vidar | hxxps://www[.]mediafire[.]com/folder/dvid6hfbgalog/Setup

Analysis

max time kernel
178s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/dvid6hfbgalog/Setup

Score

10^/10

vidar 53d8821aaded5a1ac4bec7e30f36a146 stealer

Malware Config

Extracted

Family

vidar

Version

7.8

Botnet

53d8821aaded5a1ac4bec7e30f36a146

https://t.me/karl3on

https://steamcommunity.com/profiles/76561199637071579

Attributes

profile_id_v2
53d8821aaded5a1ac4bec7e30f36a146
user_agent
Mozilla/5.0 (X11; Linux 3.5.4-1-ARCH i686; es) KHTML/4.9.1 (like Gecko) Konqueror/4.9

Signatures

Detect Vidar Stealer 17 IoCs

stealer

Processes:

resource	yara_rule
behavioral1/memory/6488-648-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/6488-660-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/6488-661-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/6488-672-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/6944-688-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/6944-698-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/6944-701-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/6944-712-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/5760-714-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/5760-724-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/5760-729-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/5648-731-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/5648-742-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/5648-746-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/4312-748-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/4312-758-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7
behavioral1/memory/4312-778-0x0000000000360000-0x0000000001853000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Executes dropped EXE 5 IoCs

Processes:

Setup.exeSetup.exeSetup.exeSetup.exeSetup.exe

pid process

6488 Setup.exe
6944 Setup.exe
5760 Setup.exe
5648 Setup.exe
4312 Setup.exe

pid	process
6488	Setup.exe
6944	Setup.exe
5760	Setup.exe
5648	Setup.exe
4312	Setup.exe

Program crash 5 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
6712	6488	WerFault.exe	Setup.exe
6344	6944	WerFault.exe	Setup.exe
6160	5760	WerFault.exe	Setup.exe
6348	5648	WerFault.exe	Setup.exe
6496	4312	WerFault.exe	Setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133522367109236692"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 29 IoCs

Processes:

chrome.exeSetup.exeSetup.exeSetup.exeSetup.exeSetup.exechrome.exemsedge.exemsedge.exe

pid	process
224	chrome.exe
224	chrome.exe
6488	Setup.exe
6488	Setup.exe
6488	Setup.exe
6488	Setup.exe
6944	Setup.exe
6944	Setup.exe
6944	Setup.exe
6944	Setup.exe
5760	Setup.exe
5760	Setup.exe
5760	Setup.exe
5760	Setup.exe
5648	Setup.exe
5648	Setup.exe
5648	Setup.exe
5648	Setup.exe
4312	Setup.exe
4312	Setup.exe
4312	Setup.exe
4312	Setup.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
6896	msedge.exe
6896	msedge.exe
5580	msedge.exe
5580	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

6792 7zFM.exe

pid	process
6792	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

Processes:

chrome.exe

pid	process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 224 wrote to memory of 4820	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 4820	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 1792	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 4852	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 4852	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe
PID 224 wrote to memory of 2332	224	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/folder/dvid6hfbgalog/Setup
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffde629758,0x7fffde629768,0x7fffde629778
2⤵
PID:4820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:2
2⤵
PID:1792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:8
2⤵
PID:2332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:8
2⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:3496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:8
2⤵
PID:232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:8
2⤵
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5588 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:2004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5316 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:3956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5364 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:3500

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5564 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:4860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6092 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6204 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6580 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:5140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6536 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:5132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6396 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:5124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6824 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:5156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=7120 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:5624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=7368 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:5672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7636 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:5760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7796 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:5876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7360 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:2684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7852 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:5968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7788 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:6000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6840 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:6008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7028 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8232 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:1680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8468 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:5676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8440 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7696 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:6080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7104 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:8
2⤵
PID:6596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:8
2⤵
PID:6772

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Setup_Pswd_1234.rar"
2⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:6792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2288 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:7000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8480 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:7028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8568 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:7036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8212 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:6176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8668 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:5496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7344 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:6120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7852 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:6048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=9168 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:4732

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7324 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:7012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=7444 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:7044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8536 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:7052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=8828 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:5804

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=8792 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:1
2⤵
PID:6064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4756 --field-trial-handle=1908,i,16737788599217519151,9992617972023253506,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2792

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2848

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6316

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 2168
2⤵
- Program crash
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 6488 -ip 6488
1⤵
PID:6752

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 2344
2⤵
- Program crash
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6944 -ip 6944
1⤵
PID:6260

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 2180
2⤵
- Program crash
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5760 -ip 5760
1⤵
PID:7160

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 2164
2⤵
- Program crash
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5648 -ip 5648
1⤵
PID:4876

C:\Users\Admin\Downloads\Setup.exe
"C:\Users\Admin\Downloads\Setup.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 2200
2⤵
- Program crash
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 4312 -ip 4312
1⤵
PID:6448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault4cdbd1bbh6fa7h4f38h8825hbc979fcc03cb
1⤵
PID:6096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xc0,0x12c,0x7fffcaec46f8,0x7fffcaec4708,0x7fffcaec4718
2⤵
PID:1076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,17620123657507550689,10228519356721592312,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
2⤵
PID:6976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,17620123657507550689,10228519356721592312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,17620123657507550689,10228519356721592312,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
2⤵
PID:5508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6332

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte62d08a6h8cfch4f68hb5cahf9f06a1af8f9
1⤵
PID:6540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffcaec46f8,0x7fffcaec4708,0x7fffcaec4718
2⤵
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,6389165430205128028,6392648877581880125,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,6389165430205128028,6392648877581880125,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
2⤵
PID:5652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,6389165430205128028,6392648877581880125,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
2⤵
PID:6320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\156887258BBD6E1FEF562837733EA04E_5BBC02CEDFD3F7AC9E268D830CF231EE

Filesize
2KB

MD5
01aa9cbf7c7e4bf6c127af4fc21682c6

SHA1
069b0c60b2c049256972431da8a168ac613c9f99

SHA256
dd01b2236fb456e5e4ade0e43e141f687a5f2c056744be5425caeb40d00f4749

SHA512
0ead8d7825688976b9f78797a873a52d6bc4444381299eac95938a49f45e1bae2de2e818e25fb3d2a14c08627aa8b4ffd3aec4b1e9efaa318ad0a617f8fe84f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
2KB

MD5
13583b1af4761b601fabf54832b5bddf

SHA1
8e647fb8fc8c504ed124e7b86401fe6509efdccf

SHA256
46b8ada871f08bab2ebf2a6c2a57b5ffd403409e8d369866c629df4d49ececb4

SHA512
ddea887fe6194b6868fea2ffdbe5effb0e073fba499fd9cfbdcc4b2bb4ed3730f24933d62cc503981ca5a21fd50b6a03c4771b5f853c537716962823a2f5aba8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
1KB

MD5
82e612173e0721edd4fb16e188878df9

SHA1
accd19ee749768a1af21c02dc654786225ec038e

SHA256
95d66fec31a879ea46cf3f55d17ca17860782ee579ab334cd31e9a0085b599a3

SHA512
d4b8f495f03ea60b00582b49893d50cc3bd5de42fa79e9ace6c4184bea219da6827db494ef83bd0cef2d451796edd0415c54c78a6cb89b692c0a5cf30727c87d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\156887258BBD6E1FEF562837733EA04E_5BBC02CEDFD3F7AC9E268D830CF231EE

Filesize
458B

MD5
b0c3ccd916b12417d848d4a4d3b64c40

SHA1
8822947bf02db332bb45122a8e6b542b9c323df3

SHA256
ae00c74dd675873c951a021fad035ee32c78ba137dd18c99fc4b5f5f9e63e826

SHA512
ed2e57f2b50665eb219dfc886e04b67373e0b523452217c57ec0a5320becc11987f3ab18ca0813dafa3bc3446e0de0d844abdee8dcd53b826f15db714fe271c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771

Filesize
450B

MD5
6dbf036059033ef314255015b0d5b3e8

SHA1
df205cdff56284145e6481634cbda8cfa00ea83a

SHA256
04497538a2c6fb56c6a9b8d93c4485265f9d180c27a3699112d547a9e829eb8d

SHA512
c879a759ce83092ca173dca80df69a9fbefdbb15a5b5628cdf3cdc95f7158abe88944ab3fd7cb6e29a0b6054f7ed8708ef6ec941ce807117632ee9f7e0201228

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D

Filesize
458B

MD5
474e22a6976195b0d2dd89b36aca4c7d

SHA1
b19e7b02242721e832ee84c1fadb4acc85f97acd

SHA256
10cd6390128d121d66ab0d12d6628afb6c0698aff123cda1f0eb9550c2fcd023

SHA512
fe6166cf9cdc0e4e449e616ae89dd3c04b612791926e2eda5cd90b7434e1cb730558d378f3394b8b4ad762ceef625a4535252b357c97d73e164dc06bc640f4c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4837c96e-afe9-4b87-b28a-c939e42863f0.tmp

Filesize
114KB

MD5
7b8de0bbcbf6f1fa48c085def8c5a329

SHA1
58c7e6c90ec6fd50d1635e786e8ca266efc00b03

SHA256
0dd59bfaef6cc0cbc489e7cbcc863aed7b30f55a80888cf58545bbff5945fc90

SHA512
08c7ab42972accebb46c1fded7be8cef33fe06a864ecb1b0216d8c22eb768f64096b4b2e99fc041993d4b8b69c66931f8021105ee7273738ad74cf26a5fe49ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7747b2ff-8e0a-44a0-aa66-286a53950b59.tmp

Filesize
114KB

MD5
f6f63574c3f349a75480c124a8c889eb

SHA1
5ab55d1105cc5cbfa5813c9ccec751a7cf606e63

SHA256
9274d567c5003f5f9851985fc9e58ae3045b4c1054716dc80910051b6e776597

SHA512
d445ac8373111db73dbe3184b427802670077c452c12d52871dacb4c629a87acd2e0388b4e524b50f9b0d7b213ecb1d5fc483a9a0c318c69d901fede6702e643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a43c5442720748bc3520106b9b6d4737

SHA1
3ae6a4bbe5cc3acc29b02debfe78a366e7d046ab

SHA256
0e33c15bae9de0161695319643a4e46b888255d6b11af246e2050f7863708e3c

SHA512
9167b7a8ad92b7b82119edc9591c28d53b18256cf2259b6bbccc7c5c1833d20be514393845c6acce3dddc44d71a2c258ae27da3ea0ced8cded56e689f0b4479b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5ebf1e62bd90661fcb6792305833020f

SHA1
5ac140ec1504f12386530f9f24b125072bbacb16

SHA256
ccafe329eefdcf9c859aad903c7a729eabf58aa6c58f77f58d23f9d757e445b1

SHA512
28c1572ae9095f56542449767fb4ea0069694c2151ea08a7508134e6903fd07f786ea7698818e93c750997e7bef48907d7070a15256cecf75f6a9bc623a2c942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
989819e6088a4b65802a67b4fabea86f

SHA1
4c64cf277b72a640fb929bc9571ab2087f3e3a00

SHA256
5052d0a9ab687c97920836e451d299407c377ca936ff1d164d16ffcbf700c1ef

SHA512
8ee8047ed09b5868218b7d4c0dd8aaa836ef5ab7f25540e63223f65c4cf8a50ed5fa52c36b0b7734bb80347886866ac13b084e6f8daabd28302a052e596ab82d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
ed2841713587f459090a25e10b3a0046

SHA1
f3feabcaa05d78659cba45105b925e0fb692db0f

SHA256
e9facdf8a311ee8f4055f90b35103e2feb732474e3a72c2dd736376cc6560c58

SHA512
5d8550ced7fffc5578be28b2c997103645eff2b659d23d8255488b7feda26652377d57bcbe0cb541f6d932b5373fedf864a3097b4dfbce0d2d80a1aeac4b489c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
39fecf26e7d2290209da41cf73681255

SHA1
e18f8a2d987fec732233ff55cbd1a89ade41b9f7

SHA256
678e7677ae2dc76af21bbe83d850112174b1c82e9048ff98be6728444db3cdae

SHA512
7d0a1ec4a70a1324c6c89f0b01997dc1e44fa544156ef904d3946046ffdd15b3482328560b349cb99fca664eab4149b5b9990d69eba5cda464377f8bba3f5a6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
c3b4e2b8d79f440a8056951718eca883

SHA1
8cda01c1bc446cdf06bd3530b9095ab5bdc5fa14

SHA256
f7eaa2aecd90f78a32bacac7504e9aa81b3370b23209cd7c7e2154e881f82282

SHA512
34b848cd515f3cc57468e54a84023a480b17343dbb19374f743c13f31622362ff39beb8e752fbe23d98af38571a7410477b39ec62ca6f714e982572d933164ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
9952738daf8b9f4d9b502ebd3326e4a6

SHA1
eb7ca308a9ebde0756917103463bdb5183434789

SHA256
fd04d10af8222f003e4890411b50397df90466841ed315ed5663b0146d3c3fc5

SHA512
60ff0f45451afe4f878297587eff1146f36def08f53b6e4a55d46c9249f65a9b764697ef028c6d91e865021fe1136873f74839f6084e117054906cf4ad3c0727

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
de7e5d084f4788d9a7d2f28033b3681c

SHA1
e9bcb9e13317b0ff0f6f7186c715d1250c982b61

SHA256
9864861627fd629e73462e95a220c4fe5c3e76e886fad8d7ce4c6002c36ae4cb

SHA512
e62835fbe7d0749c6a964891161d3af4d3b23f91dfab3d723236d9c4b2ed0c776935645a963d21392121a6f1519edf1b559936c151f799ca0c8b5f7bef8890db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
85cfe0d7ee4ce983715c338f0ddc2efb

SHA1
84158aa0467094c420b31d71e389297d85417839

SHA256
85bb9c4bb28cb0b927db0ff449247779d581b7ad8af16c14fa70e37b31a3b1c6

SHA512
5e8136adb7942a2c523f0c3dfacb180a264b1dba67f73dac53a5d145789196d192a4c65455b4bb557ebeddf58553a0f98ff12f0cfaf2215d4cb3d691532737ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
077ccf2fe72aff6d86575165342d9929

SHA1
9da881bfce8cba87d8325d126d14e1409ffa92a3

SHA256
de1deff240417f4eb0c2e3bd5f5baabebaa196dbcb213b46f254c7723165a917

SHA512
6d2609bc1cfca709a8d8d907f5b8e00d685385f4f7782de03d6b10c85b37101c85094e2dee9dbffb3fca0cb13dfe8dd12967684974501e04873600f606a20b68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d60eb3a86ea39c88bba350a15957e1ff

SHA1
eb3604e9a8545f0fde8c4077df73dfaadad44541

SHA256
3fcbfcc4af3f0297b23eb133368da331558fe31d5ba29cc96f240973bf0471cf

SHA512
7fd1f7f5fb446eedf735f91220a54e6db15a5c26c3d5467761bcb2239a4da1eed38de45bccfdb3c5d7b4a9ca7d7e47eaaf4a0f9bccf7bb10817f6339070556cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
fb82486702e5813d26873b9c17b78185

SHA1
67bc48961b290dd1381b56aebfb6ea242cf65edf

SHA256
7b856db6768735fedceb038df0878aef0b07d0954dff1e44a7168e2fe2622b17

SHA512
b4712d5ae526a8e5f2b87200744e7186aad81bc6df8776312feac9a38c65c4a636eedf212a83189b1820ee856049f50aca4a4bbf49b5886925451ca680a9de35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
117KB

MD5
f29ebfc493c4db9dc33bf6b31d3cdd01

SHA1
197a96670685633aad28219a85154a31ef629d28

SHA256
a2e3df5c02d72d74a009ef8311098f2193394ba40f00c6dfdca966d7060c5184

SHA512
16d5ced9d234003ed0df48ec7c5297bb8df51d08259c25cb7cee60395d95a445a3342b55d9aefa010a3b018ce6af5be7d86b06ddeedd48621914d7282c073986

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f57c.TMP

Filesize
110KB

MD5
4a4ef4d2d9f9fe736f0980c11c39e943

SHA1
9fe7558bc31a9b3050acfe652c8021c0cadd7cf2

SHA256
c2602c970cfe74d5cf6bc40e4a274476425fef05afb031782a648166f600b791

SHA512
9055ae27b2c68b7f682b018ff896f9d2f86f95a291899404128e4e38b61028e7f8a54b213791d7b3f88e6973dfe1091cbd6a762175f364571919b630a9e5c582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7dcb7dc6-a582-4d93-af20-604b079cfff9.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c42ed15abecef4ce8964bd858a25046f

SHA1
fabe159feec02afc226d11d2d4bbf4941acb7b97

SHA256
5df774766022466f6cc72432ab6b5c5961fee0bc1b6fb86715a2ffc25c6ef18c

SHA512
2c404717c96046992f290203ddaf886931504e2dd2d701eebe23856b7a2f3bfe326b30c8a81fb9325d0d6cc7d9ef858b3717d4eb78053239062a881cb752c5f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
92b6ee287bf1fb198e3bbb81ad89b47b

SHA1
75df4949c44e521450be41911973757221df5f66

SHA256
69162e97dce4f98cb741ae45b87071d77d7657db8935f86479b1f3d62bf06b45

SHA512
580a25ecec9d323be4228569ed215c7250ebc73a3b2fb76ae43884c2cb50aae61b2747dd22a0cb2f253c1985ca9c8f57087b542e2cf714de349029671d8097fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
a00535c6dd280528fe3bcd38721efe5f

SHA1
c0a8910882fcfc254afd890e215e95231165634b

SHA256
37073765c70b54398c03c25b6af57d203593c992d0d76514405d7f1b78bbcfde

SHA512
187da0a788c4759c06547ed61ad32e93ae0e1dc32d4204744a90b0459e27cfc6298bdddebb009377495f1d23711ff9fb608c14fb920cadc9f4d6636235e2b45b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\Downloads\Setup.exe

Filesize
8.4MB

MD5
9d3cfcf72253b3d11b1b269052a32e98

SHA1
8388da555b646579280a6cb969a69e4193b68428

SHA256
d2946c09d18e13ea08180292614564ffc419457e006f2872a958b714325e2b8a

SHA512
ec14e852116fff1aafe75a9922b225b694b68470c3b828d48bcc65124967a6c3dc763ce2132f2dbdc5f4279b6555538c2503acb352fc45008d8df76b6d225968

Download Submit
C:\Users\Admin\Downloads\Setup_Pswd_1234.rar

Filesize
24.5MB

MD5
71a5c3536020544212c1cb33b3437a76

SHA1
b23988370d331fe34bf117147e24a00d52e0f861

SHA256
951681f8a92f4ce42e5b8f2ab04539fc539048d2299e7a17e586aa48c2cf6272

SHA512
5e3ac1531ad2781c38339a59fd68908a196f5039babbdde654e3504c9886b62d79e89d84f7b8c8ccf670c6056c7a76312590af8f84f995ef28c9c1c56c8eaef4

Download Submit
C:\Users\Admin\Downloads\ext\images\cursors\win32_LinkNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
\??\pipe\crashpad_224_FCOGTVDZDJECRLVY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4312-748-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/4312-758-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/4312-755-0x0000000004210000-0x0000000004211000-memory.dmp

Filesize
4KB

Download
memory/4312-778-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/5648-746-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/5648-742-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/5648-731-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/5760-721-0x0000000004200000-0x0000000004201000-memory.dmp

Filesize
4KB

Download
memory/5760-722-0x0000000004240000-0x0000000004241000-memory.dmp

Filesize
4KB

Download
memory/5760-723-0x0000000004250000-0x0000000004251000-memory.dmp

Filesize
4KB

Download
memory/5760-725-0x0000000004260000-0x0000000004261000-memory.dmp

Filesize
4KB

Download
memory/5760-726-0x0000000004270000-0x0000000004271000-memory.dmp

Filesize
4KB

Download
memory/5760-724-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/5760-729-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/5760-720-0x00000000041F0000-0x00000000041F1000-memory.dmp

Filesize
4KB

Download
memory/5760-714-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/6488-648-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/6488-672-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/6488-654-0x0000000001960000-0x0000000001961000-memory.dmp

Filesize
4KB

Download
memory/6488-657-0x0000000004140000-0x0000000004141000-memory.dmp

Filesize
4KB

Download
memory/6488-655-0x0000000001970000-0x0000000001971000-memory.dmp

Filesize
4KB

Download
memory/6488-656-0x00000000019F0000-0x00000000019F1000-memory.dmp

Filesize
4KB

Download
memory/6488-658-0x00000000067A0000-0x00000000067A1000-memory.dmp

Filesize
4KB

Download
memory/6488-659-0x00000000067B0000-0x00000000067B1000-memory.dmp

Filesize
4KB

Download
memory/6488-660-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/6488-661-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/6944-698-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/6944-688-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/6944-695-0x00000000041C0000-0x00000000041C1000-memory.dmp

Filesize
4KB

Download
memory/6944-696-0x0000000004250000-0x0000000004251000-memory.dmp

Filesize
4KB

Download
memory/6944-694-0x00000000041B0000-0x00000000041B1000-memory.dmp

Filesize
4KB

Download
memory/6944-699-0x0000000004270000-0x0000000004271000-memory.dmp

Filesize
4KB

Download
memory/6944-712-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download
memory/6944-697-0x0000000004260000-0x0000000004261000-memory.dmp

Filesize
4KB

Download
memory/6944-700-0x0000000004280000-0x0000000004281000-memory.dmp

Filesize
4KB

Download
memory/6944-701-0x0000000000360000-0x0000000001853000-memory.dmp

Filesize
20.9MB

Download