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx10_34_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT2_8_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_8.dll4⤵
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx9_35_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx10_35_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT2_9_x64.inf4⤵
- Executes dropped EXE
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_9.dll4⤵
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx9_36_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx10_36_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe X3DAudio1_2_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT2_10_x64.inf4⤵
- Executes dropped EXE
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine2_10.dll4⤵
- Registers COM server for autorun
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe D3DX9_37_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx10_37_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe X3DAudio1_3_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT3_0_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_0.dll4⤵
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XAudio2_0_x64.inf4⤵
- Executes dropped EXE
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_0.dll4⤵
- Registers COM server for autorun
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe D3DX9_38_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx10_38_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe X3DAudio1_4_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT3_1_x64.inf4⤵
- Executes dropped EXE
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_1.dll4⤵
- Registers COM server for autorun
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XAudio2_1_x64.inf4⤵
- Executes dropped EXE
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_1.dll4⤵
- Registers COM server for autorun
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe D3DX9_39_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx10_39_x64.inf4⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT3_2_x64.inf4⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_2.dll4⤵
- Registers COM server for autorun
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XAudio2_2_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_2.dll4⤵
- Registers COM server for autorun
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe X3DAudio1_5_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT3_3_x64.inf4⤵
- Executes dropped EXE
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_3.dll4⤵
- Registers COM server for autorun
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XAudio2_3_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_3.dll4⤵
- Registers COM server for autorun
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe D3DX9_40_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx10_40_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe X3DAudio1_6_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT3_4_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_4.dll4⤵
- Registers COM server for autorun
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XAudio2_4_x64.inf4⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_4.dll4⤵
- Registers COM server for autorun
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe D3DX9_41_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx10_41_x64.inf4⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe D3DX9_42_x64.inf4⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx10_42_x64.inf4⤵
- Executes dropped EXE
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx11_42_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dcsx_42_x64.inf4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe D3DCompiler_42_x64.inf4⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT3_5_x64.inf4⤵
- Drops file in System32 directory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_5.dll4⤵
- Registers COM server for autorun
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XAudio2_5_x64.inf4⤵
- Drops file in System32 directory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_5.dll4⤵
- Registers COM server for autorun
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe X3DAudio1_7_x64.inf4⤵
- Drops file in System32 directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT3_6_x64.inf4⤵
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_6.dll4⤵
- Registers COM server for autorun
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XAudio2_6_x64.inf4⤵
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_6.dll4⤵
- Registers COM server for autorun
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe D3DX9_43_x64.inf4⤵
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx10_43_x64.inf4⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dx11_43_x64.inf4⤵
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe d3dcsx_43_x64.inf4⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe D3DCompiler_43_x64.inf4⤵
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XACT3_7_x64.inf4⤵
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\xactengine3_7.dll4⤵
- Registers COM server for autorun
-
C:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exeC:\Users\Admin\AppData\Local\Temp\DX4862.tmp\infinst.exe XAudio2_7_x64.inf4⤵
- Drops file in System32 directory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe /s C:\Windows\system32\XAudio2_7.dll4⤵
- Registers COM server for autorun
- Modifies registry class
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5512 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1636,16714106840033332038,10191314340082784356,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5560 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"1⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3144_871166837\ChromeRecovery.exe"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir3144_871166837\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={d0bf75b7-ad9b-4b69-941e-410478e56f9d} --system2⤵
- Executes dropped EXE
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Desktop\SDT2 0.1.0\SDT2.exe"C:\Users\Admin\Desktop\SDT2 0.1.0\SDT2.exe"1⤵
-
C:\Users\Admin\Desktop\SDT2 0.1.0\Sex_Simulator\Binaries\Win64\Sex_Simulator-Win64-Shipping.exe"C:\Users\Admin\Desktop\SDT2 0.1.0\Sex_Simulator/Binaries/Win64/Sex_Simulator-Win64-Shipping.exe" Sex_Simulator2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datFilesize
40B
MD52141e916c95cfa9ad154136321e16bab
SHA1e5eca565f7d6e04aacb92e2d334f0dbf39c799b0
SHA256dadff5e5eaa502c91cf8cc77b20dbd3b166efcf1f4f39536d98e73121895d275
SHA5120b59ccda76d76ab5142273153d4a57bbd8eb112b3d2c46d08448113fb0fb178c5927d5855d33e43dc3376c9196dde6c924bbf021b914363c2d7e2f931b2c07a7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.logFilesize
399B
MD5a15ac2782bb6b4407d11979316f678fd
SHA1b64eaf0810e180d99b83bba8e366b2e3416c5881
SHA25655f8fa21c3f0d42c973aedf538f1ade32563ae4a1e7107c939ab82b4a4d7859a
SHA512370b43c7e434c6cc9328d266c1c9db327621e2c95ad13d953c4d63457a141fbf2be0b35072de96becc29048224d3646535a149229fc2ba367c7903d3e3e79bdb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOGFilesize
314B
MD50cb0ae21be5321f657132437a94db012
SHA1c007e5610cd90a928bc706c000771a3e1bc94e84
SHA256aa46ee9b14e33900ae97252a75f39e3b693aba49862dd091ec881429031d16b7
SHA512217541d8a80f316a523921f5340e6f9ae1cf2fc25d7e0d5d2971503d1908e8f61fcd060bfc278790846bc5a89938b93af58b1e3f2163113fc0e942410c6f68de
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.jsonFilesize
10KB
MD590f880064a42b29ccff51fe5425bf1a3
SHA16a3cae3996e9fff653a1ddf731ced32b2be2acbf
SHA256965203d541e442c107dbc6d5b395168123d0397559774beae4e5b9abc44ef268
SHA512d9cbfcd865356f19a57954f8fd952caf3d31b354112766c41892d1ef40bd2533682d4ec3f4da0e59a5397364f67a484b45091ba94e6c69ed18ab681403dfd3f3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\verified_contents.jsonFilesize
7KB
MD50834821960cb5c6e9d477aef649cb2e4
SHA17d25f027d7cee9e94e9cbdee1f9220c8d20a1588
SHA25652a24fa2fb3bcb18d9d8571ae385c4a830ff98ce4c18384d40a84ea7f6ba7f69
SHA5129aeafc3ece295678242d81d71804e370900a6d4c6a618c5a81cacd869b84346feac92189e01718a7bb5c8226e9be88b063d2ece7cb0c84f17bb1af3c5b1a3fc4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD53f787ae4f4670f134548bbcb45f01e17
SHA162a3eed1197c1bb47ffe719f009d61c420c79247
SHA2569d4264f8b4629f422af74b174d7940ecfb1ae5a02bb15dec95d2ec51275cf21c
SHA5121e72204a5e15dc1c28a6349cd0a817d03b4fe5c3aa5cbcc85355e4179ec775171a671b0318019beaa607820979a7b3b83d4d38b7aa1edc4f113e3697bb6184d6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\HistoryFilesize
116KB
MD59e734e29bd2f7a7802eec88eef5532ef
SHA1e9cdf2a41c98d4438a5402cb9388b88c28fd12a1
SHA256e796d8d3b04a73771105c5f8b8b4c39d430155ffa28fcff0ff38d9dd2997d19e
SHA512eb9a39810206f8447b7f56b0176a971028342ab81c729ed7d067e3c2fdf72180481e4c5122b8efecff4fed5fbf07242460f8cc8d6c03edc367d557ea736d3120
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGFilesize
329B
MD56024980e6136cbe9664a8fa0fd60baeb
SHA17ae0b39633f29ddf551b9fd0ed9fe2678f80a649
SHA256ce4b15dcdd3cf5c809d1338ddacc7be2afdf64bd37de609597975bcb61859a7e
SHA5126ddb9dece3bf18e8b8da96441792820e155ceb94f17ccdd11da38ea9b681e3ad701a18504b3399fd6209c21ccb85cac74c561b43f0332b7a01f0b26ba753303f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOGFilesize
331B
MD523cc49094b3cfa9b3f761f2de5ad2ffc
SHA17a5e4399df2028a181a3e446595c55011153ec5c
SHA2560a168954afcda86f831af7d12883f2122dad2cbb9d4bd734a5b72c6c642bcc87
SHA5125aa772b4126254d3c9996643592805fd630c7344682b884f3591c6ac4e1271892d90931f952239ff074f306373c6004785f3e671b0ced408768c259d848204d7
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD56783ba7300642b4a346614c8aa9bb2c3
SHA13385a2f4d3169506b79730a20518f30709454c11
SHA256ddc5b05a95db0ebf5fec8783761c46ed0c05f04e5fbb162a08d652dbe62be64f
SHA512e3dd7e51dd6c475e00252289607f1042f21f6d44734e297fe21d75de1d530a3ea3fcc576c2b18261d0ef907521e49c249883a92b23284cd7e58abd0f75351500
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferredAppsFilesize
33B
MD52b432fef211c69c745aca86de4f8e4ab
SHA14b92da8d4c0188cf2409500adcd2200444a82fcc
SHA25642b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de
SHA512948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
17KB
MD5031108e03f9753f783e337b0da4e2138
SHA10bc03bd8d386a50c3c7295985172d36c0bb64663
SHA256cdcfddb987e74c52e82568ad2ffeb942711b49168c1adbd8b84cf25c13651217
SHA5128a320711ec6f2a4c3860757ab8bff849903fe311a1ef48d72ecad4261456152a373f910d5ae55ae2543f73d2271dcf7189377d943278a590729ad42dd995d748
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.logFilesize
194B
MD5d7d9437445aa960dcea52ffe772822dc
SHA1c2bbf4ac0732d905d998c4f645fd60f95a675d02
SHA2564ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1
SHA512335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOGFilesize
314B
MD5d1a2087aff309561890fbcd47ecb7fd0
SHA1de56c3857c19bed764da81b1bbc3c24fc2a02b4e
SHA256c61436643f4690d393e793a81d19ff6ff2c4e0699635ae121f4e7b3c7a203d00
SHA51278191e2f709eb779f92ff74f2877c3ca60fbefa49fb54055074118b58384d1e8f38775fd5977d9fde42b7d29fbe8618c358d5300838847cd0e06bbd3475e2746
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13314182465983189Filesize
1KB
MD58769c9701da396054c82e8ec0f9d2ebf
SHA1cd4718fec1ed16adf637cc36a2bef0146914722f
SHA2564ca91ea047d1e30f1236940044267258d85ad8038973fec50b96ee36ce319b0b
SHA5120ecce7194359a688f81118b7eda85d9db1ad76329c1ade5ae223b611ff4e8fd49b2c30f4796fecd5f4c772125ae630f6a386700287e1372529b5ef5c77ffb56b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.logFilesize
112B
MD545acf5fede04b79fa963d2cc9c08268c
SHA19236bbdb1e00b43cb2917e4c212bb35d4204460f
SHA25677ae846ec4d0b9ee3bce39e5adca3c38f57b8fa424b85eed99cabe3c6571e0f4
SHA5120481f0770b0a92e6aacce0ad05b944dac0d13f2ba8a41e49b39ff6b3163bfd6c152e85f155e63fa2e640d3e4f479f8575dc23cd68efb30896f766f3e4dd86faf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOGFilesize
345B
MD5827b2a777b2d3c437e65e5feea448aa6
SHA125480d21247b53cf5ca83c88e518c684d2b0dac3
SHA2563fe0c775b6b453b1c159f940d5661ae9d23b09ed7fb3ac65a91d60c20020207e
SHA512d83b7c2354a8a8a5afb25a023eeb548f2a11a3e57d3f62c3385d00c9da1e789afd69b2e31b9c00fd95032cfbb57e369f88e23be9c49649746ba764edd4db660c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.logFilesize
160B
MD5de92ad90be6d3364745b2f73f4c3cf73
SHA19158681463bd30e5af4dda4baac81f93cedbda77
SHA2560025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0
SHA5129e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOGFilesize
321B
MD52310d89c2da67124847399abcc3ad522
SHA1af037998f2daea7b493914c53a3feba22409514d
SHA25656dd2498bee72e471abe756c90703159739cbb60c0b492d21cc5d471d8264b80
SHA512cbd1fbfe10d8345b9a25ed264024980deb529f508f9f9d7ec5708b1975218bab0c37afa031051cfa1f94be728901e6a1ea3bcf620bec78e471631897246fcfd8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited LinksFilesize
128KB
MD5f639f718acdd3bf682703e6d07686d38
SHA1248ccec0a73af00f000e9507f12fc855ea43e5e6
SHA25653828b4103bd45fc3aef3cc0ac87023c78a42ee334ccc7d29250116bc24d5a64
SHA51237ced58f91e1db2e9100b99419af905398430f4d4114cb99b47f5a0057a9a7963e37bc0d1898743b04654a4cd0983ed63e92204199097911df73799dd178a0f3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOGFilesize
46B
MD53827c8c524f3f520898fabef0863d88f
SHA18ca48eb45bb9f8631f2c6de16376b6f29b0c58c0
SHA256beaa045d94af153c83ca74cb834fa2518f42cb346cfb66fd0d42e58063ba850f
SHA512fdde205ebe72a296d5a124fa9a9c2aee4c0b54f9f4b1accac5196879e585fc2c81d6f3b0d44b659a3a4c373f22d9ead75eb179c344dbfba79c5a39befadd87c4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\GPUCache\data_1Filesize
264KB
MD5f77c4cce18038e0f5e7e1cbc53725c05
SHA1ec92a771be91378d0dd19059a09ac7d350fb9abf
SHA256988743d19b53f68bc1806d2a8f3eaec7786a8df700a2567d3df4304f9c2675c7
SHA5122b55b402a5abe38b1d239384cc4edf017c3453367c7eb13d2d9fc8f2e37acd1f917e1b4f5803d42e0b18e114dafd07b6eb3859b5a3176e4885eb7725e03d1821
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last VersionFilesize
13B
MD5b63048c4e7e52c52053d25da30d9c5ab
SHA1679a44d402f5ec24605719e06459f5a707989187
SHA256389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1
SHA512e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
107KB
MD528f225fdc9612c985eb14cc32b144312
SHA152a8542a6b04301f77941697fd5821f231a3e01f
SHA2563060b6733ee81dd70ed649c63e3c902cbf62283402aa0adf3188c5d9353181e3
SHA51235c45a00365fa0d3f6334926f90f54dfc75a4362f1c9889ae245ce61ca7d05fda4ab07673ee95a42db13bf8856799580cb613f8397bac1ebb395b1b5fd914f66
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips\2894\manifest.fingerprintFilesize
66B
MD54b7dbca45e28dcedadf7ee53cdb88f09
SHA197691b53cd7e1b378b4ac06db1efe64e5607899b
SHA256c645698cd7095cc6253da06b31e21bc2f5453e336b87204f3878380bdf6d5bde
SHA512dec86fb3e5001eadfdde552206e9f69a032085a881c4ae460849ef11de15bbed95f14fd603a29bbab77dec3354f7abb68b9c338df74f1345a342344756de612b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SafetyTips\2894\manifest.jsonFilesize
72B
MD5a64364e707de0971a97c3e5b7c1c9082
SHA1ae886bb8078cc83387ed404f1d07e2c840196a79
SHA25600b6b7a19869c945401c4982c83e4b039743f327ffbb164822783f2ce612de40
SHA512b7d34e53c27963c163e317cc0c77b6e0c1c6ece06268519fd32d287ed0b291c13b0d5a4cc87cc652c123d74e7685b36749e89c626bc55fe8b72765808519483a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD56bafae0137e3e8f99b181c343f96bb34
SHA1087bb3c304842fadd4c6410b8bcbc3216794d96c
SHA256c90fbd93e7a8e6db1b6aa8221d9d2b9e77d29b62f7b60c4ae0494fae2ea24dc3
SHA512dec209719d8ba0d5eecc376560b0e55261aec9edb7dc8bc2bab0b6942da2150bc8710db09770d5c35cc14ff4a359fbbfdbb680d0d10ac6ed395c1343c8ba6ec8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\9.41.0\Ruleset DataFilesize
149KB
MD5ab5d6dc1de506209301837e42c5fae25
SHA1d17f6eb616031b971e9b82334f63157031e1dff7
SHA256b7b0a93637e7816af4d0eda530c8f7591bd61283ae5fdb22d2295f1bdd9f533d
SHA512a70cd41a582cc09fe2c72f123545261a2130e7bd105ac04f76331b73607f9a4a27bc10e565cb43e7b2cd27d1e616a355ef79c1010f7ccb85eff67fae33aaa6a0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\9.41.0\manifest.fingerprintFilesize
66B
MD525b4a4b1b8ba29ebac0980e36183c068
SHA1125226bab315c2d17434f259e79ee4987fa691dc
SHA256985b93e0e2399b5e6c63b62e1a998c4c92b630644baeb33d717c84e58cb68b87
SHA512fa22b53a233c1dd01a2e34704c0263cdc933a654a96b57520f2315c9a6fbdac12d4f544fa9b171cbcd6af63306309e7ed23ea93b88b1d8e279eeff1b8da5a2d1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Subresource Filter\Unindexed Rules\9.41.0\manifest.jsonFilesize
114B
MD59e1208bf9f524e07634644780904b571
SHA1b81ba1a8ccc175c183bb27b883787bc3778328f2
SHA25693ffaf90efcb48dfa95ad1567077941191ed025b7eda1e11f60bee2985336343
SHA512e67c529bb1bf46d3472ed6b746df9ee3958cb768bb04e8a018d07f73ce10ce3d8d9c42f1f34af96b4de4d8159c32d7bf41b4580813c536cc4c957c2c41352fea
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txtFilesize
4B
MD50399c3649556fd491299c8698e5b434e
SHA14e43775f7fac8bb6d62b04b482129d790cd44322
SHA256248c4640b7971d5ea83662a25d3cba1b80bef19c821245d77889314fdd0eae20
SHA512ab41d2f0620b5bf247aa57303f9a82ca2c8c18d34aa85138742f4670de16e8eedbed00803e25eafc8b957dd87b88e700050278a0f5962a0df87cad9f14b966dc
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.aclFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.excFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\crashpad_2952_TOOQJNKIDFTAEYOMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\crashpad_4780_TMZDMUQPOKWBFBIYMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/224-191-0x0000000000000000-mapping.dmp
-
memory/516-194-0x00000000006D1000-0x0000000000722000-memory.dmpFilesize
324KB
-
memory/516-193-0x00000000006D0000-0x000000000072E000-memory.dmpFilesize
376KB
-
memory/516-192-0x0000000000000000-mapping.dmp
-
memory/1060-230-0x0000000000000000-mapping.dmp
-
memory/1068-210-0x0000000000000000-mapping.dmp
-
memory/1108-209-0x0000000000000000-mapping.dmp
-
memory/1112-201-0x0000000000000000-mapping.dmp
-
memory/1200-228-0x0000000000000000-mapping.dmp
-
memory/1336-176-0x0000000000000000-mapping.dmp
-
memory/1404-221-0x0000000000000000-mapping.dmp
-
memory/1420-223-0x0000000000000000-mapping.dmp
-
memory/1440-181-0x0000000000000000-mapping.dmp
-
memory/1516-184-0x0000000000000000-mapping.dmp
-
memory/1560-187-0x0000000000000000-mapping.dmp
-
memory/1560-188-0x0000000001D80000-0x0000000001DDE000-memory.dmpFilesize
376KB
-
memory/1560-189-0x0000000001D81000-0x0000000001DD2000-memory.dmpFilesize
324KB
-
memory/1640-215-0x0000000000000000-mapping.dmp
-
memory/1760-218-0x0000000000000000-mapping.dmp
-
memory/1760-220-0x00000000007F1000-0x000000000084C000-memory.dmpFilesize
364KB
-
memory/1760-219-0x00000000007F0000-0x0000000000859000-memory.dmpFilesize
420KB
-
memory/1768-227-0x0000000000000000-mapping.dmp
-
memory/1860-199-0x0000000000000000-mapping.dmp
-
memory/1960-222-0x0000000000000000-mapping.dmp
-
memory/2044-237-0x0000000000000000-mapping.dmp
-
memory/2100-198-0x0000000000000000-mapping.dmp
-
memory/2324-224-0x0000000000000000-mapping.dmp
-
memory/2348-178-0x0000000000000000-mapping.dmp
-
memory/2364-195-0x0000000000000000-mapping.dmp
-
memory/2420-185-0x0000000000000000-mapping.dmp
-
memory/2460-171-0x0000000000000000-mapping.dmp
-
memory/2516-236-0x0000000000000000-mapping.dmp
-
memory/2704-196-0x0000000000000000-mapping.dmp
-
memory/2980-169-0x0000000000000000-mapping.dmp
-
memory/3080-174-0x0000000000000000-mapping.dmp
-
memory/3180-226-0x0000000000000000-mapping.dmp
-
memory/3208-173-0x0000000000000000-mapping.dmp
-
memory/3256-213-0x0000000000000000-mapping.dmp
-
memory/3284-235-0x0000000000000000-mapping.dmp
-
memory/3392-234-0x0000000000000000-mapping.dmp
-
memory/3456-172-0x0000000000000000-mapping.dmp
-
memory/3492-204-0x0000000000000000-mapping.dmp
-
memory/3516-186-0x0000000000000000-mapping.dmp
-
memory/3548-232-0x0000000000000000-mapping.dmp
-
memory/3572-179-0x0000000000000000-mapping.dmp
-
memory/3616-212-0x0000000000000000-mapping.dmp
-
memory/3692-208-0x0000000000000000-mapping.dmp
-
memory/3748-225-0x0000000000000000-mapping.dmp
-
memory/3976-203-0x0000000000000000-mapping.dmp
-
memory/3984-190-0x0000000000000000-mapping.dmp
-
memory/3992-214-0x0000000000000000-mapping.dmp
-
memory/4064-233-0x0000000000000000-mapping.dmp
-
memory/4092-205-0x0000000000000000-mapping.dmp
-
memory/4160-216-0x0000000000000000-mapping.dmp
-
memory/4168-182-0x0000000000000000-mapping.dmp
-
memory/4216-229-0x0000000000000000-mapping.dmp
-
memory/4376-207-0x0000000000000000-mapping.dmp
-
memory/4420-183-0x0000000000000000-mapping.dmp
-
memory/4464-180-0x0000000000000000-mapping.dmp
-
memory/4484-175-0x0000000000000000-mapping.dmp
-
memory/4492-200-0x0000000000000000-mapping.dmp
-
memory/4528-217-0x0000000000000000-mapping.dmp
-
memory/4672-211-0x0000000000000000-mapping.dmp
-
memory/4736-177-0x0000000000000000-mapping.dmp
-
memory/4792-231-0x0000000000000000-mapping.dmp
-
memory/4944-170-0x0000000000000000-mapping.dmp
-
memory/4976-202-0x0000000000000000-mapping.dmp
-
memory/5004-168-0x0000000000000000-mapping.dmp
-
memory/5036-197-0x0000000000000000-mapping.dmp
-
memory/5060-206-0x0000000000000000-mapping.dmp