Resubmissions
23-01-2023 10:28
230123-mht1waee7v 623-01-2023 10:16
230123-ma61gaee5w 1023-01-2023 10:13
230123-l86xpach26 623-01-2023 10:09
230123-l626qacg98 622-01-2023 21:32
230122-1dp31sbg5s 1022-01-2023 20:58
230122-zsbcqshg42 1020-01-2023 15:06
230120-sg8qjaaf5y 320-01-2023 14:13
230120-rjfxvsbb37 3Analysis
-
max time kernel
745s -
max time network
748s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
22-01-2023 21:32
General
-
Target
Paid_Offer_228_Jan-19.pdf
-
Size
150KB
-
MD5
40d02739328a2b96cbbaec90a58137a0
-
SHA1
9fbb76197b155edd7197095c78f49e58d0268de2
-
SHA256
111871764f74f2de6f58ec30cb84682b68bab22b59f91660c81f06ab4cb306b6
-
SHA512
fc695cfc902dc2ec5585a7c1592d979c88f2dae40562898762511332d175d4372301f6b52d87bdf918dba1732e534b7836ddd8aa5749dc2d06b630ba176f5355
-
SSDEEP
1536:rVTYjPXB7x4IzZwP236NntGB/HcDTIaxeMCcWXz+dqaxA1oPn6b9SBVxqntRZkBz:xkjfVl8Ntu/ATsMaDUysdivS1Ua9OS
Score
10/10
Malware Config
Extracted
Family
icedid
Campaign
3108046779
C2
klayerziluska.com
Signatures
-
IcedID, BokBot
IcedID is a banking trojan capable of stealing credentials.
-
Executes dropped EXE 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 5 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Detected potential entity reuse from brand microsoft.
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 9 IoCs
-
Modifies Internet Explorer settings 1 TTPs 5 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 54 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 34 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Paid_Offer_228_Jan-19.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2C246CEF4A6C0829CF0E78E380104625 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=57229E5893B063B859ADCB414CD4338C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=57229E5893B063B859ADCB414CD4338C --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=26B8525DA3BEE379E7F08847AB4DA7ED --mojo-platform-channel-handle=2188 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6EACF8B828E248915850365085F69ADB --mojo-platform-channel-handle=2412 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7619FC0EE73D567D60EDEDBB6BD9A940 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7581F5350B6BD3B51F05F48E9961E9BA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7581F5350B6BD3B51F05F48E9961E9BA --renderer-client-id=7 --mojo-platform-channel-handle=2192 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://firebasestorage.googleapis.com/v0/b/profound-veld-372422.appspot.com/o/6ncxCfGfXG%2FPaid_Offer_83_Jan_19.zip?alt=media&token=df54093b-4acf-45a1-8c62-d1100bc5a46f2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8704746f8,0x7ff870474708,0x7ff8704747183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2776 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4988 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5296 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5340 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff726375460,0x7ff726375470,0x7ff7263754804⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6100 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,12768627079764130228,12954377681308538509,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\notepad.exe"C:\Windows\system32\notepad.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\TCPView\" -spe -an -ai#7zMap3316:76:7zEvent89281⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Paid_Offer_83_Jan_19 (1)\" -spe -an -ai#7zMap16532:110:7zEvent245931⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\Downloads\TCPView\tcpview64.exe"C:\Users\Admin\Downloads\TCPView\tcpview64.exe"1⤵
- Executes dropped EXE
- Checks computer location settings
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" /select,"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"2⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8719c4f50,0x7ff8719c4f60,0x7ff8719c4f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1652 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2020 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2288 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4856 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4576 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4692 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4488 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1608,8975386752630336187,18437041215425638691,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3976 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c ragpewleaK\lawfinledr.cmd A B C D I F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 91⤵
- Enumerates connected drives
-
C:\Windows\system32\xcopy.exexcopy /s /i /e /h ragpewleaK\overprogramming.dat C:\Users\Admin\AppData\Local\Temp\*2⤵
-
C:\Windows\system32\rundll32.exerundll32 C:\Users\Admin\AppData\Local\Temp\overprogramming.dat,init2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c ragpewleaK\lawfinledr.cmd A B C D I F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 91⤵
- Enumerates connected drives
-
C:\Windows\system32\xcopy.exexcopy /s /i /e /h ragpewleaK\overprogramming.dat C:\Users\Admin\AppData\Local\Temp\*2⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c ragpewleaK\lawfinledr.cmd A B C D I F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 91⤵
- Enumerates connected drives
-
C:\Windows\system32\xcopy.exexcopy /s /i /e /h ragpewleaK\overprogramming.dat C:\Users\Admin\AppData\Local\Temp\*2⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""E:\ragpewleaK\lawfinledr.cmd" "1⤵
- Enumerates connected drives
-
C:\Windows\system32\xcopy.exexcopy /s /i /e /h ragpewleaK\overprogramming.dat C:\Users\Admin\AppData\Local\Temp\*2⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "E:\ragpewleaK\lawfinledr.cmd"1⤵
- Enumerates connected drives
-
C:\Windows\system32\xcopy.exexcopy /s /i /e /h ragpewleaK\overprogramming.dat C:\Users\Admin\AppData\Local\Temp\*2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8704746f8,0x7ff870474708,0x7ff8704747182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6992 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6476 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5784 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4224 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1940 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2480 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6100 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5764 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4280 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4348 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,2195813104527853831,13621014150021189601,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\notepad.exe"C:\Windows\system32\notepad.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04Filesize
471B
MD583ece8c908ffaaf222da6d30885c1472
SHA1e69e6aa6fe0b3c59d3b0084162b361281379b9a4
SHA2563c4002538df03eebc347c65f95564f5b382b985d72b07822d5e878990d0243ad
SHA512ad7e222b1f0a8f5583b56e7122303aa1f3777d6bce5244515f08284c5f1b68c8b1bf29e0967752503b1d1a1755461d08e4ab2dcdd4a1dcdcf5d9bde97eb7ce68
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04Filesize
430B
MD53849484f0a3387d255afdb6fb279fe5c
SHA110eaa62f734aafbb6d41bf4ed6b5423c1edb23c6
SHA2564c257aaa57f93a82fb4acf00a24ad3b86defbcf619b9a2b228f89a5a8911537a
SHA51247c11e1e3291b65bb7ef813d2058605071c7f3ff8681c6b49571897daa91335aa80f691bf9d482696474127d2750962b1ba863490d48f5f056fcc2e6c6431e03
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD56975358bf66f5ffb6575376f7b32e94f
SHA1779f399debac473aa3f9b09bfd59998559e41b8e
SHA2562a90fe21f67888772cc7e145fb804b9e7d25e7b34d161c7ab673addfe2c49577
SHA512b2d2e2e2fe55f095082ce75e510e2df26e532f67fd9ffe34d3710c382192ef4c463c2026e1e9679adb9879640feb918a62a6497b6f0027ad0efc7cf3e7e89c94
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD58ccb055f46f74f70059c1325b19f538c
SHA1bbb9562fb2b1cb94cd97b17f443340bc708dec58
SHA256a677911a70b8444ec66dbab23d24402832c9eb36101e2a4827dff32dc3a8e723
SHA5127fa6b2af18516e1341e13736a7df47dea75acf1639eeea6586e9933fcb19d112546f737717dcbf4f94c83afebc911fba003058afbbb22cc7ff3a36f729535b93
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionFilesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
13KB
MD57a8e5a90e2e32e900978f53ded6e69e0
SHA114f27aea41f86144631b9bd0998f8c8803f75e3c
SHA256573ece09e62900f66377e89302742b06fc2677f4f374c822bb2582df7be3a850
SHA512d57bc68ae6989d794fb66a5d463a3ad1321a98f2362bc141975652d3401f2c545f1d49cefea0b94d85e2d16928bbb24b4a91e1e36c895e568a57157fb37f05d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD5a8d85fad6158005174d0c589b415eac7
SHA1cc04db9a2a9371bf52ba605fba44541705f8c58f
SHA256f8df6d3e0e2fce4f7f2bb64549c56450b30b0d55757584165dc059c0342c63b6
SHA512f425e5518e3e20cee4a179690e1d45ecd41f4f6fb5c4b13f0d70ec4584269f12aec984b5ff4f421f8c1bc54eb7a87feec3a6a0d34d8aa05bdf9e5308948591ff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettingsFilesize
81B
MD5f222079e71469c4d129b335b7c91355e
SHA10056c3003874efef229a5875742559c8c59887dc
SHA256e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00
SHA512e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1Filesize
126KB
MD56698422bea0359f6d385a4d059c47301
SHA1b1107d1f8cc1ef600531ed87cea1c41b7be474f6
SHA2562f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
SHA512d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUrisFilesize
40B
MD5614c681a85a6a8fb8873fdf4274b5e15
SHA14baa33ad3e092978172fbdb8de49285b4c35ad5d
SHA256c74da0939fb336404660c29e0d09551b4177b8ec9d0c42a53b5ad1eae830729f
SHA5126abbbabd50d19490c6aa4fde1aef77cbe16e2bde201133b7e349fb50ad2c358c4ad757c0a57d686e679c8a522f95ece3097e47aff2191b3df89259817088107b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638100184334095941Filesize
163B
MD58e569a364a836a339fbef0e063fa08bd
SHA11e362d0fa226da36fe3fc1added8709370922599
SHA256cf25766a48e2bd762722ea591281a23104c7bf5f33d9b95b67423b4be40a1b43
SHA512363f36075c2fa25d6294e73cc3a49fba96a75ed33fb1745e9a035d99d0d4b7d0773f19fcb1c5311ae646f489bff552d93ed60ece62ffa08250721b94317f2118
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTrafficFilesize
29B
MD552e2839549e67ce774547c9f07740500
SHA1b172e16d7756483df0ca0a8d4f7640dd5d557201
SHA256f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32
SHA512d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982Filesize
450KB
MD5e9c502db957cdb977e7f5745b34c32e6
SHA1dbd72b0d3f46fa35a9fe2527c25271aec08e3933
SHA2565a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4
SHA512b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca
-
C:\Users\Admin\AppData\Local\Temp\overprogramming.datFilesize
1002KB
MD5d0515acd0a80ad5273ad189e72aca86f
SHA1494b7f00ee4e2a47c3b6e25f7fc603ea9f3ae1d5
SHA256265c1857ac7c20432f36e3967511f1be0b84b1c52e4867889e367c0b5828a844
SHA5122da2dc75b9aca01e0133ad119e194ba52b4f929289b8f23c13da9ef2c9e8c00f5a245b177a22207e168dd7039279357abd7bc13757e982f1088643720749d0aa
-
C:\Users\Admin\AppData\Local\Temp\overprogramming.datFilesize
1002KB
MD5d0515acd0a80ad5273ad189e72aca86f
SHA1494b7f00ee4e2a47c3b6e25f7fc603ea9f3ae1d5
SHA256265c1857ac7c20432f36e3967511f1be0b84b1c52e4867889e367c0b5828a844
SHA5122da2dc75b9aca01e0133ad119e194ba52b4f929289b8f23c13da9ef2c9e8c00f5a245b177a22207e168dd7039279357abd7bc13757e982f1088643720749d0aa
-
C:\Users\Admin\Desktop\Microsoft Edge.lnkFilesize
2KB
MD540d30725829742496323b25b458e6845
SHA162a7aac9df65950366ba3310e3e9795ceb47506b
SHA2560108d749c3e3ba848ca2958e8f427a7e99dd20efe5af531622e689c78c4d24ac
SHA512f8d6526edb32444dcdcc41b0ad62f91a325e42d71d6c822c638e99fb7623a6291c0985f8ab453e02db5cda9ae31888766a47ef8b89c0e3ff37fbcccfd9c6e7f2
-
C:\Users\Admin\Downloads\Paid_Offer_83_Jan_19 (1).zipFilesize
485KB
MD5b0116889f3552f541a26d8b54517a6b8
SHA1b1e565709d59b4fa2de37a1bfcd2c49254dab48c
SHA25634cecd5a9044d95734b6b8876695e1f4f0a98c852902af352cfdfe15dab18cc3
SHA5122f824b629b8142a1860cf62006953ffee9a5a7080c976969334352fc423f7c381e331c5787132943615cf7387ca86aa773b31ce4c2791e29528aff0f3e8654bd
-
C:\Users\Admin\Downloads\TCPView.zipFilesize
2.1MB
MD53c883a624409f03cb1f35b8a6d4e39ae
SHA194f605f83a4c08bf47d41cd74d14c2fca391cede
SHA256ad37bb52a44f8fec24368ba99577a781c69d7a8eb85d0da97b5559d93a3f0c87
SHA51258d546b954bffe0c11a258f38b5e7b014a313e7e8df93eafd10edffa01aa50b329c3a52a86070fe16bb8c6412822196774009e6a092e0c302d2461d544a96cf5
-
C:\Users\Admin\Downloads\TCPView\tcpview64.exeFilesize
1.7MB
MD506022baeddac003989d75eee785e59d5
SHA1e85dc6f20f1148b7ac9b9b8fb5297493f0338ad4
SHA256912446bc6d54d26a08fc5623cba7290673301a1eddf04c0a25ba48886c191143
SHA5124b15655df3c89d7e974902595ade9cad91f8c2e201bea2b9e5d109b0be2e6dff659eec102f03fee366e0d64ed2ed906ca8eec10fb37cfd0efb9b7a5c05e385d7
-
\??\pipe\LOCAL\crashpad_1192_EHEHRFAIOSGILIAOMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\crashpad_6052_PPHXCZINDDIWWNXWMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/116-142-0x0000000000000000-mapping.dmp
-
memory/228-764-0x0000000000000000-mapping.dmp
-
memory/424-202-0x0000000000000000-mapping.dmp
-
memory/684-159-0x0000000000000000-mapping.dmp
-
memory/836-158-0x0000000000000000-mapping.dmp
-
memory/900-175-0x0000000000000000-mapping.dmp
-
memory/968-168-0x0000000000000000-mapping.dmp
-
memory/1136-735-0x0000000000000000-mapping.dmp
-
memory/1172-162-0x0000000000000000-mapping.dmp
-
memory/1176-767-0x0000000000000000-mapping.dmp
-
memory/1192-155-0x0000000000000000-mapping.dmp
-
memory/1824-201-0x0000000000000000-mapping.dmp
-
memory/2096-148-0x0000000000000000-mapping.dmp
-
memory/2304-769-0x0000000000000000-mapping.dmp
-
memory/2476-134-0x0000000000000000-mapping.dmp
-
memory/2988-741-0x0000000000000000-mapping.dmp
-
memory/3028-137-0x0000000000000000-mapping.dmp
-
memory/3296-773-0x0000000000000000-mapping.dmp
-
memory/3432-694-0x0000000000000000-mapping.dmp
-
memory/3456-771-0x0000000000000000-mapping.dmp
-
memory/3464-145-0x0000000000000000-mapping.dmp
-
memory/3564-164-0x0000000000000000-mapping.dmp
-
memory/3592-752-0x0000000000000000-mapping.dmp
-
memory/3648-737-0x0000000000000000-mapping.dmp
-
memory/3712-749-0x0000000000000000-mapping.dmp
-
memory/3816-166-0x0000000000000000-mapping.dmp
-
memory/3876-756-0x0000000000000000-mapping.dmp
-
memory/3968-151-0x0000000000000000-mapping.dmp
-
memory/4008-132-0x0000000000000000-mapping.dmp
-
memory/4012-722-0x0000000000000000-mapping.dmp
-
memory/4032-172-0x0000000000000000-mapping.dmp
-
memory/4316-199-0x0000000000000000-mapping.dmp
-
memory/4316-739-0x0000000000000000-mapping.dmp
-
memory/4340-174-0x0000000000000000-mapping.dmp
-
memory/4496-758-0x0000000000000000-mapping.dmp
-
memory/4540-156-0x0000000000000000-mapping.dmp
-
memory/4608-221-0x0000000000000000-mapping.dmp
-
memory/4628-170-0x0000000000000000-mapping.dmp
-
memory/4640-191-0x0000000000000000-mapping.dmp
-
memory/4644-775-0x0000000000000000-mapping.dmp
-
memory/4700-762-0x0000000000000000-mapping.dmp
-
memory/4808-760-0x0000000000000000-mapping.dmp
-
memory/5004-747-0x0000000000000000-mapping.dmp
-
memory/5104-695-0x0000000000000000-mapping.dmp
-
memory/5116-765-0x0000000000000000-mapping.dmp
-
memory/5248-193-0x0000000000000000-mapping.dmp
-
memory/5300-721-0x0000000000000000-mapping.dmp
-
memory/5340-225-0x000001B7CEB50000-0x000001B7CEB59000-memory.dmpFilesize
36KB
-
memory/5340-222-0x0000000000000000-mapping.dmp
-
memory/5412-720-0x0000000000000000-mapping.dmp
-
memory/5440-183-0x0000000000000000-mapping.dmp
-
memory/5480-754-0x0000000000000000-mapping.dmp
-
memory/5520-743-0x0000000000000000-mapping.dmp
-
memory/5536-751-0x0000000000000000-mapping.dmp
-
memory/5560-176-0x0000000000000000-mapping.dmp
-
memory/5596-185-0x0000000000000000-mapping.dmp
-
memory/5612-245-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-236-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-266-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-268-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-267-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-274-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-273-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-498-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-496-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-500-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-263-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-652-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-693-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-264-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-257-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-258-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-256-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-255-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-254-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-253-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-252-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-251-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-241-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-243-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-246-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-244-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-242-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-265-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-235-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-234-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-233-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-231-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-232-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-219-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-218-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-212-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-213-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-211-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-210-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-209-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-208-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-207-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-206-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5612-784-0x00007FF84C360000-0x00007FF84C370000-memory.dmpFilesize
64KB
-
memory/5644-177-0x0000000000000000-mapping.dmp
-
memory/5656-187-0x0000000000000000-mapping.dmp
-
memory/5712-745-0x0000000000000000-mapping.dmp
-
memory/5892-178-0x0000000000000000-mapping.dmp
-
memory/5964-723-0x0000000000000000-mapping.dmp
-
memory/5992-195-0x0000000000000000-mapping.dmp
-
memory/6040-197-0x0000000000000000-mapping.dmp
-
memory/6072-180-0x0000000000000000-mapping.dmp
-
memory/6088-181-0x0000000000000000-mapping.dmp