Analysis Overview
SHA256
dd25763298b89f56a6cc512b95120943cbf668b41655c3b04810d64775d10277
Threat Level: Known bad
The file dd25763298b89f56a6cc512b95120943cbf668b41655c3b04810d64775d10277 was found to be: Known bad.
Malicious Activity Summary
DcRat
Djvu Ransomware
SmokeLoader
Detected Djvu ransomware
Vidar
Detects Smokeloader packer
Drops file in Drivers directory
Executes dropped EXE
Downloads MZ/PE file
Blocklisted process makes network request
Checks computer location settings
Modifies file permissions
Reads user/profile data of web browsers
Loads dropped DLL
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Drops Chrome extension
Accesses 2FA software files, possible credential harvesting
Checks installed software on the system
Looks up external IP address via web service
Accesses Microsoft Outlook profiles
Suspicious use of SetThreadContext
Drops file in Program Files directory
Enumerates physical storage devices
Program crash
Checks processor information in registry
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Delays execution with timeout.exe
Suspicious behavior: GetForegroundWindowSpam
outlook_office_path
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of SendNotifyMessage
outlook_win_path
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-11-30 14:30
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2022-11-30 14:30
Reported
2022-11-30 14:33
Platform
win10v2004-20220812-en
Max time kernel
148s
Max time network
153s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\dd25763298b89f56a6cc512b95120943cbf668b41655c3b04810d64775d10277.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\672ef38f-4003-4f93-8428-352e37773754\\3A3F.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\3A3F.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects Smokeloader packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
SmokeLoader
Vidar
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\201B.exe | N/A |
| File created | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\201B.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\201B.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2319.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2433.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\201B.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3423.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3A3F.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3A3F.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3A3F.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\3A3F.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E100.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\201B.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3A3F.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3A3F.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build2.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build2.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of web browsers
Accesses 2FA software files, possible credential harvesting
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\SysWOW64\explorer.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\672ef38f-4003-4f93-8428-352e37773754\\3A3F.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\3A3F.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Checks installed software on the system
Drops Chrome extension
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\manifest.json | C:\Users\Admin\AppData\Local\Temp\201B.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4424 set thread context of 2536 | N/A | C:\Users\Admin\AppData\Local\Temp\201B.exe | C:\Users\Admin\AppData\Local\Temp\201B.exe |
| PID 3064 set thread context of 3604 | N/A | C:\Users\Admin\AppData\Local\Temp\3A3F.exe | C:\Users\Admin\AppData\Local\Temp\3A3F.exe |
| PID 3664 set thread context of 1456 | N/A | C:\Users\Admin\AppData\Local\Temp\3A3F.exe | C:\Users\Admin\AppData\Local\Temp\3A3F.exe |
| PID 1084 set thread context of 2304 | N/A | C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build2.exe | C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build2.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\7fb7ef67-5cb4-4518-8c6d-028f6bf83381.tmp | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20221130153159.pma | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\2433.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\3423.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\E100.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\dd25763298b89f56a6cc512b95120943cbf668b41655c3b04810d64775d10277.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\dd25763298b89f56a6cc512b95120943cbf668b41655c3b04810d64775d10277.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\dd25763298b89f56a6cc512b95120943cbf668b41655c3b04810d64775d10277.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\2319.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\2319.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\2319.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Previous Update Revision | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Configuration Data | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Component Information | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 | C:\Windows\SysWOW64\rundll32.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Revision | C:\Windows\SysWOW64\rundll32.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | N/A | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dd25763298b89f56a6cc512b95120943cbf668b41655c3b04810d64775d10277.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dd25763298b89f56a6cc512b95120943cbf668b41655c3b04810d64775d10277.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\dd25763298b89f56a6cc512b95120943cbf668b41655c3b04810d64775d10277.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2319.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\SysWOW64\explorer.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Windows\SysWOW64\explorer.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\dd25763298b89f56a6cc512b95120943cbf668b41655c3b04810d64775d10277.exe
"C:\Users\Admin\AppData\Local\Temp\dd25763298b89f56a6cc512b95120943cbf668b41655c3b04810d64775d10277.exe"
C:\Users\Admin\AppData\Local\Temp\201B.exe
C:\Users\Admin\AppData\Local\Temp\201B.exe
C:\Users\Admin\AppData\Local\Temp\2319.exe
C:\Users\Admin\AppData\Local\Temp\2319.exe
C:\Users\Admin\AppData\Local\Temp\2433.exe
C:\Users\Admin\AppData\Local\Temp\2433.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4512 -ip 4512
C:\Users\Admin\AppData\Local\Temp\201B.exe
C:\Users\Admin\AppData\Local\Temp\201B.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 344
C:\Users\Admin\AppData\Local\Temp\3423.exe
C:\Users\Admin\AppData\Local\Temp\3423.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://search-syt.com/reginst/prg/8573ee94/102/0/"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://search-syt.com/reginst/prg/8573ee94/102/0/"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc188146f8,0x7ffc18814708,0x7ffc18814718
C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\37FC.dll
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc18934f50,0x7ffc18934f60,0x7ffc18934f70
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4828 -ip 4828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 344
C:\Users\Admin\AppData\Local\Temp\3A3F.exe
C:\Users\Admin\AppData\Local\Temp\3A3F.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\37FC.dll
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Users\Admin\AppData\Local\Temp\3A3F.exe
C:\Users\Admin\AppData\Local\Temp\3A3F.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1620,2274977445751620010,14002508764383728476,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1744 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1620,2274977445751620010,14002508764383728476,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1636 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1620,2274977445751620010,14002508764383728476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,5443469366129677414,1654108605735618255,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2352 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,2274977445751620010,14002508764383728476,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2928 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,2274977445751620010,14002508764383728476,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,5443469366129677414,1654108605735618255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,5443469366129677414,1654108605735618255,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5443469366129677414,1654108605735618255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5443469366129677414,1654108605735618255,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5443469366129677414,1654108605735618255,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2432 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1620,2274977445751620010,14002508764383728476,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5443469366129677414,1654108605735618255,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\672ef38f-4003-4f93-8428-352e37773754" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2216,5443469366129677414,1654108605735618255,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3972 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,2274977445751620010,14002508764383728476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\3A3F.exe
"C:\Users\Admin\AppData\Local\Temp\3A3F.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\3A3F.exe
"C:\Users\Admin\AppData\Local\Temp\3A3F.exe" --Admin IsNotAutoStart IsNotTask
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,2274977445751620010,14002508764383728476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3128 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5443469366129677414,1654108605735618255,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build2.exe
"C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build2.exe"
C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build2.exe
"C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build2.exe"
C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build3.exe
"C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build3.exe"
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5443469366129677414,1654108605735618255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7a5c75460,0x7ff7a5c75470,0x7ff7a5c75480
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5443469366129677414,1654108605735618255,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 /prefetch:8
C:\Windows\SysWOW64\schtasks.exe
/C /create /F /sc minute /mo 1 /tn "Azure-Update-Task" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Network\mstsca.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout /t 6 & del /f /q "C:\Users\Admin\AppData\Local\1134118f-82ec-4bb1-8103-bfaa580997c0\build2.exe" & exit
C:\Windows\SysWOW64\timeout.exe
timeout /t 6
C:\Users\Admin\AppData\Local\Temp\E100.exe
C:\Users\Admin\AppData\Local\Temp\E100.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,2274977445751620010,14002508764383728476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:8
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Serpodtudpwhhta.dll,start
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 5300 -ip 5300
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 484
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1620,2274977445751620010,14002508764383728476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2760 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1620,2274977445751620010,14002508764383728476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2320 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1620,2274977445751620010,14002508764383728476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2216,5443469366129677414,1654108605735618255,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4952 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| N/A | 87.248.202.1:80 | tcp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 209.197.3.8:80 | tcp | |
| N/A | 178.79.208.1:80 | tcp | |
| N/A | 8.8.8.8:53 | furubujjul.net | udp |
| N/A | 91.195.240.101:80 | furubujjul.net | tcp |
| N/A | 52.242.101.226:443 | tcp | |
| N/A | 20.189.173.4:443 | tcp | |
| N/A | 8.8.8.8:53 | starvestitibo.org | udp |
| N/A | 193.106.191.15:80 | starvestitibo.org | tcp |
| N/A | 8.8.8.8:53 | careers-info.com | udp |
| N/A | 167.235.4.117:443 | careers-info.com | tcp |
| N/A | 77.73.131.124:80 | 77.73.131.124 | tcp |
| N/A | 87.248.202.1:80 | tcp | |
| N/A | 87.248.202.1:80 | tcp | |
| N/A | 87.248.202.1:80 | tcp | |
| N/A | 8.8.8.8:53 | api.2ip.ua | udp |
| N/A | 162.0.217.254:443 | api.2ip.ua | tcp |
| N/A | 8.8.8.8:53 | starvestitibo.org | udp |
| N/A | 193.106.191.15:80 | starvestitibo.org | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 8.8.8.8:53 | search-syt.com | udp |
| N/A | 31.220.1.81:443 | search-syt.com | tcp |
| N/A | 31.220.1.81:443 | search-syt.com | tcp |
| N/A | 31.220.1.81:443 | search-syt.com | tcp |
| N/A | 8.8.8.8:53 | accounts.google.com | udp |
| N/A | 172.217.168.237:443 | accounts.google.com | tcp |
| N/A | 172.217.168.237:443 | accounts.google.com | tcp |
| N/A | 8.8.8.8:53 | dns.google | udp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| N/A | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 20.86.249.62:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 8.8.8.8:53 | ntp.msn.com | udp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.4.4:443 | dns.google | tcp |
| N/A | 8.8.8.8:53 | smartscreen-prod.microsoft.com | udp |
| N/A | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| N/A | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 142.250.179.131:443 | ssl.gstatic.com | tcp |
| N/A | 142.251.36.46:443 | google.com | tcp |
| N/A | 142.251.36.46:443 | tcp | |
| N/A | 31.220.1.81:443 | search-syt.com | tcp |
| N/A | 31.220.1.81:443 | search-syt.com | tcp |
| N/A | 204.79.197.200:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 31.220.1.81:443 | search-syt.com | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 142.250.179.142:443 | apis.google.com | tcp |
| N/A | 162.0.217.254:443 | api.2ip.ua | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 131.253.33.200:443 | tcp | |
| N/A | 8.8.8.8:53 | fresherlights.com | udp |
| N/A | 8.8.8.8:53 | uaery.top | udp |
| N/A | 142.251.36.46:443 | google.com | tcp |
| N/A | 142.251.36.46:443 | tcp | |
| N/A | 8.8.8.8:53 | nav.smartscreen.microsoft.com | udp |
| N/A | 20.82.250.189:443 | nav.smartscreen.microsoft.com | tcp |
| N/A | 23.73.0.158:443 | assets.msn.com | tcp |
| N/A | 23.73.0.158:443 | assets.msn.com | tcp |
| N/A | 23.73.0.158:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 189.156.139.211:80 | uaery.top | tcp |
| N/A | 181.94.48.228:80 | fresherlights.com | tcp |
| N/A | 204.79.197.200:443 | tcp | |
| N/A | 20.234.93.27:443 | tcp | |
| N/A | 23.72.252.155:443 | tcp | |
| N/A | 65.9.86.81:443 | tcp | |
| N/A | 8.8.8.8:53 | dowe.at | udp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 204.79.197.239:443 | tcp | |
| N/A | 204.79.197.239:443 | tcp | |
| N/A | 31.220.1.81:443 | search-syt.com | tcp |
| N/A | 31.220.1.81:443 | search-syt.com | tcp |
| N/A | 142.250.179.142:443 | apis.google.com | tcp |
| N/A | 31.220.1.81:443 | search-syt.com | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 181.94.48.228:80 | fresherlights.com | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 8.8.8.8:53 | t.me | udp |
| N/A | 149.154.167.99:443 | t.me | tcp |
| N/A | 116.203.0.170:80 | 116.203.0.170 | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 123.253.32.170:80 | 123.253.32.170 | tcp |
| N/A | 8.238.20.254:80 | tcp | |
| N/A | 23.51.68.110:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 8.238.20.254:80 | tcp | |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 212.203.228.42:80 | tcp | |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 142.250.179.195:443 | update.googleapis.com | tcp |
| N/A | 8.8.8.8:53 | edgedl.me.gvt1.com | udp |
| N/A | 34.104.35.123:80 | edgedl.me.gvt1.com | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 204.79.197.239:443 | tcp | |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 172.93.193.231:443 | 172.93.193.231 | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 189.156.139.211:80 | dowe.at | tcp |
| N/A | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| N/A | 152.199.19.161:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 8.8.4.4:443 | dns.google | udp |
| N/A | 142.250.179.131:443 | beacons.gcp.gvt2.com | tcp |
| N/A | 172.217.168.227:443 | beacons.gvt2.com | tcp |
| N/A | 172.217.168.227:443 | udp | |
| N/A | 142.250.179.195:443 | udp |
Files
memory/384-132-0x000000000077D000-0x000000000078D000-memory.dmp
memory/384-133-0x00000000005F0000-0x00000000005F9000-memory.dmp
memory/384-134-0x0000000000400000-0x0000000000464000-memory.dmp
memory/384-135-0x0000000000400000-0x0000000000464000-memory.dmp
memory/4424-136-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\201B.exe
| MD5 | 47ad5d71dcd38f85253d882d93c04906 |
| SHA1 | 941ef208fb34ff9a3b25f7a325fcd0a44eacaaaf |
| SHA256 | 6ba14148ff3ce0ee93f4d2641677ac454aa0187821cba41c8eb03212a8c04fe2 |
| SHA512 | 75291bdf369e90b76d7c15a45c3532f751e82a7acde205af1c019775e1138833cea32652fe940cc98e3a491f2c3677c45d58933c7e2ea55f089e99f2133dd0d0 |
C:\Users\Admin\AppData\Local\Temp\2319.exe
| MD5 | b1c37576637b9f2864e0797119d3192d |
| SHA1 | eca7a612473bf914b5e8314173c5d7f21a3d0402 |
| SHA256 | d9ac58833f8680fb3cad7bb12f9bd82b07a934e230b9ad4c92c098452e56b5f4 |
| SHA512 | eb231c9e480b82f4c159f31a1f2458822f1b260a218af8332d3bfa686b675c71c2cf34885c9b7aee8530a073a406baf2fbb02ff24465a99940571c121717fba2 |
memory/4924-138-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\2319.exe
| MD5 | b1c37576637b9f2864e0797119d3192d |
| SHA1 | eca7a612473bf914b5e8314173c5d7f21a3d0402 |
| SHA256 | d9ac58833f8680fb3cad7bb12f9bd82b07a934e230b9ad4c92c098452e56b5f4 |
| SHA512 | eb231c9e480b82f4c159f31a1f2458822f1b260a218af8332d3bfa686b675c71c2cf34885c9b7aee8530a073a406baf2fbb02ff24465a99940571c121717fba2 |
C:\Users\Admin\AppData\Local\Temp\2433.exe
| MD5 | 627c6b5db128a8979a15c2c44c61c638 |
| SHA1 | c647dba63fa8072c4463d03eea0d9f806b7baa1d |
| SHA256 | 2313f2c77c1d900ea6b55f12c161602999026b6d51ff2d747638cc3b29e95b13 |
| SHA512 | 82ccb403c51fecc366f49065957b5a4a065d83026a325170030eab699b234f3484a912e8f1476ea94843683805f32d4918c30a130d2403910df547caaec1a003 |
C:\Users\Admin\AppData\Local\Temp\2433.exe
| MD5 | 627c6b5db128a8979a15c2c44c61c638 |
| SHA1 | c647dba63fa8072c4463d03eea0d9f806b7baa1d |
| SHA256 | 2313f2c77c1d900ea6b55f12c161602999026b6d51ff2d747638cc3b29e95b13 |
| SHA512 | 82ccb403c51fecc366f49065957b5a4a065d83026a325170030eab699b234f3484a912e8f1476ea94843683805f32d4918c30a130d2403910df547caaec1a003 |
memory/4512-141-0x0000000000000000-mapping.dmp
memory/4924-144-0x000000000072D000-0x000000000073D000-memory.dmp
memory/4924-145-0x0000000000570000-0x0000000000579000-memory.dmp
memory/4924-146-0x0000000000400000-0x0000000000464000-memory.dmp
memory/2536-147-0x0000000000000000-mapping.dmp
memory/2536-148-0x0000000000400000-0x00000000007DC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\201B.exe
| MD5 | 47ad5d71dcd38f85253d882d93c04906 |
| SHA1 | 941ef208fb34ff9a3b25f7a325fcd0a44eacaaaf |
| SHA256 | 6ba14148ff3ce0ee93f4d2641677ac454aa0187821cba41c8eb03212a8c04fe2 |
| SHA512 | 75291bdf369e90b76d7c15a45c3532f751e82a7acde205af1c019775e1138833cea32652fe940cc98e3a491f2c3677c45d58933c7e2ea55f089e99f2133dd0d0 |
memory/4512-151-0x0000000000400000-0x0000000000458000-memory.dmp
memory/4424-154-0x0000000004D40000-0x000000000510F000-memory.dmp
memory/4424-153-0x0000000004B7D000-0x0000000004D38000-memory.dmp
memory/2536-152-0x0000000000400000-0x00000000007DC000-memory.dmp
memory/4512-149-0x00000000006DD000-0x00000000006ED000-memory.dmp
memory/2536-155-0x0000000000400000-0x00000000007DC000-memory.dmp
memory/2536-156-0x0000000000400000-0x00000000007DC000-memory.dmp
memory/4828-157-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\3423.exe
| MD5 | bd89233fff8b6db6404c5d1f1b6692bd |
| SHA1 | 9c93c729ba035c190a57fcfc297b7a9e5c06318a |
| SHA256 | 38f2295d9116b2ea9a4ca2c25ac762b62b1e86784961cabe2afc12a42581b7af |
| SHA512 | f8ffe86a646af461ac54ad9e463ae022fc562755685cc09fd1e689eeb8592de0460f090cb1638cc3233f08f334049398c393c4619159eda5609acdbb75291d6d |
C:\Users\Admin\AppData\Local\Temp\3423.exe
| MD5 | bd89233fff8b6db6404c5d1f1b6692bd |
| SHA1 | 9c93c729ba035c190a57fcfc297b7a9e5c06318a |
| SHA256 | 38f2295d9116b2ea9a4ca2c25ac762b62b1e86784961cabe2afc12a42581b7af |
| SHA512 | f8ffe86a646af461ac54ad9e463ae022fc562755685cc09fd1e689eeb8592de0460f090cb1638cc3233f08f334049398c393c4619159eda5609acdbb75291d6d |
memory/3492-160-0x0000000000000000-mapping.dmp
memory/400-161-0x0000000000000000-mapping.dmp
memory/2668-162-0x0000000000000000-mapping.dmp
memory/4828-164-0x0000000000560000-0x0000000000660000-memory.dmp
memory/4828-165-0x0000000001F50000-0x0000000001F59000-memory.dmp
memory/4828-166-0x0000000000400000-0x0000000000459000-memory.dmp
memory/4924-167-0x0000000000400000-0x0000000000464000-memory.dmp
memory/3064-168-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\3A3F.exe
| MD5 | 83c1e4e675d6c19eb31b92bbe0471341 |
| SHA1 | f027cf43958250cbb33012270e72b421bbc4db37 |
| SHA256 | 61fdfa8cd554673184f7b115259529ba929d8a3f28c25c7cf6f18043ab9875e3 |
| SHA512 | 0b6e10af2019e60355341e5b00a27f679b37935d27d343edc9f7c5910261feb7be79b4adb15745e9e4ee5a9c99e28f77b421fa3886d1afcf095717368f6e5900 |
C:\Users\Admin\AppData\Local\Temp\3A3F.exe
| MD5 | 83c1e4e675d6c19eb31b92bbe0471341 |
| SHA1 | f027cf43958250cbb33012270e72b421bbc4db37 |
| SHA256 | 61fdfa8cd554673184f7b115259529ba929d8a3f28c25c7cf6f18043ab9875e3 |
| SHA512 | 0b6e10af2019e60355341e5b00a27f679b37935d27d343edc9f7c5910261feb7be79b4adb15745e9e4ee5a9c99e28f77b421fa3886d1afcf095717368f6e5900 |
C:\Users\Admin\AppData\Local\Temp\37FC.dll
| MD5 | 5a00b18b04ccdec303133f1e5dafa31b |
| SHA1 | a9d0b7bed7e45cadf9099117edd0c4df3ef653e5 |
| SHA256 | f65a1440cebcd5f07b53f0c878e806cbc25cb02b29605db7506e55e493c6886a |
| SHA512 | 0f0d71ec916c5bfa14c7c88f348fdc24300edb75e60c9fd52566e371b149a954022bfada09a7dc0d440db4e7f6523f38131ba95f3b593b75e931d35f1bf00ac6 |
memory/1704-172-0x0000000000000000-mapping.dmp
memory/3824-173-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\37FC.dll
| MD5 | 5a00b18b04ccdec303133f1e5dafa31b |
| SHA1 | a9d0b7bed7e45cadf9099117edd0c4df3ef653e5 |
| SHA256 | f65a1440cebcd5f07b53f0c878e806cbc25cb02b29605db7506e55e493c6886a |
| SHA512 | 0f0d71ec916c5bfa14c7c88f348fdc24300edb75e60c9fd52566e371b149a954022bfada09a7dc0d440db4e7f6523f38131ba95f3b593b75e931d35f1bf00ac6 |
memory/3604-176-0x0000000000000000-mapping.dmp
memory/3604-178-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ee621404b574f32a8e3a1d386894fbfe |
| SHA1 | 24c5db80947c41178e87b5f5af98cd1c1a30e01c |
| SHA256 | a68e303ca584d44c52c0840e6f4118aa3560d1e1e41c753c6cbe1cfaeecf0a7b |
| SHA512 | 92cea56e688dfe81230f7890f4c70b076f0addc89dcc1827d64adcbf1cbee995191c96a72ec716e7782b03899da6d06744abd40a32d4f117a6b4df43269993c4 |
C:\Users\Admin\AppData\Local\Temp\3A3F.exe
| MD5 | 83c1e4e675d6c19eb31b92bbe0471341 |
| SHA1 | f027cf43958250cbb33012270e72b421bbc4db37 |
| SHA256 | 61fdfa8cd554673184f7b115259529ba929d8a3f28c25c7cf6f18043ab9875e3 |
| SHA512 | 0b6e10af2019e60355341e5b00a27f679b37935d27d343edc9f7c5910261feb7be79b4adb15745e9e4ee5a9c99e28f77b421fa3886d1afcf095717368f6e5900 |
memory/3064-182-0x00000000021BB000-0x000000000224C000-memory.dmp
memory/3604-181-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3604-180-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4576-175-0x0000000000000000-mapping.dmp
memory/3064-183-0x0000000002250000-0x000000000236B000-memory.dmp
memory/4576-184-0x0000000000B70000-0x0000000000B7C000-memory.dmp
memory/3604-185-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data
| MD5 | 5f1b6473ccebfb6c4850be30e0e6303c |
| SHA1 | 2bce2854045916338423aebe4c6fa01edd82626e |
| SHA256 | fa63a7892095280c06708f009e66a99879c4bfff37338bde5dbd4fabaa8f862d |
| SHA512 | 40f74dc86a42f1b3fa906e38c28245baeb5b4816dd95b23e271d862a7fb755efc25c4762eeed93fce9296e04be7b89542d9ac94b972aa5459c3110da883aa7dd |
memory/3824-189-0x0000000000EC0000-0x0000000000F2B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
| MD5 | e9b8e16e16dfd282479234fdec0544f6 |
| SHA1 | fcb9a79ba3d06c39a0bb9e6dc99c61385642377d |
| SHA256 | ac70e899705ee1e25d10c35b3ff8988a442a642e2ffbcb104abdab965347984a |
| SHA512 | a80d6c4e66683e7af56f721f0c2e0514086cdddca90a0363af62051751b610396b30c1d20b9c2c2b4306d8b700ad74888d2bdcde340332fb95b296fe00d370a3 |
memory/3824-186-0x0000000000F30000-0x0000000000FA5000-memory.dmp
C:\Windows\system32\drivers\etc\hosts
| MD5 | 6b800a7ce8e526d4ef554af1d3c5df84 |
| SHA1 | a55b3ee214f87bd52fa8bbd9366c4b5b9f25b11f |
| SHA256 | d3834400ae484a92575e325d9e64802d07a0f2a28ff76fb1aef48dbce32b931f |
| SHA512 | cce2d77ad7e26b9b2fae11761d8d7836b160db176777f2904471f4f73e5e39036979ba9ff66aea6fd21338a3bba4a6b0ad63f025870d55e1486bb569d813d49a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 3be2af707ad05df617dd349f0aa72089 |
| SHA1 | 0bb785fdcc7f4690647c7283e79fc92fe4ffe1b8 |
| SHA256 | e5c4b75054e0643e7d64553faada1e4596d7cbe2985e01ead1fd452ba374ae07 |
| SHA512 | 4d33b3a7192104ae2b69f3627b57e84639d132d39e91104e0f218faae5e53aacdff119735af4d712aea5efd6ddc3398420a345ecad49c965f47f2e3a675ae5f5 |
\??\pipe\crashpad_4204_EWCBGHHPBTQSCXIG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a1d5a3a2478000a8617477f0d5cd1f53 |
| SHA1 | 3404d0af805856a098c348d9bc20fe60be1d7721 |
| SHA256 | 7c966ac44a808da6b39022e3cd97f8c1ef4060b85c83f11ab291d83c3bb9974d |
| SHA512 | f2623ac1033e3045ef7239228dab01568edfc0ec4ddd9eeb53424da26b9a1ca8c744b8b557f0d2b09435839359798c5c977f12778a9ccfe5e7537c1aececd25e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | e241615011a64274f9adc068d7225c9f |
| SHA1 | 6acb5249e0b7a3439994a54144dd3fbedac0f9e4 |
| SHA256 | f2dab69911fc11341edda3add360dd533af514678db5bc7e60af67364da60764 |
| SHA512 | a51a432a873e3ec1bbe7efb69be16eec90eddcd97110fa7b172ea8b6fce82ba85b0408bd1b96c34cb8dfc88ff19627e037d03d6839d80aa208edb5be240f311e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\js\ads.js
| MD5 | 4a825d485551c014dd45ff480fedef48 |
| SHA1 | 2a0867acaf0e2d251f73fbfbacab7839ab67cf95 |
| SHA256 | 8b79dbf4c747a266c9688ebe24ceb3605afa38e305c92632aa63086f64473aa5 |
| SHA512 | ac98c12b68691018dc87fd2bc3f3c528f2acdddd1b31268819da65cc52d4f07dbbdd6866dbb410c41b6d2d5459453d11c20c1b6da3d5324063674037248c77fc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\ico\128.png
| MD5 | 1f2092ca6379fb8aaf583d4bc260955e |
| SHA1 | 1f5c95c87fc0e794fffa81f9db5e6663eefa2cd1 |
| SHA256 | bf8b8d46317c1fda356507735093f90dff5a578f564ed482b1166088ffcb8015 |
| SHA512 | 5ee4e914801fd60a3f3840cb7836f4773c6a49cfc878b431a60d0eb7e7dc391d1efdb079fab134ed08148a94e83d1eeb483a698f6cb8d3136dadd645058b9cd7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\ico\64.png
| MD5 | d93ff667b54492bba9b9490cf588bf49 |
| SHA1 | 9a9f6fc23ecbaacebbc3260c76bb57bab5949a63 |
| SHA256 | 55a82197ac30ec87ecbaa140ed6f007c4d4a379834370a518b77971e0107c9a0 |
| SHA512 | 923051a25d4c4567cee0af02feb4cf02bdecca3c6f344bc48994941632637c0ec47303734f5e3dc76160b2c9f2f4eae704ac48e2806ac998a4dc8707c7db59b6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\ico\48.png
| MD5 | 059ee71acc8439f352e350aecd374ab9 |
| SHA1 | d5143bf7aad6847d46f0230f0edf6393db4c9a8c |
| SHA256 | 0047690e602eb4a017c27402ad27cfe3b2e897b6e7b298e4f022e69fa2024b50 |
| SHA512 | 91928af347a547678d15b95836b7daeb6b2fbbd4855f067be9f6b8feadafff7803aa31159c8a1bf8f7cb95733bde883315a189dae54d898d517f521ea37d5ded |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\ico\36.png
| MD5 | 4e93455eb724d13f8cddbe4c5fd236c3 |
| SHA1 | 3e8c930686c4024e0a3e6cd813d709ce67a7208d |
| SHA256 | a3e4f86e7e85040a8e234652d834c089bdb2849937194b612ca1963c81fcc69f |
| SHA512 | 78a3c51f4db8aa273f6d0363c93c0b88d401752b18007b1a09303236b1d91e9758d8ea32a88b8ce76c6e820fe0ebca5ae1fc28c86dc98479f1ff8200c2dfeb83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dda3a2e59247fd4ee7bcbabf833055df |
| SHA1 | 8ba9753883373268376e206a2abccd36c793cd53 |
| SHA256 | af6e197b2bedd65c99f754f9b8cee388f81bd33999c6bd9a2862cd46a897a6a2 |
| SHA512 | 43f97d0c413e2a645fe27df2268d73d5ee46564dac9f6e453f6517f3a7a51945fea059b5b8216a03ff024a709cdfa60ce95a6223df2555e82de8df6f8f1836de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\ico\128.png
| MD5 | 1f2092ca6379fb8aaf583d4bc260955e |
| SHA1 | 1f5c95c87fc0e794fffa81f9db5e6663eefa2cd1 |
| SHA256 | bf8b8d46317c1fda356507735093f90dff5a578f564ed482b1166088ffcb8015 |
| SHA512 | 5ee4e914801fd60a3f3840cb7836f4773c6a49cfc878b431a60d0eb7e7dc391d1efdb079fab134ed08148a94e83d1eeb483a698f6cb8d3136dadd645058b9cd7 |
memory/3480-215-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\js\ads.js
| MD5 | 4a825d485551c014dd45ff480fedef48 |
| SHA1 | 2a0867acaf0e2d251f73fbfbacab7839ab67cf95 |
| SHA256 | 8b79dbf4c747a266c9688ebe24ceb3605afa38e305c92632aa63086f64473aa5 |
| SHA512 | ac98c12b68691018dc87fd2bc3f3c528f2acdddd1b31268819da65cc52d4f07dbbdd6866dbb410c41b6d2d5459453d11c20c1b6da3d5324063674037248c77fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\ico\64.png
| MD5 | d93ff667b54492bba9b9490cf588bf49 |
| SHA1 | 9a9f6fc23ecbaacebbc3260c76bb57bab5949a63 |
| SHA256 | 55a82197ac30ec87ecbaa140ed6f007c4d4a379834370a518b77971e0107c9a0 |
| SHA512 | 923051a25d4c4567cee0af02feb4cf02bdecca3c6f344bc48994941632637c0ec47303734f5e3dc76160b2c9f2f4eae704ac48e2806ac998a4dc8707c7db59b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\ico\48.png
| MD5 | 059ee71acc8439f352e350aecd374ab9 |
| SHA1 | d5143bf7aad6847d46f0230f0edf6393db4c9a8c |
| SHA256 | 0047690e602eb4a017c27402ad27cfe3b2e897b6e7b298e4f022e69fa2024b50 |
| SHA512 | 91928af347a547678d15b95836b7daeb6b2fbbd4855f067be9f6b8feadafff7803aa31159c8a1bf8f7cb95733bde883315a189dae54d898d517f521ea37d5ded |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\ico\36.png
| MD5 | 4e93455eb724d13f8cddbe4c5fd236c3 |
| SHA1 | 3e8c930686c4024e0a3e6cd813d709ce67a7208d |
| SHA256 | a3e4f86e7e85040a8e234652d834c089bdb2849937194b612ca1963c81fcc69f |
| SHA512 | 78a3c51f4db8aa273f6d0363c93c0b88d401752b18007b1a09303236b1d91e9758d8ea32a88b8ce76c6e820fe0ebca5ae1fc28c86dc98479f1ff8200c2dfeb83 |
memory/4180-216-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\ico\32.png
| MD5 | a11da999ffc6d60d18430e21be60a921 |
| SHA1 | f98adfc8f6c526f2d3d9bd7b8726a7ea851ec1e5 |
| SHA256 | 1e8162fa7f3109b450c66d3c7a4a8ba205f1516d23a5b610ab396ec0931b6dc6 |
| SHA512 | 8aa2078ff8e68edd30ba46a4cae1a87df2a92e9623c848f0bcd816791f6243faa98164ec849c544130f22b8cb1fa1bd9e5bece8367fde1fd22fe8b1da09ce401 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\ico\24.png
| MD5 | 52b03cd5ab1715c9478925d24e470989 |
| SHA1 | 675804f5552867b9015b6cdb2328a88b3596a00c |
| SHA256 | afb7462a5952697a10eda8f653fb57287def531ba851678323dfa838a0291ccb |
| SHA512 | 00dc3c4ae1939f16e506bf414d369c755e5043edbaf9181e9c05f48d1cc55c5f05f67c9cab2ab82a2845fdeba977d47c263bdd23762ba3cfcea43d8bb1b3fdd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\ico\16.png
| MD5 | c2e121bfc2b42d77c4632f0e43968ac2 |
| SHA1 | 0f1d5bc95df1b6b333055871f25172ee66ceb21d |
| SHA256 | 7d0d655cccfc117307faf463404da2931c2f5deae5ce80e638e042beccfa7b1e |
| SHA512 | baa00af5fe6de9a3de61f85f4e27dec9c5c9a12052fb1d110f2dc5c1a4e39d275547a6d0368a93f6c0c88945dca3777b550408942f7c498ba556170b1e7a243c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\manifest.json
| MD5 | 23bb601e1a3c4a5a19830739f33b6f7b |
| SHA1 | 3558f1194cf2562f66245d7d5f562e7331da8afd |
| SHA256 | 04bbd2c615f81fd4f57663259f6373224033b23c623bc1265afcd8ceb548f1bb |
| SHA512 | 71cb66058b9cd2feb98b01d78554422fbbad148fc2e9450a6fcdf25af6a8bed4a3c0d71df6293e1da22af4f24e31bc95fa1f54836e2f7798c56bd03d144b1dba |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\ico\32.png
| MD5 | a11da999ffc6d60d18430e21be60a921 |
| SHA1 | f98adfc8f6c526f2d3d9bd7b8726a7ea851ec1e5 |
| SHA256 | 1e8162fa7f3109b450c66d3c7a4a8ba205f1516d23a5b610ab396ec0931b6dc6 |
| SHA512 | 8aa2078ff8e68edd30ba46a4cae1a87df2a92e9623c848f0bcd816791f6243faa98164ec849c544130f22b8cb1fa1bd9e5bece8367fde1fd22fe8b1da09ce401 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\ico\24.png
| MD5 | 52b03cd5ab1715c9478925d24e470989 |
| SHA1 | 675804f5552867b9015b6cdb2328a88b3596a00c |
| SHA256 | afb7462a5952697a10eda8f653fb57287def531ba851678323dfa838a0291ccb |
| SHA512 | 00dc3c4ae1939f16e506bf414d369c755e5043edbaf9181e9c05f48d1cc55c5f05f67c9cab2ab82a2845fdeba977d47c263bdd23762ba3cfcea43d8bb1b3fdd3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\ico\16.png
| MD5 | c2e121bfc2b42d77c4632f0e43968ac2 |
| SHA1 | 0f1d5bc95df1b6b333055871f25172ee66ceb21d |
| SHA256 | 7d0d655cccfc117307faf463404da2931c2f5deae5ce80e638e042beccfa7b1e |
| SHA512 | baa00af5fe6de9a3de61f85f4e27dec9c5c9a12052fb1d110f2dc5c1a4e39d275547a6d0368a93f6c0c88945dca3777b550408942f7c498ba556170b1e7a243c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdklkehakandkgnhnjnbpnnngiohpchj\0.0.0_0\manifest.json
| MD5 | 23bb601e1a3c4a5a19830739f33b6f7b |
| SHA1 | 3558f1194cf2562f66245d7d5f562e7331da8afd |
| SHA256 | 04bbd2c615f81fd4f57663259f6373224033b23c623bc1265afcd8ceb548f1bb |
| SHA512 | 71cb66058b9cd2feb98b01d78554422fbbad148fc2e9450a6fcdf25af6a8bed4a3c0d71df6293e1da22af4f24e31bc95fa1f54836e2f7798c56bd03d144b1dba |
memory/4192-218-0x0000000000000000-mapping.dmp
memory/3824-220-0x0000000000EC0000-0x0000000000F2B000-memory.dmp
\??\pipe\LOCAL\crashpad_3492_NXBDVZCRXWTQOWII
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1740-225-0x0000000000000000-mapping.dmp
memory/2536-226-0x0000000000400000-0x00000000007DC000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | acc461ab46aff9ac3668cdbcf1b4a7af |
| SHA1 | 3731190b07b06dac738f4b9d6ce85fe7a71d3ae9 |
| SHA256 | b4e275a0caf944a407152bc7e92b8a42babc8f7ba44577ea55fc310faff5b96c |
| SHA512 | 5ee890d044f223eb773f62f915c578730a9e6d9e17d5658cda43bad92d3c258a9af781e208277e051f57de46c4a8d59dafa0ba2e38b7e2bdd0bbbad9386b2395 |
memory/1388-222-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | 831338af079aafa56f28344073546efb |
| SHA1 | 905eb9b310e58ec1bd4477ad806254736bef48f9 |
| SHA256 | fe03ad2aaa2378c6a5d83adb3af08b42b34b122f70279848646722c561ad627a |
| SHA512 | 19a1726f250e0435d035c7689996b4e8756f7cecc2ef07e8ce9e248cda24696354a4549143a94b43cfc14bf3afa18796ab1c9f0f28ec3d13a431c6c07b1f263f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
| MD5 | fc4666cbca561e864e7fdf883a9e6661 |
| SHA1 | 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5 |
| SHA256 | 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b |
| SHA512 | c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | e5e3377341056643b0494b6842c0b544 |
| SHA1 | d53fd8e256ec9d5cef8ef5387872e544a2df9108 |
| SHA256 | e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25 |
| SHA512 | 83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef |
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
| MD5 | 7e171adc50d259e172d137f1e612843c |
| SHA1 | bbd5ee9adc70c6ba7505adc3716bdd0067ddee7e |
| SHA256 | 46e69d09e76bb54aa08ec4106afbb511e9f4dafda6302545032c3e8a65f82536 |
| SHA512 | ad471f278ad4431ea489c2e36b4fef85fb6621f25adc8e37237cf229b0ba96e930811302e5c745cf09d5e11a09c2f6ba6f1bf84ea65683a12f4461e4b2b1f05e |
memory/4168-233-0x0000000000000000-mapping.dmp
memory/3972-232-0x0000000000000000-mapping.dmp
memory/5056-235-0x0000000000000000-mapping.dmp
memory/4424-237-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\672ef38f-4003-4f93-8428-352e37773754\3A3F.exe
| MD5 | 83c1e4e675d6c19eb31b92bbe0471341 |
| SHA1 | f027cf43958250cbb33012270e72b421bbc4db37 |
| SHA256 | 61fdfa8cd554673184f7b115259529ba929d8a3f28c25c7cf6f18043ab9875e3 |
| SHA512 | 0b6e10af2019e60355341e5b00a27f679b37935d27d343edc9f7c5910261feb7be79b4adb15745e9e4ee5a9c99e28f77b421fa3886d1afcf095717368f6e5900 |
memory/1704-239-0x0000000002BB0000-0x0000000002C7A000-memory.dmp
memory/1704-240-0x0000000002830000-0x000000000296F000-memory.dmp
memory/1704-241-0x0000000002A90000-0x0000000002BA4000-memory.dmp
memory/1704-242-0x0000000002C80000-0x0000000002D36000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\3A3F.exe
| MD5 | 83c1e4e675d6c19eb31b92bbe0471341 |
| SHA1 | f027cf43958250cbb33012270e72b421bbc4db37 |
| SHA256 | 61fdfa8cd554673184f7b115259529ba929d8a3f28c25c7cf6f18043ab9875e3 |
| SHA512 | 0b6e10af2019e60355341e5b00a27f679b37935d27d343edc9f7c5910261feb7be79b4adb15745e9e4ee5a9c99e28f77b421fa3886d1afcf095717368f6e5900 |
memory/3664-245-0x0000000000000000-mapping.dmp
memory/3604-247-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1456-248-0x0000000000000000-mapping.dmp
C:\Users\Admin\AppData\Local\Temp\3A3F.exe
| MD5 | 83c1e4e675d6c19eb31b92bbe0471341 |
| SHA1 | f027cf43958250cbb33012270e72b421bbc4db37 |
| SHA256 | 61fdfa8cd554673184f7b115259529ba929d8a3f28c25c7cf6f18043ab9875e3 |
| SHA512 | 0b6e10af2019e60355341e5b00a27f679b37935d27d343edc9f7c5910261feb7be79b4adb15745e9e4ee5a9c99e28f77b421fa3886d1afcf095717368f6e5900 |
memory/3664-252-0x000000000215A000-0x00000000021EB000-memory.dmp
memory/1456-253-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1456-251-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | 916c512d221c683beeea9d5cb311b0b0 |
| SHA1 | bf0db4b1c4566275b629efb095b6ff8857b5748e |
| SHA256 | 64a36c1637d0a111152002a2c0385b0df9dd81b616b3f2073fbbe3f2975aa4d8 |
| SHA512 | af32cffea722438e9b17b08062dc2e209edc5417418964ead0b392bd502e1a647a8456b2ee2ea59faf69f93d0c6ea6f15949b6c30924db7da65b91cb18e8dc6c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
| MD5 | b0d6728d60e99ec2064e921233922ea1 |
| SHA1 | c95fb7dc8021069f37bb96ec8b70eeae5b64b90b |
| SHA256 | b173c26ad32314faf4894541ca6e05ba3156e8f5964762698f458f674129a933 |
| SHA512 | fde0ce831daf47258fe179cc1bc01a90724a476e3fc7063345e14428b6f14428dcd9e5c0c0036f3b199c15dcf79e9baa9a8f4402289a77ac8022b10bb6572a84 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D
| MD5 | a96b163a47126d5f26cf0bce478d03ed |
| SHA1 | 8105865fc8a07bdff82555bcb6c3f6f02fad580c |
| SHA256 | d1d94eee8598251a20054965fded42416a262ea7258ba5975b9acd5c1e09446e |
| SHA512 | 62bc345035e6c184c759ccff56d30c493def95e65d2ae3b48f351011655814d5635a718f424904070e6bbbd768af5ad2564d769baaec98179c9f435906f4767d |
memory/4960-258-0x0000000000000000-mapping.dmp
memory/1456-259-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1084-260-0x0000000000000000-mapping.dmp
memory/2304-261-0x0000000000000000-mapping.dmp
memory/2304-263-0x0000000000400000-0x000000000045F000-memory.dmp
memory/2304-265-0x0000000000400000-0x000000000045F000-memory.dmp
memory/1084-264-0x00000000006CD000-0x00000000006FA000-memory.dmp
memory/1084-266-0x00000000005D0000-0x000000000061B000-memory.dmp
memory/2304-262-0x0000000000400000-0x000000000045F000-memory.dmp
memory/2304-267-0x0000000000400000-0x000000000045F000-memory.dmp
memory/2452-268-0x0000000000000000-mapping.dmp
memory/1636-269-0x0000000000000000-mapping.dmp
memory/5192-270-0x0000000000000000-mapping.dmp
memory/5240-271-0x0000000000000000-mapping.dmp
memory/2304-272-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/5572-290-0x0000000000000000-mapping.dmp
memory/5692-291-0x0000000000000000-mapping.dmp
memory/1456-292-0x0000000000400000-0x0000000000537000-memory.dmp
memory/5816-293-0x0000000000000000-mapping.dmp
memory/2304-294-0x0000000000400000-0x000000000045F000-memory.dmp
memory/5904-295-0x0000000000000000-mapping.dmp
memory/5300-296-0x0000000000000000-mapping.dmp
memory/5300-297-0x0000000002539000-0x00000000028BE000-memory.dmp
memory/5300-298-0x00000000028C0000-0x0000000002DA5000-memory.dmp
memory/5300-299-0x0000000000400000-0x00000000008F2000-memory.dmp
memory/5300-300-0x00000000028C0000-0x0000000002DA5000-memory.dmp
memory/5300-301-0x0000000000400000-0x00000000008F2000-memory.dmp
memory/4076-302-0x0000000000000000-mapping.dmp
memory/4076-303-0x0000000002D00000-0x0000000003157000-memory.dmp
memory/4076-304-0x0000000002D00000-0x0000000003157000-memory.dmp
memory/5300-305-0x0000000000400000-0x00000000008F2000-memory.dmp
memory/4076-306-0x0000000002D00000-0x0000000003157000-memory.dmp
memory/5428-308-0x0000000000000000-mapping.dmp
memory/4076-309-0x0000000003EE0000-0x0000000004A2D000-memory.dmp
memory/4076-310-0x0000000003EE0000-0x0000000004A2D000-memory.dmp
memory/4076-311-0x0000000003EE0000-0x0000000004A2D000-memory.dmp
memory/4076-312-0x0000000004AF0000-0x0000000004C30000-memory.dmp
memory/4076-313-0x0000000004AF0000-0x0000000004C30000-memory.dmp