Analysis
-
max time kernel
1334s -
max time network
1338s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system -
submitted
12-02-2023 14:30
Static task
static1
Behavioral task
behavioral1
Sample
106025.jpg
Resource
win10-20220812-en
General
-
Target
106025.jpg
-
Size
666KB
-
MD5
da10df0155f67a8b0a2a2569b6441339
-
SHA1
c00930f9218a7f97ccd9ca5a975732218aebb09c
-
SHA256
3dcb2fd3d856cf65923e5452a603d1d097c27dda5502209579a0c6a052bb0147
-
SHA512
2a09f67d11817b1dd2e17f3aea7e4897e83b424b0617b95e22b0dff78976fe3efb38b82473ea3946295bf0bc065a168a69537075e8495e0f530dbd868a910dc1
-
SSDEEP
12288:X0Q6/xoVlj0Rvi6+dNSBSVCCjN+CogiXwQqHOTlebI42dhJgoX5Q6FzwN:EQ6OVlj0xt++Co5r8Qlebzigou6FzwN
Malware Config
Extracted
C:\Program Files\WinRAR\Rar.txt
Extracted
C:\Program Files\WinRAR\WhatsNew.txt
https
http
http://weirdsgn.com
http://icondesignlab.com
https://rarlab.com/themes/WinRAR_Classic_48x36.theme.rar
Extracted
vidar
2.4
408
-
profile_id
408
Signatures
-
Modifies system executable filetype association 2 TTPs 8 IoCs
Processes:
uninstall.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA} uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" uninstall.exe -
Downloads MZ/PE file
-
Executes dropped EXE 10 IoCs
Processes:
winrar-x64-620.exeuninstall.exeWinRAR.exeSetup.exeSetup.exe78342900098007232947.exeSetup.exeWinRAR.exe13554537246848636112.exe12692932130341423522.exepid process 1116 winrar-x64-620.exe 2224 uninstall.exe 3856 WinRAR.exe 2308 Setup.exe 3728 Setup.exe 284 78342900098007232947.exe 4684 Setup.exe 3928 WinRAR.exe 3588 13554537246848636112.exe 1372 12692932130341423522.exe -
Loads dropped DLL 8 IoCs
Processes:
AppLaunch.exeAppLaunch.exeAppLaunch.exepid process 2068 2068 4368 AppLaunch.exe 4368 AppLaunch.exe 296 AppLaunch.exe 296 AppLaunch.exe 3272 AppLaunch.exe 3272 AppLaunch.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun 1 TTPs 3 IoCs
Processes:
uninstall.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext.dll" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" uninstall.exe -
Processes:
resource yara_rule behavioral1/memory/284-416-0x0000000000B60000-0x0000000001345000-memory.dmp upx behavioral1/memory/3588-641-0x0000000001250000-0x0000000001A35000-memory.dmp upx behavioral1/memory/1372-769-0x0000000000A40000-0x0000000001225000-memory.dmp upx behavioral1/memory/1372-771-0x0000000000A40000-0x0000000001225000-memory.dmp upx -
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext 3 IoCs
Processes:
Setup.exeSetup.exeSetup.exedescription pid process target process PID 3728 set thread context of 4368 3728 Setup.exe AppLaunch.exe PID 2308 set thread context of 3272 2308 Setup.exe AppLaunch.exe PID 4684 set thread context of 296 4684 Setup.exe AppLaunch.exe -
Drops file in Program Files directory 60 IoCs
Processes:
winrar-x64-620.exeuninstall.exedescription ioc process File opened for modification C:\Program Files\WinRAR\Descript.ion winrar-x64-620.exe File created C:\Program Files\WinRAR\ReadMe.txt winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\Default64.SFX winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\Zip.SFX winrar-x64-620.exe File created C:\Program Files\WinRAR\zipnew.dat uninstall.exe File opened for modification C:\Program Files\WinRAR\WinRAR.chm winrar-x64-620.exe File created C:\Program Files\WinRAR\RarExtInstaller.exe winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\RarExtInstaller.exe winrar-x64-620.exe File created C:\Program Files\WinRAR\RarExt.dll winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\RarExt32.dll winrar-x64-620.exe File created C:\Program Files\WinRAR\RarExtPackage.msix winrar-x64-620.exe File created C:\Program Files\WinRAR\Zip64.SFX winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\ReadMe.txt winrar-x64-620.exe File created C:\Program Files\WinRAR\WhatsNew.txt winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\Uninstall.exe winrar-x64-620.exe File created C:\Program Files\WinRAR\Default.SFX winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\WinCon.SFX winrar-x64-620.exe File created C:\Program Files\WinRAR\RarExt32.dll winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\Order.htm winrar-x64-620.exe File created C:\Program Files\WinRAR\7zxa.dll winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png winrar-x64-620.exe File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png winrar-x64-620.exe File created C:\Program Files\WinRAR\Order.htm winrar-x64-620.exe File created C:\Program Files\WinRAR\WinCon64.SFX winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\Rar.txt winrar-x64-620.exe File created C:\Program Files\WinRAR\RarFiles.lst winrar-x64-620.exe File created C:\Program Files\WinRAR\WinRAR.exe winrar-x64-620.exe File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\Zip64.SFX winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\License.txt winrar-x64-620.exe File created C:\Program Files\WinRAR\Rar.txt winrar-x64-620.exe File created C:\Program Files\WinRAR\Uninstall.lst winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\UnRAR.exe winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\7zxa.dll winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\WhatsNew.txt winrar-x64-620.exe File created C:\Program Files\WinRAR\Uninstall.exe winrar-x64-620.exe File created C:\Program Files\WinRAR\rarnew.dat uninstall.exe File opened for modification C:\Program Files\WinRAR winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\Resources.pri winrar-x64-620.exe File created C:\Program Files\WinRAR\Default64.SFX winrar-x64-620.exe File created C:\Program Files\WinRAR\WinCon.SFX winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\RarFiles.lst winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\Uninstall.lst winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\Rar.exe winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\WinRAR.exe winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\RarExt.dll winrar-x64-620.exe File created C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_241320718 winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\Default.SFX winrar-x64-620.exe File created C:\Program Files\WinRAR\Zip.SFX winrar-x64-620.exe File created C:\Program Files\WinRAR\WinRAR.chm winrar-x64-620.exe File created C:\Program Files\WinRAR\License.txt winrar-x64-620.exe File created C:\Program Files\WinRAR\UnRAR.exe winrar-x64-620.exe File created C:\Program Files\WinRAR\Rar.exe winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\RarExtPackage.msix winrar-x64-620.exe File created C:\Program Files\WinRAR\Resources.pri winrar-x64-620.exe File opened for modification C:\Program Files\WinRAR\WinCon64.SFX winrar-x64-620.exe File created C:\Program Files\WinRAR\Descript.ion winrar-x64-620.exe File created C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png winrar-x64-620.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 11 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exeAppLaunch.exeAppLaunch.exeAppLaunch.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AppLaunch.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString AppLaunch.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AppLaunch.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AppLaunch.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString AppLaunch.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString AppLaunch.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Delays execution with timeout.exe 2 IoCs
Processes:
timeout.exetimeout.exepid process 4768 timeout.exe 1184 timeout.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
chrome.exechrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies registry class 64 IoCs
Processes:
uninstall.exeOpenWith.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r25 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.uu uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.uu\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r12 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r01 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r07 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r14 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r15\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r18 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.txz uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon uninstall.exe Key created \REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings OpenWith.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.cab\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lz uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tar uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.bz2 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.001 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,0" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rev uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r21 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.z uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.zst\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open\command uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ = "WinRAR" uninstall.exe Key created \REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r08\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.zipx\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32 uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tgz uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32\ = "C:\\Program Files\\WinRAR\\rarext32.dll" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.zip uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.r11 uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r14\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r27\ = "WinRAR" uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.lz\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lha uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA} uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.rar uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r04\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tlz uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.xxe\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.taz uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.lzh uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR uninstall.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.r17\ = "WinRAR" uninstall.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command uninstall.exe -
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 748 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exeAppLaunch.exechrome.exeAppLaunch.exepid process 4240 chrome.exe 4240 chrome.exe 492 chrome.exe 492 chrome.exe 5040 chrome.exe 5040 chrome.exe 4592 chrome.exe 4592 chrome.exe 392 chrome.exe 392 chrome.exe 2224 chrome.exe 2224 chrome.exe 2224 chrome.exe 2224 chrome.exe 5060 chrome.exe 5060 chrome.exe 576 chrome.exe 576 chrome.exe 1976 chrome.exe 1976 chrome.exe 4580 chrome.exe 4580 chrome.exe 748 chrome.exe 748 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 3968 chrome.exe 808 chrome.exe 808 chrome.exe 580 chrome.exe 580 chrome.exe 3340 chrome.exe 3340 chrome.exe 200 chrome.exe 200 chrome.exe 208 chrome.exe 208 chrome.exe 3212 chrome.exe 3212 chrome.exe 3600 chrome.exe 3600 chrome.exe 956 chrome.exe 956 chrome.exe 4940 chrome.exe 4940 chrome.exe 2248 chrome.exe 2248 chrome.exe 1372 chrome.exe 1372 chrome.exe 304 chrome.exe 304 chrome.exe 4808 chrome.exe 4808 chrome.exe 3896 chrome.exe 3896 chrome.exe 4504 chrome.exe 4504 chrome.exe 4368 AppLaunch.exe 4368 AppLaunch.exe 640 chrome.exe 640 chrome.exe 296 AppLaunch.exe 296 AppLaunch.exe -
Suspicious behavior: GetForegroundWindowSpam 4 IoCs
Processes:
OpenWith.exeWinRAR.exeWinRAR.exeOpenWith.exepid process 3156 OpenWith.exe 3856 WinRAR.exe 3928 WinRAR.exe 2248 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
Processes:
chrome.exechrome.exepid process 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
firefox.exeAUDIODG.EXEdescription pid process Token: SeDebugPrivilege 2796 firefox.exe Token: SeDebugPrivilege 2796 firefox.exe Token: 33 1804 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1804 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exefirefox.exechrome.exepid process 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 2796 firefox.exe 2796 firefox.exe 2796 firefox.exe 2796 firefox.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe -
Suspicious use of SendNotifyMessage 51 IoCs
Processes:
chrome.exefirefox.exechrome.exepid process 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 492 chrome.exe 2796 firefox.exe 2796 firefox.exe 2796 firefox.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe 576 chrome.exe -
Suspicious use of SetWindowsHookEx 46 IoCs
Processes:
firefox.exeOpenWith.exeOpenWith.exeOpenWith.exeOpenWith.exewinrar-x64-620.exeWinRAR.exeAppLaunch.exeOpenWith.exeAppLaunch.exepid process 2796 firefox.exe 4784 OpenWith.exe 3928 OpenWith.exe 500 OpenWith.exe 3156 OpenWith.exe 3156 OpenWith.exe 3156 OpenWith.exe 3156 OpenWith.exe 3156 OpenWith.exe 3156 OpenWith.exe 3156 OpenWith.exe 3156 OpenWith.exe 3156 OpenWith.exe 3156 OpenWith.exe 3156 OpenWith.exe 3156 OpenWith.exe 3156 OpenWith.exe 3156 OpenWith.exe 3156 OpenWith.exe 1116 winrar-x64-620.exe 1116 winrar-x64-620.exe 3856 WinRAR.exe 3856 WinRAR.exe 4368 AppLaunch.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 2248 OpenWith.exe 296 AppLaunch.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 492 wrote to memory of 3784 492 chrome.exe chrome.exe PID 492 wrote to memory of 3784 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4256 492 chrome.exe chrome.exe PID 492 wrote to memory of 4240 492 chrome.exe chrome.exe PID 492 wrote to memory of 4240 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe PID 492 wrote to memory of 4276 492 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\106025.jpg1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd473d4f50,0x7ffd473d4f60,0x7ffd473d4f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1632 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1680 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2324 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2668 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4284 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4232 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4536 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4316 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5264 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4784 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4788 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5492 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5920 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1684 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1088 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1520 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5760 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5156 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1608,3897553417022012537,5652505632974667955,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.0.71378508\1243518193" -parentBuildID 20200403170909 -prefsHandle 1528 -prefMapHandle 1520 -prefsLen 1 -prefMapSize 220115 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 1604 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.3.1961636073\1082490611" -childID 1 -isForBrowser -prefsHandle 2124 -prefMapHandle 2100 -prefsLen 156 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 2208 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2796.13.1551117393\1425342740" -childID 2 -isForBrowser -prefsHandle 3288 -prefMapHandle 3284 -prefsLen 6938 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2796 "\\.\pipe\gecko-crash-server-pipe.2796" 3296 tab3⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd473d4f50,0x7ffd473d4f60,0x7ffd473d4f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1512 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1880 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2308 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4396 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4520 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4684 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4496 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2624 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2820 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5776 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5916 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4472 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=164 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3660 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5048 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3136 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1360 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5892 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2708 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4692 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3696 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4876 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5944 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6020 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7108 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6100 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6388 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3832 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6224 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7064 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4944 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7156 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1420 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6568 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4704 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3836 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4960 /prefetch:82⤵
-
C:\Users\Admin\Downloads\winrar-x64-620.exe"C:\Users\Admin\Downloads\winrar-x64-620.exe"2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\WinRAR\uninstall.exe"C:\Program Files\WinRAR\uninstall.exe" /setup3⤵
- Modifies system executable filetype association
- Executes dropped EXE
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6848 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6696 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\WinRAR\WinRAR.exe"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\TikTokVievBotq2022 (2).rar"2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Rar$EXb3856.20732\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Rar$EXb3856.20732\Setup.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"4⤵
- Loads dropped DLL
- Checks processor information in registry
-
C:\ProgramData\12692932130341423522.exe"C:\ProgramData\12692932130341423522.exe"5⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /C choice /C Y /N /D Y /T 0 &Del C:\ProgramData\12692932130341423522.exe6⤵
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 07⤵
-
C:\Users\Admin\AppData\Local\Temp\Rar$EXb3856.29918\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Rar$EXb3856.29918\Setup.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"4⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\ProgramData\78342900098007232947.exe"C:\ProgramData\78342900098007232947.exe"5⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /C choice /C Y /N /D Y /T 0 &Del C:\ProgramData\78342900098007232947.exe6⤵
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 07⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout /t 6 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" & exit5⤵
-
C:\Windows\SysWOW64\timeout.exetimeout /t 66⤵
- Delays execution with timeout.exe
-
C:\Users\Admin\AppData\Local\Temp\Rar$EXb3856.42750\Setup.exe"C:\Users\Admin\AppData\Local\Temp\Rar$EXb3856.42750\Setup.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"4⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\ProgramData\13554537246848636112.exe"C:\ProgramData\13554537246848636112.exe"5⤵
- Executes dropped EXE
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /C choice /C Y /N /D Y /T 0 &Del C:\ProgramData\13554537246848636112.exe6⤵
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 07⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout /t 6 & del /f /q "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" & exit5⤵
-
C:\Windows\SysWOW64\timeout.exetimeout /t 66⤵
- Delays execution with timeout.exe
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5116 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1420 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6704 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5052 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6724 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3840 /prefetch:82⤵
-
C:\Program Files\WinRAR\WinRAR.exe"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\tiktodv3-master.zip"2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Rar$DIa3928.11112\requirements.txt3⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1376 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6592 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=856 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1500,18064632257973805120,436911761900798103,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:12⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3fc1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\TikTok-ViewBot-main\TikTok-ViewBot-main\zefoy\index.js"1⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\TikTok-ViewBot-main\TikTok-ViewBot-main\zefoy\index.js"1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\TikTokVievBotq2022.rar2⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Rar$DIa3928.6509\README.md2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datFilesize
40B
MD5e7364f7487b8b48f2618abd6f88b1fa1
SHA14ac0becdf8cf5bf3e618f05b578068804c963b0a
SHA2565a2fa88b613ffcad22d43daf0baf84ba21e435b7fdec2f18c4e0bdc9152d4c81
SHA5121deb2da4a09f8a8bc752115d7480d7aacc086f03d5c1bb807596037e61470a7874f0d6a8ec799cdcf67dd42ec688cc4ade570f50b41aff5f5a52d6b7ecf92ea6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\FaviconsFilesize
24KB
MD5e5041997e046f14a9f3a5783a4a10583
SHA127110a2750706bb38713b69f659800dad0092066
SHA256d1793a7518a591158e5fce26ffa4197ad16e8675a0307cb0529e0491ee5a25c5
SHA512eebffb89ee34f52475c699b357fad688eb12a1cf5b967ef2e6e34f5e7f254c5c62cb5159b87e9521cd4536f4d6efa2ffb80f5cc39d6eed446f1153d6a9c3f78b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\HistoryFilesize
116KB
MD5d125806384ee733a36d905e08062481a
SHA184882bdf41af8d9dcdcdd5caa2fca3b7ea3bd9e8
SHA256010e7d086ccb02617b11ffb895ca9ef67244516e09c91a16e85ae62c4b11466e
SHA512584ce61ae6815bac434965f8527e983c98de275f9a3b6cc43e39d5263b4cfb1d309ddd36004e8a5b7253e0d41e544a778108eadbbb3d67697187523c385daef5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5c7801c8ca2cfa93c82c5046176f5ada9
SHA1bea32ad2e7f1ea232e5ab0ffe9b61f33c0e651b6
SHA2569735ee4e22d3c490eeabc73c331600b5a471ee7179657a2388543566354ac5da
SHA512587af1731c8874a6269b419984df765d93f59be7a004a2797fa9857f13cd2b539006f6fa85f795251ceb040baee9ba108d8d3bef1aa63c3c6b0b92183d9efa1f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD5dc47da38c3f8b33e8da44f23585e4565
SHA120f7cc946b1e8b279e74c52a91fdacd0b477bbd3
SHA256f2a0dec6d34a22b5a403ccd2e5b57a024449ab7035da4a27e51773f8491169dd
SHA51285524ce83058c68fcaa1ca35f1c5232b1786332196634a9580d739f0535ae9f3616ddcf287c402755a9d380d2d76d081f13b6e07e70eb6a5a9d1e1249390213e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13320689447717521Filesize
10KB
MD526f42cc211feea74e1eddc9bf18a1a3b
SHA11e2c011b5b6b0db51b751a7392d5bfe2fda81de5
SHA25659680a243b7789e19843dfb05c89655c466168d6e0e689dabb966efaee104716
SHA512abc8b7ba8a66a052d5b48f8918b1893517a32c47b22ef061e01da571e037cacea0163c4525c8d767b266164e8a8c9abe13e548702b28522e34cfd694c802996d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.logFilesize
316B
MD5869e8861fe353495f7c6a780d87dfe59
SHA15de5317b0950960beee944fb858da3fd5163c278
SHA256378fe0fe0dfcfa4af5ab54f626ab4637f92f4d417410ac3e6bbefc75cfbfe7a7
SHA512206097c8e2b2af1eac8d068739600e32f1f3ac0829a5c8b81aca8f0f328ecca9ca9c031b85589e8220082861e5c35d4fcb025b80532278c583f8a11b2e055de8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOGFilesize
348B
MD50a1d2f20f48bca8346b0c23e0388c272
SHA109ac8d760d33cb3a1b0f1f25158fc32f1838eec9
SHA256f5e2b1bbe4333b07bf68955a38f38cf194f7dd7654c0ea158c6f37406d0258cf
SHA51268d4fde4028ab338d36193dfff4c28292c115d75992fa08a6e3cd293aa2d678c2915a8b8520836391f86bca60a742078485c178f08d23d8029d0272be7889588
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.logFilesize
160B
MD5de92ad90be6d3364745b2f73f4c3cf73
SHA19158681463bd30e5af4dda4baac81f93cedbda77
SHA2560025a3e0d3b834401b3b5f820e1991ef7e810d9a4b8b6b579e6301c94e7031a0
SHA5129e81cefc195439439f4b23ee7696309d7bc3c08e5b444d2abde26d2f12b2d3bcfd124fb9a2d40c6389e9f787741676fad366a2e9982674e7b931028c014d8a79
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOGFilesize
324B
MD569f7a6abcefc3cc1d57a1f78bbe3aafe
SHA110e33fe77517b12b6b5c7ec3f762f47f5abe08a1
SHA25654b7dc761661b1b0b72c2e50acf910942fbef3f6bb14865292f0a7f8992b8515
SHA512156cad0634e83c89888395d77c5b6148587675fcf00da1284562575bee71b11cfc7e72bc0cb416de58600452b815b2c416960d4bbb6c78d45d1dbf9f5da67bad
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited LinksFilesize
128KB
MD5bf1954a86ccd1a77fc9e027b5874f1a3
SHA1e5be4e7ad34176801c758076ef74569c6150914b
SHA2563e0e9870884bf2292d30e9dc1bcb5ea145b3059d814cd4758b2251cb24a48a8e
SHA5126ae12b45b503fd020c438e86a68f63f248f21b96b19adca12834ee6a8144917b694073f04d593b2eaf670227cd4d58ec23fdca5c623872cb06135fcae61378d0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last VersionFilesize
13B
MD5b63048c4e7e52c52053d25da30d9c5ab
SHA1679a44d402f5ec24605719e06459f5a707989187
SHA256389caa40ea458e84bc624a9af1e0dec60fa652b2db2b81c09b1dfe22822cc3d1
SHA512e86c58c5a25e24f21ad79ed526a90c120a09c115f4820663bd2ebbc59e7bb1c4c418267eb77645522aa20b2c1b53fba8e31690db7bae9b21e4eff3db06316359
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
115KB
MD5dd6fdb332b10d5fa13a65dd3bcacfdea
SHA1b8cef85dae2543a9cd16d0dce6af37088301bf2f
SHA256f2cf4a89666a13494a2832dd8bf60daf56799765389119c33866a57e28394988
SHA512d42e22007aea98461486594527325c971f1baba9151bbbd1d15f2fab2893d7f2ccb190b5e0ba271273fc7d8d72394c0e4e992492be564c82f971eee5363b7288
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD59d8a7a1dfc45a32fededadde22597fba
SHA197675e6b9f7e6f2ead48e7db267557e4d2fd62bf
SHA256bbbb263e46e740de7619f14257cb90f214ddd9699be4172404d7e5b39ed3f802
SHA5121ae22866c864e945137fe842eed8f5c44dc0ce02b94321cc51fd85965421354ecf3a98371f252095dc3124b60a66339f98e70150a1babfb1afc3c10a3ac90220
-
\??\pipe\chrome.2796.10.55189975Filesize
304B
MD5fe430e8eb2864f25347b3a348e49e6af
SHA135f17770f3c1fa13052cae1fcc0ba81bfb427fb0
SHA256f05e2cd4d31a5cbd41fb36c1adfd09eab74165300869bcfe07dd0a41b902475b
SHA51272fa8ad649c70cb3b11ad4491d4786a0dbe4fa67506b265036d2a689ae170804f92d7b69af8b4a71509bdd1808c9554aa00c22e3597070be1bcf8da35e8bbd96
-
\??\pipe\crashpad_492_CFZBRUGCVOYZINUDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/284-416-0x0000000000B60000-0x0000000001345000-memory.dmpFilesize
7.9MB
-
memory/284-496-0x0000000000B60000-0x0000000001345000-memory.dmpFilesize
7.9MB
-
memory/284-413-0x0000000000000000-mapping.dmp
-
memory/296-470-0x00000000004329CC-mapping.dmp
-
memory/748-134-0x0000000000000000-mapping.dmp
-
memory/1116-135-0x0000000000000000-mapping.dmp
-
memory/1184-673-0x0000000000000000-mapping.dmp
-
memory/1372-769-0x0000000000A40000-0x0000000001225000-memory.dmpFilesize
7.9MB
-
memory/1372-768-0x0000000000000000-mapping.dmp
-
memory/1372-771-0x0000000000A40000-0x0000000001225000-memory.dmpFilesize
7.9MB
-
memory/1544-667-0x0000000000000000-mapping.dmp
-
memory/1884-640-0x0000000000000000-mapping.dmp
-
memory/2116-770-0x0000000000000000-mapping.dmp
-
memory/2224-142-0x0000000000000000-mapping.dmp
-
memory/2256-537-0x0000000000000000-mapping.dmp
-
memory/2308-175-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-155-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-159-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-160-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-161-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-163-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-165-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-166-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-168-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-169-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-170-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-172-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-174-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-176-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-178-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-180-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-183-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-186-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-187-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-191-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-192-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-194-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-146-0x0000000000000000-mapping.dmp
-
memory/2308-147-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-148-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-149-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-150-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-151-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-152-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-153-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-154-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-158-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-156-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-167-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-171-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-173-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-157-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-177-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-179-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-181-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-193-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-190-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-189-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-188-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-185-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-184-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2308-182-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/2332-642-0x0000000000000000-mapping.dmp
-
memory/2864-414-0x0000000000000000-mapping.dmp
-
memory/3036-415-0x0000000000000000-mapping.dmp
-
memory/3272-304-0x00000000004329CC-mapping.dmp
-
memory/3588-641-0x0000000001250000-0x0000000001A35000-memory.dmpFilesize
7.9MB
-
memory/3588-639-0x0000000000000000-mapping.dmp
-
memory/3728-208-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-206-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-162-0x0000000000000000-mapping.dmp
-
memory/3728-204-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-205-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-203-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-207-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-201-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-197-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-211-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-195-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-209-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-196-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-164-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-200-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-210-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-199-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-198-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3728-202-0x00000000777D0000-0x000000007795E000-memory.dmpFilesize
1.6MB
-
memory/3856-143-0x0000000000000000-mapping.dmp
-
memory/3928-628-0x0000000000000000-mapping.dmp
-
memory/4368-246-0x00000000004329CC-mapping.dmp
-
memory/4436-643-0x0000000000000000-mapping.dmp
-
memory/4664-644-0x0000000000000000-mapping.dmp
-
memory/4684-417-0x0000000000000000-mapping.dmp
-
memory/4768-543-0x0000000000000000-mapping.dmp
-
memory/4948-772-0x0000000000000000-mapping.dmp