Malware Analysis Report

2025-01-22 14:19

Sample ID 240219-by7fcsge5w
Target https://filebin.net/717pd34p8cwpw3av/Remittance_Advice_18_February_2024_Details_766717.pif
Tags
warzonerat collection infostealer persistence rat spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://filebin.net/717pd34p8cwpw3av/Remittance_Advice_18_February_2024_Details_766717.pif was found to be: Known bad.

Malicious Activity Summary

warzonerat collection infostealer persistence rat spyware stealer

WarzoneRat, AveMaria

Warzone RAT payload

Downloads MZ/PE file

Reads user/profile data of web browsers

Loads dropped DLL

Executes dropped EXE

Accesses Microsoft Outlook profiles

Adds Run key to start application

Suspicious use of SetThreadContext

Enumerates physical storage devices

outlook_win_path

Suspicious use of WriteProcessMemory

outlook_office_path

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Enumerates system info in registry

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-19 01:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-19 01:34

Reported

2024-02-19 01:44

Platform

win10v2004-20231222-en

Max time kernel

599s

Max time network

594s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://filebin.net/717pd34p8cwpw3av/Remittance_Advice_18_February_2024_Details_766717.pif

Signatures

WarzoneRat, AveMaria

rat infostealer warzonerat

Warzone RAT payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Remittance_Advice_18_February_2024_Details_766717 (1).pif N/A
Key opened \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Remittance_Advice_18_February_2024_Details_766717 (1).pif N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Intel Drivers = "C:\\Users\\Admin\\Documents\\IntelDrivers.exe" C:\Users\Admin\Downloads\Remittance_Advice_18_February_2024_Details_766717 (1).pif N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133527800640447429" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Remittance_Advice_18_February_2024_Details_766717 (1).pif N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3364 wrote to memory of 5084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 5084 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 3116 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3364 wrote to memory of 1564 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Remittance_Advice_18_February_2024_Details_766717 (1).pif N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 C:\Users\Admin\Downloads\Remittance_Advice_18_February_2024_Details_766717 (1).pif N/A

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://filebin.net/717pd34p8cwpw3av/Remittance_Advice_18_February_2024_Details_766717.pif

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff870129758,0x7ff870129768,0x7ff870129778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1852,i,13957597647678622830,17812648650578433082,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1852,i,13957597647678622830,17812648650578433082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1852,i,13957597647678622830,17812648650578433082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2848 --field-trial-handle=1852,i,13957597647678622830,17812648650578433082,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2856 --field-trial-handle=1852,i,13957597647678622830,17812648650578433082,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1852,i,13957597647678622830,17812648650578433082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1852,i,13957597647678622830,17812648650578433082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1852,i,13957597647678622830,17812648650578433082,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1632 --field-trial-handle=1852,i,13957597647678622830,17812648650578433082,131072 /prefetch:8

C:\Users\Admin\Downloads\Remittance_Advice_18_February_2024_Details_766717 (1).pif

"C:\Users\Admin\Downloads\Remittance_Advice_18_February_2024_Details_766717 (1).pif"

C:\Users\Admin\Downloads\Remittance_Advice_18_February_2024_Details_766717 (1).pif

"C:\Users\Admin\Downloads\Remittance_Advice_18_February_2024_Details_766717 (1).pif"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1736 --field-trial-handle=1852,i,13957597647678622830,17812648650578433082,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Remittance_Advice_18_February_2024_Details_766717 (1).pif

"C:\Users\Admin\Downloads\Remittance_Advice_18_February_2024_Details_766717 (1).pif"

C:\Users\Admin\Documents\IntelDrivers.exe

"C:\Users\Admin\Documents\IntelDrivers.exe"

C:\Users\Admin\Downloads\Remittance_Advice_18_February_2024_Details_766717 (1).pif

"C:\Users\Admin\Downloads\Remittance_Advice_18_February_2024_Details_766717 (1).pif"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 --field-trial-handle=1852,i,13957597647678622830,17812648650578433082,131072 /prefetch:2

C:\Users\Admin\Documents\IntelDrivers.exe

"C:\Users\Admin\Documents\IntelDrivers.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 filebin.net udp
DE 88.99.137.18:443 filebin.net tcp
DE 88.99.137.18:443 filebin.net tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 17.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 18.137.99.88.in-addr.arpa udp
US 8.8.8.8:53 205.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 s3.filebin.net udp
DE 88.99.137.18:443 s3.filebin.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
DE 88.99.137.18:443 s3.filebin.net tcp
DE 88.99.137.18:443 s3.filebin.net tcp
DE 88.99.137.18:443 s3.filebin.net tcp
US 8.8.8.8:53 72.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 sgh2024.ddns.net udp
DE 172.94.111.9:5200 sgh2024.ddns.net tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 9.111.94.172.in-addr.arpa udp
US 8.8.8.8:53 microsoft.com udp
US 20.112.250.133:80 microsoft.com tcp
US 8.8.8.8:53 133.250.112.20.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp

Files

\??\pipe\crashpad_3364_BNLUKTRGOHJRFEHV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\Downloads\Unconfirmed 881180.crdownload

MD5 3abd65d34fbbd87ce50eaa1b0eb439d0
SHA1 ff225553cca948f35a0765f48b5b146f43bb4203
SHA256 d10c74984d4c4dab2f492ab8b31013e552108e14c202b4cabe150ca230230b1e
SHA512 3ce3c7fc6f0ae3706458e8079e50ad1e1d7235394528e001a107c5fa577badc9116f99639a3ff21fa169f941c56ba7df2b960ab0678c51b71cb6a5ae9070e616

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 800fdea453ad7d805a77777d7248dad8
SHA1 28f09c5b322a340b99b5548cf7da712f62639807
SHA256 e900ecfb3bb2b5e9514ae7478997f06f9bf16e33500a2e73b13662c44b76e38d
SHA512 556b317e03f62392b11b770e087af0f9d94476c489d63856235f4935f48d50ed6704b87c8d8a4c09846460a60ded9fb6ed6afd60a5b05992067a070016023a81

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1cef8bf5fa804dc569ef2dbcbcf478f4
SHA1 a43e0a34fbf471e0f10bd14751494e16c8173c3e
SHA256 ba2b705ec2371f19b91b66969e30125a3096656e75c9389a49c2f20b41103139
SHA512 00e938706ce001f7445fe8b901167d95399ea93028d933b594a48c9e416a068f77c7b1561304b748a84d0a43903a6759cb4b4dc575353cd14c4d82ecc12a4780

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 33c296acc2f46f149347c65e8d487aca
SHA1 0b4720718e524521d5ceab091427b6744a7c9a28
SHA256 ca7637671c10e32e5dca6de235f0688f57bfb38595c703168c722634d225918d
SHA512 4e37dbea313d0ca884ec8fed41fb395f0033612a85d03b60e3b474a0695decd3474eee8a2660d1e7c330d7dd40357fbb40fb0d79797f36862fc38d32aa10186d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5490dd00f4f04c3a532138b0e3791180
SHA1 a208f879e19e05e8a2567ff21f033857bac82739
SHA256 97bfbceaf562563ddb72f522c9cba020a0f197236064dbb20a8929979d2e85b2
SHA512 918e0f973be4871e661c6c2d00479a61cbd8c33955fed6ff1963da376d21837c279ed2cfb3919b0c4a3a9ec055e4d9006076c4d94588ba82de4d6ce39fcb2b58

memory/1828-67-0x0000000074AC0000-0x0000000075270000-memory.dmp

memory/1828-68-0x00000000005D0000-0x0000000000668000-memory.dmp

memory/1828-69-0x00000000055A0000-0x0000000005B44000-memory.dmp

memory/1828-70-0x0000000004F30000-0x0000000004FC2000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c4c667f0e34226bf94227d3cadbf82fc
SHA1 82b7428cc0bb9d7b027e5514076689fc0b93fb0e
SHA256 5228bfadb054b33578206c93ade2401e500566486090f6cbd92e48f96b693ae0
SHA512 294a80a1a28c4fd23416a69a1a3f8f43a2e36495d813030b7364d972428b064ccf9b5bb53097dfe7c1fea8bb1ebf0cfb5bef22899406962decd001b1f362df2e

memory/1828-80-0x0000000005190000-0x00000000051A0000-memory.dmp

memory/1828-81-0x0000000004F20000-0x0000000004F2A000-memory.dmp

memory/1828-82-0x00000000052A0000-0x00000000052BC000-memory.dmp

memory/5020-86-0x0000000074AC0000-0x0000000075270000-memory.dmp

memory/5020-87-0x0000000004D70000-0x0000000004D80000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581ff7.TMP

MD5 49053689112c90c0f399b7f7ff391b9f
SHA1 2649d3ee4a7dc56913e59d218f4cc6b06a5d82b0
SHA256 9a2c7ddb34629921e0a0319b3e4fa9cddeee974d14cd6a4ffa404d9f0bee5525
SHA512 7671c50115c3e17222ac8c37dcf7d97aee475b44f35b52d6f53cb8f9fee4b040f1bb757ed8bf79291862b40e9ced69b16a1bbcf9215f538354cb83a0ce4ed50d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 e6448587c22478a31e1e4dab3d63d79f
SHA1 cc6949451e1766d415f4386c1bd6d64d00d81928
SHA256 d106b20bbeb70b56b3baf08bf7a1be57769c471463477e28bd6a0e948757661d
SHA512 7d133ec0eb6d4172c9fac63548f750d0c4c39b7148aee2b1e9b255760d6fd764840d07ca69bddd03b256634fe7aac2210c1e5d2d9482a7b577392464779e502b

memory/1828-97-0x00000000052D0000-0x00000000052E2000-memory.dmp

memory/1828-98-0x00000000063C0000-0x0000000006428000-memory.dmp

memory/1828-99-0x0000000008AB0000-0x0000000008B4C000-memory.dmp

memory/1828-103-0x0000000074AC0000-0x0000000075270000-memory.dmp

memory/1828-104-0x0000000005190000-0x00000000051A0000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 549ca13f23f4094e8c884cfeab041d34
SHA1 b8332a647e41bde872ad6044cf08c9ee9611c83e
SHA256 2d3914558c8507fd2a9c42a07e56e776bccf2eb80a5c439ac44e09600c684221
SHA512 42ac81808de3dc93cca552c4f0a1175482509557d4ec8692992b9e618aa58b35b3df67219c987a480f990f8e7a4aadaa0f91ea64f37402f1807a7dd8e55a8c5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 3e82cef35743d19670a9613c75e115bc
SHA1 ed9e3810b037af17ea05da535f72e95442368038
SHA256 1bd93a5059a0138f7a24c01fbe490681f43b14ab9fe1c7ac562ac1ef51003f02
SHA512 65f49039e441437554e57f2ce04def1955024878d99424ecb702427ad602de2ba50c41fd448b39d23eeb8ff373d6d09883d8b85831fbd3e378f22a0b5316a7d3

memory/5020-128-0x0000000074AC0000-0x0000000075270000-memory.dmp

memory/5020-129-0x0000000004D70000-0x0000000004D80000-memory.dmp

memory/2716-130-0x0000000000400000-0x000000000055A000-memory.dmp

memory/2716-134-0x0000000000400000-0x000000000055A000-memory.dmp

memory/1828-135-0x0000000074AC0000-0x0000000075270000-memory.dmp

memory/2716-136-0x0000000000400000-0x000000000055A000-memory.dmp

memory/2716-141-0x0000000000400000-0x000000000055A000-memory.dmp

memory/2104-142-0x0000000074AC0000-0x0000000075270000-memory.dmp

memory/2104-143-0x00000000054F0000-0x0000000005500000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Remittance_Advice_18_February_2024_Details_766717 (1).pif.log

MD5 8ec831f3e3a3f77e4a7b9cd32b48384c
SHA1 d83f09fd87c5bd86e045873c231c14836e76a05c
SHA256 7667e538030e3f8ce2886e47a01af24cb0ea70528b1e821c5d8832c5076cb982
SHA512 26bffa2406b66368bd412bf25869a792631455645992cdcade2dbc13a2e56fb546414a6a9223b94c96c38d89187add6678d4779a88b38b0c9e36be8527b213c3

memory/2244-148-0x0000000000400000-0x000000000055A000-memory.dmp

memory/5020-150-0x0000000074AC0000-0x0000000075270000-memory.dmp

memory/2244-149-0x0000000000400000-0x000000000055A000-memory.dmp

memory/2244-151-0x0000000000400000-0x000000000055A000-memory.dmp

memory/2244-152-0x000000000AEA0000-0x000000000B040000-memory.dmp

memory/2244-153-0x0000000000400000-0x000000000055A000-memory.dmp

memory/2104-154-0x0000000074AC0000-0x0000000075270000-memory.dmp

memory/2104-155-0x00000000054F0000-0x0000000005500000-memory.dmp

memory/2244-156-0x0000000000400000-0x000000000055A000-memory.dmp

memory/2104-167-0x0000000074AC0000-0x0000000075270000-memory.dmp

memory/1588-168-0x0000000000400000-0x000000000055A000-memory.dmp

memory/1588-169-0x0000000000400000-0x000000000055A000-memory.dmp

memory/2244-174-0x00000000011E0000-0x0000000001264000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\msvcp140.dll

MD5 109f0f02fd37c84bfc7508d4227d7ed5
SHA1 ef7420141bb15ac334d3964082361a460bfdb975
SHA256 334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4
SHA512 46eb62b65817365c249b48863d894b4669e20fcb3992e747cd5c9fdd57968e1b2cf7418d1c9340a89865eadda362b8db51947eb4427412eb83b35994f932fd39

C:\Users\Admin\AppData\Local\Temp\vcruntime140.dll

MD5 7587bf9cb4147022cd5681b015183046
SHA1 f2106306a8f6f0da5afb7fc765cfa0757ad5a628
SHA256 c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d
SHA512 0b63e4979846ceba1b1ed8470432ea6aa18cca66b5f5322d17b14bc0dfa4b2ee09ca300a016e16a01db5123e4e022820698f46d9bad1078bd24675b4b181e91f

C:\Users\Admin\AppData\Local\Temp\mozglue.dll

MD5 75f8cc548cabf0cc800c25047e4d3124
SHA1 602676768f9faecd35b48c38a0632781dfbde10c
SHA256 fb419a60305f17359e2ac0510233ee80e845885eee60607715c67dd88e501ef0
SHA512 ed831c9c769aef3be253c52542cf032afa0a8fa5fe25ca704db65ee6883c608220df7102ac2b99ee9c2e599a0f5db99fd86894a4b169e68440eb1b0d0012672f

C:\Users\Admin\AppData\Local\Temp\nss3.dll

MD5 d7858e8449004e21b01d468e9fd04b82
SHA1 9524352071ede21c167e7e4f106e9526dc23ef4e
SHA256 78758bf7f3b3b5e3477e38354acd32d787bc1286c8bd9b873471b9c195e638db
SHA512 1e2c981e6c0ca36c60c6e9cae9548b866d5c524df837095b30d618d9c322def7134c20de820105400dd1b58076b66d90274f67773ac6ba914f611b419babb440

C:\Users\Admin\AppData\Local\Temp\softokn3.dll

MD5 471c983513694ac3002590345f2be0da
SHA1 6612b9af4ff6830fa9b7d4193078434ef72f775b
SHA256 bb3ff746471116c6ad0339fa0522aa2a44a787e33a29c7b27649a054ecd4d00f
SHA512 a9b0fb923bc3b567e933de10b141a3e9213640e3d790b4c4d753cf220d55593ae8026102909969ba6bfc22da3b2fcd01e30a9f5a74bd14a0fdec9beaf0fb1410

C:\Users\Admin\AppData\Local\Temp\freebl3.dll

MD5 ef12ab9d0b231b8f898067b2114b1bc0
SHA1 6d90f27b2105945f9bb77039e8b892070a5f9442
SHA256 2b00fc4f541ac10c94e3556ff28e30a801811c36422546a546a445aca3f410f7
SHA512 2aa62bfba556ad8f042942dd25aa071ff6677c257904377c1ec956fd9e862abcbf379e0cfd8c630c303a32ece75618c24e3eef58bddb705c427985b944689193

memory/2244-201-0x0000000000400000-0x000000000055A000-memory.dmp

memory/2244-202-0x00000000011E0000-0x0000000001264000-memory.dmp