Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
Analysis
-
max time kernel
275s -
max time network
308s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
04/06/2024, 14:26
Static task
static1
Behavioral task
behavioral1
Sample
Delta V3.61/Delta.exe
Resource
win11-20240419-en
Behavioral task
behavioral2
Sample
Delta V3.61/ICSharpCode.AvalonEdit.dll
Resource
win11-20240426-en
Behavioral task
behavioral3
Sample
Delta V3.61/Newtonsoft.Json.dll
Resource
win11-20240426-en
Behavioral task
behavioral4
Sample
Delta V3.61/bin/590.dll
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
Delta V3.61/bin/592.dll
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
Delta V3.61/bin/Fluxteam_net_API.dll
Resource
win11-20240426-en
General
-
Target
Delta V3.61/Delta.exe
-
Size
17.0MB
-
MD5
774ffee84d8e760761b8819edd2bc252
-
SHA1
74ff2bcc3baf64790181b97dc09ab951d9440379
-
SHA256
3c2cbcfb0dc0b92e1a0f15e725a1f8c4756a990e298098d94087cdd3fd491758
-
SHA512
935624fdaa9ae57d4515a456a9383c20240988848046fcab69948450413e573167c0f17a456f0f5120ec13e3215759ad11c4857873900606116c3e495dd69650
-
SSDEEP
196608:LOM8QZXcqPrn0guhegnueaIN3l4X+yBXeLUpcgwBj9aR:LOM8EmegnBaS1C+yBaUpcgwBj0
Malware Config
Signatures
-
Downloads MZ/PE file
-
Possible privilege escalation attempt 4 IoCs
pid Process 8436 takeown.exe 7832 icacls.exe 8408 takeown.exe 8352 icacls.exe -
Executes dropped EXE 4 IoCs
pid Process 8116 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 5412 saBSI.exe 7636 rsStubActivator.exe -
Loads dropped DLL 6 IoCs
pid Process 8116 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 8116 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 8116 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe -
Modifies file permissions 1 TTPs 4 IoCs
pid Process 8408 takeown.exe 8352 icacls.exe 8436 takeown.exe 7832 icacls.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 1 discord.com 10 discord.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 2388 3056 WerFault.exe 78 -
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Kills process with taskkill 4 IoCs
pid Process 7884 taskkill.exe 6696 taskkill.exe 3744 taskkill.exe 7740 taskkill.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1474490143-3221292397-4168103503-1000\{2527EB51-A871-4A5F-BA22-43875BC5F5B9} msedge.exe Key created \REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings firefox.exe -
NTFS ADS 5 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 605506.crdownload:SmartScreen msedge.exe File created C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier firefox.exe File created C:\Users\Admin\Downloads\RobloxPlayerInstaller(1).exe:Zone.Identifier firefox.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 203758.crdownload:SmartScreen msedge.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 34 IoCs
pid Process 3124 msedge.exe 3124 msedge.exe 3700 msedge.exe 3700 msedge.exe 5064 msedge.exe 5064 msedge.exe 8 identity_helper.exe 8 identity_helper.exe 3468 msedge.exe 3468 msedge.exe 5916 msedge.exe 5916 msedge.exe 5916 msedge.exe 5916 msedge.exe 7748 msedge.exe 7748 msedge.exe 8116 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 8116 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 8116 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 8116 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 8116 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 8116 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe -
Suspicious use of AdjustPrivilegeToken 16 IoCs
description pid Process Token: SeDebugPrivilege 3056 Delta.exe Token: SeDebugPrivilege 3984 firefox.exe Token: SeDebugPrivilege 3984 firefox.exe Token: SeDebugPrivilege 3984 firefox.exe Token: SeDebugPrivilege 3984 firefox.exe Token: SeDebugPrivilege 3984 firefox.exe Token: SeDebugPrivilege 8116 LDPlayer9_ens_com.roblox.client_25567197_ld.exe Token: SeShutdownPrivilege 8116 LDPlayer9_ens_com.roblox.client_25567197_ld.exe Token: SeCreatePagefilePrivilege 8116 LDPlayer9_ens_com.roblox.client_25567197_ld.exe Token: SeDebugPrivilege 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe Token: SeShutdownPrivilege 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe Token: SeCreatePagefilePrivilege 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe Token: SeDebugPrivilege 7740 taskkill.exe Token: SeDebugPrivilege 7884 taskkill.exe Token: SeDebugPrivilege 6696 taskkill.exe Token: SeDebugPrivilege 3744 taskkill.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3324 helppane.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe -
Suspicious use of SendNotifyMessage 22 IoCs
pid Process 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe 3700 msedge.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
pid Process 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3984 firefox.exe 3324 helppane.exe 3324 helppane.exe 8116 LDPlayer9_ens_com.roblox.client_25567197_ld.exe 1112 LDPlayer9_ens_com.roblox.client_25567197_ld.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3056 wrote to memory of 3700 3056 Delta.exe 79 PID 3056 wrote to memory of 3700 3056 Delta.exe 79 PID 3700 wrote to memory of 5116 3700 msedge.exe 80 PID 3700 wrote to memory of 5116 3700 msedge.exe 80 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 1072 3700 msedge.exe 81 PID 3700 wrote to memory of 3124 3700 msedge.exe 82 PID 3700 wrote to memory of 3124 3700 msedge.exe 82 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 PID 3700 wrote to memory of 2832 3700 msedge.exe 83 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe"C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3056 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4TfpR6wUUu2⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3700 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff14d13cb8,0x7fff14d13cc8,0x7fff14d13cd83⤵PID:5116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:23⤵PID:1072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:83⤵PID:2832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:13⤵PID:1784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:13⤵PID:3748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:13⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4688 /prefetch:83⤵PID:1284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3476 /prefetch:83⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:13⤵PID:5864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2860 /prefetch:13⤵PID:5872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:13⤵PID:1500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:13⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1336 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:5916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:13⤵PID:5844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:13⤵PID:1200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:13⤵PID:1228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:13⤵PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:13⤵PID:3356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:13⤵PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:13⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:13⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:13⤵PID:5236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:13⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:13⤵PID:5640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:13⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:13⤵PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:13⤵PID:1244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:13⤵PID:5920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:13⤵PID:3080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:13⤵PID:5916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:13⤵PID:652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:13⤵PID:5488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:13⤵PID:5824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:13⤵PID:5428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:13⤵PID:5236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:13⤵PID:2192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:13⤵PID:6228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8480 /prefetch:13⤵PID:6292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:13⤵PID:6304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:13⤵PID:6464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:13⤵PID:6528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:13⤵PID:6708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:13⤵PID:6716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9204 /prefetch:13⤵PID:6724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:13⤵PID:6920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:13⤵PID:7124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9792 /prefetch:13⤵PID:7132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:13⤵PID:6064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9084 /prefetch:13⤵PID:5372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:13⤵PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8728 /prefetch:13⤵PID:416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:13⤵PID:6256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:13⤵PID:6272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:13⤵PID:6288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9352 /prefetch:13⤵PID:5772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9472 /prefetch:13⤵PID:6248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9716 /prefetch:13⤵PID:6732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:13⤵PID:6384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9516 /prefetch:13⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9356 /prefetch:13⤵PID:7076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:13⤵PID:5524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9484 /prefetch:13⤵PID:6048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:13⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:13⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10012 /prefetch:13⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10364 /prefetch:13⤵PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:13⤵PID:6684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:13⤵PID:7172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10272 /prefetch:13⤵PID:7284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8420 /prefetch:83⤵PID:7396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11244 /prefetch:13⤵PID:7648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10380 /prefetch:83⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:7748
-
-
C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe"C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:8116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10804 /prefetch:13⤵PID:7816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1712,14661793883620009982,5367064023721004874,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10884 /prefetch:83⤵PID:7980
-
-
C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe"C:\Users\Admin\Downloads\LDPlayer9_ens_com.roblox.client_25567197_ld.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1112 -
C:\Windows\SysWOW64\taskkill.exe"taskkill" /F /IM dnplayer.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:7740
-
-
C:\Windows\SysWOW64\taskkill.exe"taskkill" /F /IM dnmultiplayer.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:7884
-
-
C:\Windows\SysWOW64\taskkill.exe"taskkill" /F /IM dnmultiplayerex.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:6696
-
-
C:\Windows\SysWOW64\taskkill.exe"taskkill" /F /IM bugreport.exe /T4⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3744
-
-
C:\LDPlayer\LDPlayer9\LDPlayer.exe"C:\LDPlayer\LDPlayer9\\LDPlayer.exe" -silence -downloader -openid=25567197 -language=en -path="C:\LDPlayer\LDPlayer9\"4⤵PID:5100
-
C:\LDPlayer\LDPlayer9\dnrepairer.exe"C:\LDPlayer\LDPlayer9\dnrepairer.exe" listener=1974505⤵PID:7880
-
C:\Windows\SysWOW64\net.exe"net" start cryptsvc6⤵PID:4428
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 start cryptsvc7⤵PID:5348
-
-
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" Softpub.dll /s6⤵PID:8948
-
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" Wintrust.dll /s6⤵PID:8268
-
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" Initpki.dll /s6⤵PID:3020
-
-
C:\Windows\SysWOW64\regsvr32.exe"C:\Windows\system32\regsvr32" Initpki.dll /s6⤵PID:9424
-
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" dssenh.dll /s6⤵PID:9028
-
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" rsaenh.dll /s6⤵PID:8980
-
-
C:\Windows\SysWOW64\regsvr32.exe"regsvr32" cryptdlg.dll /s6⤵PID:10228
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /f "C:\LDPlayer\LDPlayer9\vms" /r /d y6⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:8408
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\LDPlayer\LDPlayer9\vms" /grant everyone:F /t6⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:8352
-
-
C:\Windows\SysWOW64\takeown.exe"takeown" /f "C:\LDPlayer\LDPlayer9\\system.vmdk"6⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:8436
-
-
C:\Windows\SysWOW64\icacls.exe"icacls" "C:\LDPlayer\LDPlayer9\\system.vmdk" /grant everyone:F /t6⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:7832
-
-
C:\Windows\SysWOW64\dism.exeC:\Windows\system32\dism.exe /Online /English /Get-Features6⤵PID:9572
-
C:\Users\Admin\AppData\Local\Temp\642F4236-4446-462D-AF7E-E664BE35B8F1\dismhost.exeC:\Users\Admin\AppData\Local\Temp\642F4236-4446-462D-AF7E-E664BE35B8F1\dismhost.exe {8C06A805-D1C9-449E-AF89-19646F6BBA99}7⤵PID:9012
-
-
-
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 33602⤵
- Program crash
PID:2388
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2244
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4660
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3056 -ip 30561⤵PID:3464
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:764
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3984 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 25455 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {737a31eb-5a40-4879-9f5d-8a86baa74f2b} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" gpu3⤵PID:1312
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2348 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2328 -prefsLen 25491 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d7a59d1-d4e8-4cbb-a4f6-e029a8babf3e} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" socket3⤵PID:1888
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3276 -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 25632 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2300e40b-83cc-4e0a-8dd7-f95da946cd56} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab3⤵PID:4864
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3568 -childID 2 -isForBrowser -prefsHandle 3612 -prefMapHandle 3232 -prefsLen 30865 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d34b5cff-322e-4d96-9d26-895d3e0e2786} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab3⤵PID:4676
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4740 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4732 -prefMapHandle 4728 -prefsLen 30865 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a5030a2-355c-430c-938d-fd190f5ae8b3} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" utility3⤵
- Checks processor information in registry
PID:696
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 3 -isForBrowser -prefsHandle 5440 -prefMapHandle 5472 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0df6ef5b-2878-4a2c-97f2-d765e8c0e2d9} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab3⤵PID:4488
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5452 -prefMapHandle 5448 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf8ba2b3-fdf6-4eb8-9c26-3a22ac983173} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab3⤵PID:1844
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5616 -prefMapHandle 5488 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c079db15-7714-4967-b760-b0474b6304a3} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab3⤵PID:2272
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6196 -childID 6 -isForBrowser -prefsHandle 6212 -prefMapHandle 6208 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8b86e01-e047-4530-963d-d7bb7d06b617} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab3⤵PID:5516
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6560 -childID 7 -isForBrowser -prefsHandle 6564 -prefMapHandle 6548 -prefsLen 27965 -prefMapSize 244658 -jsInitHandle 948 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {456cc1f0-1dfd-416e-928a-508a714ef511} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" tab3⤵PID:5344
-
-
-
C:\Windows\helppane.exeC:\Windows\helppane.exe -Embedding1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3324 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=5170092⤵PID:5484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff14d13cb8,0x7fff14d13cc8,0x7fff14d13cd83⤵PID:3376
-
-
-
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB1⤵
- Executes dropped EXE
PID:5412 -
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\installer.exe"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade2⤵PID:7920
-
C:\Program Files\McAfee\Temp1656029198\installer.exe"C:\Program Files\McAfee\Temp1656029198\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade3⤵PID:3272
-
C:\Windows\SYSTEM32\regsvr32.exeregsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"4⤵PID:8332
-
C:\Windows\SysWOW64\regsvr32.exe/s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"5⤵PID:8968
-
-
-
C:\Windows\SYSTEM32\regsvr32.exeregsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"4⤵PID:8292
-
-
C:\Windows\SYSTEM32\regsvr32.exeregsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"4⤵PID:10188
-
C:\Windows\SysWOW64\regsvr32.exe/s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"5⤵PID:5996
-
-
-
C:\Windows\SYSTEM32\regsvr32.exeregsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"4⤵PID:8336
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe"C:\Users\Admin\AppData\Local\Temp\LDPlayer_files\rsStubActivator.exe" -ip:"dui=3d8d521d20e0420170266ce4f4398e094d32e2f1&dit=20240604143327867&is_silent=true&oc=DOT_RAV_Cross_Solo_LDP&p=bf64&a=103&b=&se=true" -i1⤵
- Executes dropped EXE
PID:7636 -
C:\Users\Admin\AppData\Local\Temp\sfk20czv.exe"C:\Users\Admin\AppData\Local\Temp\sfk20czv.exe" /silent2⤵PID:8140
-
C:\Users\Admin\AppData\Local\Temp\nsq8CFC.tmp\RAVEndPointProtection-installer.exe"C:\Users\Admin\AppData\Local\Temp\nsq8CFC.tmp\RAVEndPointProtection-installer.exe" "C:\Users\Admin\AppData\Local\Temp\sfk20czv.exe" /silent3⤵PID:8
-
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:104⤵PID:7680
-
-
-
-
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:101⤵PID:4116
-
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"1⤵PID:9536
-
C:\Program Files\McAfee\WebAdvisor\UIHost.exe"C:\Program Files\McAfee\WebAdvisor\UIHost.exe"2⤵PID:7108
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul2⤵PID:9884
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul2⤵PID:9600
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
72KB
MD5a7b0dabf4a52b6827c35de1e05111ba6
SHA121065f550492165d5290446e433e0f9cdefaeecd
SHA256b92f20569bcb06eb12a87d278592af03f564281ad9803eb8ee748eed0c4afbf2
SHA5125c4996df6335d5cf045f09d04ccf2382306ab4ab962dc2ab1889248df00f1470a336724bf137986df7be60e6b5b2417d75e4270b18f3f87fb533a8c1c530ed3d
-
Filesize
795KB
MD53068531529196a5f3c9cb369b8a6a37f
SHA12c2b725964ca47f4d627cf323613538ca1da94d2
SHA256688533610facdd062f37ff95b0fd7d75235c76901c543c4f708cfaa1850d6fac
SHA5127f2d29a46832a9a9634a7f58e2263c9ec74c42cba60ee12b5bb3654ea9cc5ec8ca28b930ba68f238891cb02cf44f3d7ad600bca04b5f6389387233601f7276ef
-
Filesize
334KB
MD5135353974cbebf94b8bc48d682f8f5d8
SHA10d8911efa7759516fc80961ec42ed6e15764ceb8
SHA2563da6db19e909805066bb41b1674b76b9b1946e99aefdee3ef96a0ee73b9914c1
SHA5121896e77b05162f9624ecc2139866186260b1adfb6a1918f04f9696dde2e7b5b4c2fb64533c20abc44ea0bc42afed692381cff956a458b1fb420e5b490f26f998
-
Filesize
1.1MB
MD5c85b6e5cbc8cd0cd668a95378cf2339f
SHA1a53d71a00a4d1ee74de71543846ddbeb568b29a1
SHA256ef6f5493f21fa5fdac8b6b669ac6dbc0923e5c7c794f075413f27ca6ebeeb4b1
SHA5127067887375c5aa40b1732d648185a0d231b8d87a43b63fb3670dc5099a56c7c7356cce43dc48cad6e96c1585fdb2955afa8a50d3a1c7df1994e80705f76aaec2
-
Filesize
346KB
MD5fa16d0dc50b77c9f8703b5b36d774107
SHA1ec426639f3bf3a563491ac53b70bb5eb92e5c314
SHA25694ad9f2b387a5e6cbd0f7b2259e37533ca80aaa69ba044db6a022661eaeb606d
SHA512b2e50634a6a7a116c71bb56dc045f29f79abd5d831ed1ac4a4fb7ab6a452321a814b9877b1c98cc0e185c6b6cab5bfe3e9435a43f9f4d1ff4d515109779372cd
-
Filesize
2.2MB
MD54be222b0796df9d496e9ff02c389c304
SHA1a50131cc3683aed3c32847cdd0b8b976951296ba
SHA256ae6d512a1d4f0f4b91a699c80eb6b97acd3bc59b22375a3039d74b58b31e9c2d
SHA51226cccea83b3f1dfe84c63cacd4698d9eea373219cdf810f5dbc1ace313b1478d753eb5547ca186076e878883b462364dd80136805d7aadabd5917cf485a55eaa
-
Filesize
1KB
MD52707f8f8f4327ec6e96184de1a101c5f
SHA16b92a33f4c6a20c1a67d833b9aec3dce9ef9c14e
SHA256cd0b248b21b19e7a5248037abac6411b3f6f5e692fcf99172d75925dc5867bad
SHA512f71628acdc5782add5fe650d24e243a6d017ddfa5154360e09282d761d843c5d589fc297f9000ce0a0922ff3334ba5d15123b7e34c32bf28e535cefa4b1a8a9c
-
Filesize
4KB
MD594d0d8e600ee8a2c7c41453d983b0cf2
SHA18c75dfa3099a833b7f82285a2e7a160c86d53385
SHA256694ea1e27d76550a48baf29604c33ba6ae3948a9d9114cfdddf28162e7fcf67e
SHA512b3034028425c6119c08e999d9bb00815840285649abe5815b4f36ad583879cbb235b455f73be0a53fffa6901ad5014c144f4c0f26c62ca8aad841fa143b5cf1d
-
Filesize
3KB
MD5d30d75449d4a29b5871d9c7ac9d09520
SHA137d0f7da88e68571c07d5aeebf1f1443b1bec894
SHA2564bbe763b5ff90418ba4131d3675a256d403f946b761a4a3524b5b221860a9434
SHA512e0694c7595391e3a46b183c0245d5f91e50400f2722aae7435d17b3a8a421ac681b2c6fbbb9f793408af24fee9016eb15a5a3ee21d6c35149ddc6a365a3e8b73
-
Filesize
4KB
MD54092851fb7b463190aedf30087fc65fd
SHA1c3527c0018c2b5dc5834ef5fc6387fc23558fd3f
SHA256322b35ffa37c261016b83bc635119e55c795ed8b20620e4293c9fe8d45917991
SHA512af2e0fef55978dd223923d5319fa5f8bd3be24a683af7c5cfa6d582ef1f6ed32584c6e70bc54a50045b4065ef402afe01244ab1b275d93f6ace8bd4f8bd67778
-
Filesize
1KB
MD57423763628eee95de3d25b84c30c5b3a
SHA1221579d554f917429beb6110cf422d94ede141ca
SHA25611efb025f8d76eb224c0db50e2e6c478f3bdc2d93aea86f33c5375595124663b
SHA51245c406d8dd7a5eb05183528ee8581e17f5509908cd2a12b9c65e749649f5a17567c4f96938c6d6e66234e72903111f1754cee22ac4e06e363a92d15aa6ecbdf9
-
Filesize
584B
MD58f49a2b1faf5af62548666fe5e04e899
SHA1ba1145726d7ea87ea71acd14d98c6f323bb03179
SHA256e03b27117faaa5a7e04e3e29ab016d30320ff00840d787c20ece54f5ab6edad4
SHA512a6a9c0d3174e3b6b40e926c8809b0023bdb39d97ae83fb8143532c5d82f1a9a5a3f9bf516c5f8f1f01b74c38f6356a00c46142c462d819da924203b712a264d8
-
Filesize
152B
MD5d0f84c55517d34a91f12cccf1d3af583
SHA152bd01e6ab1037d31106f8bf6e2552617c201cea
SHA2569a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c
SHA51294764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171
-
Filesize
152B
MD5ade01a8cdbbf61f66497f88012a684d1
SHA19ff2e8985d9a101a77c85b37c4ac9d4df2525a1f
SHA256f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5
SHA512fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b
-
Filesize
64KB
MD59a8ceef2725801e17be5c55b0a7b6887
SHA1567f8cc2c9704f0f9186e50bb7ed9582bc3ac924
SHA256c34f0544214631ecebb3d75ea3e9876f8096703b293266fdcb6426952fc98027
SHA51257c534210f5905ae7d74e3adb6c39ad3d387797786b9a9b8def51508f83b83e97dbca9a48dd0bf38dadb6ea81dc5769d704c8ad58471baf727866eb06c2c4dcd
-
Filesize
16KB
MD59c6b5ce6b3452e98573e6409c34dd73c
SHA1de607fadef62e36945a409a838eb8fc36d819b42
SHA256cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA5124cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7
-
Filesize
143KB
MD5e279b5e0a16e5828f623ef1079b67b75
SHA13b78b6a493a6e453973f828b615cf13a8e7a97ff
SHA25646f18aa0c06fef19a1afaf16f54e2ab6b8c8fbcd76fd8af2da4199a03a7e5caf
SHA51204d6f716e89183d97b918b2985ac9eea749364d21795bae6e53bbed05588e5ea0e08ec62c686beef55e64999321f8ef74d1a00f85b5778470b744ad6f95bb47b
-
Filesize
75KB
MD570de1f52912e7ea07c158a80bf841fb2
SHA1ce6a7d12ff7a2b008d1c27e17d0183ef44ec4ee5
SHA256f0e881ec68c72d09f856ab4005ecdc633ca244ca2a59e911ea816dc6c50acae0
SHA512fde93436cedb836222f24e70fb5ce846af4eba283db460adf23ad622a4438f2347787fe7a025c6aca956cb0e972f055f26483dbaa31d48a2e94c70bb962e2361
-
Filesize
19KB
MD569ef77257c7fa3a494a232f90b05d55c
SHA119dc83dc05f718e9693de231d48bf0307d8d29a2
SHA256d1ec04bcd468208a30012d660d1e857bd9d4d937957d45bb10cc7483de435421
SHA5121b95ee10d622e1468e04691dc47fcb59da6349ba8cdc0814ac8d27a0ebcb9c09692ef1b86533ebd59f2bca87f3340cbe032a011223afe4e7db018af47bab38ea
-
Filesize
33KB
MD51aca735014a6bb648f468ee476680d5b
SHA16d28e3ae6e42784769199948211e3aa0806fa62c
SHA256e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86
-
Filesize
19KB
MD5856a3daa268de8801e7cfd5b727b6de2
SHA18e099b433518980e657c7541c49b498e6b83430d
SHA256b870ae3c5216311e1dd7b8662e01d1fa3326edc85a98a58247cd37b8cfca0be5
SHA5122f191ea906a3551576ab14e607fdde9930fcb15f15ffb40a8c5999ba07224bbb8ea69918db11d1cd719a3d57510edd466ad2b9199c6a45a48463b0020a2e6eba
-
Filesize
33KB
MD5e2182948f1cf59e7cfb90b732a36690f
SHA135ff1cb9d65f82ce79ad83d59f0b901393914944
SHA25647383267b30f7ae0e4667aead18f43c1d7a5c86612ee285932871232b301f9d2
SHA512ec8f3cb04df4429cfed1b33dad09590309cf561c75ee8613476808f3fa81c8d440aa9a9ec02672d161d4ddb446b8ae37d5b42a75b61eabcb9103af802102bb29
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize8KB
MD50d2b7c7f8993a11a3495c9654ffc282b
SHA1f78c05bde4892203ec4694540ed336c2e2982231
SHA25605ccb0268f6bc9874e55f21ba74819523fdb96ce668485cc47e828617cd925e4
SHA512bffb1445acdfe27d199bf49adc770dcb3eeb163d20327cf5c3b03d2e700fe2ebc9f7ef1a85623e575fb962bbd0465d71bd55efe6320b1f661fbaf2be967eb553
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize8KB
MD57736ccfc96e3c7312ea36f20a61d7b91
SHA1a7d6f309ce87bb3d603925b185df853df78724d8
SHA2563f7f71a12b092f9b16b7a360eda123fd626b1cae3614849a6646eef65dd985fb
SHA512837eed966931a12d9cadc3bc472aa51065a6c4aa51ca422e35fad6261880a07ea44c2324eac1ec1a3f944504ba5586bf6723bfcac6cd3aab4a0383eab4240380
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize840B
MD5ef4f425cecdcc2ff01131f17abc2ff4f
SHA1beb2b56dd195a5e27bbe2b9d75fc16313733ada8
SHA256a4e82abcb13e6b47b9307b7be9752948b5d3c383890206f198352d4d61a5acd9
SHA5121594fa98f4b35429c8f6d97afdd68e3a5a91e0d27fe6150093916ee0eb52be2411839956ca894c3ad6545f56830b6b53bcb0559a97ddd5e4bdd10c5775aedd6d
-
Filesize
537B
MD5cb3f345459567182047a7237327bb8af
SHA1bebf8b3601aec65062b69c1d505d4df958d2ddab
SHA2562d572bd1d0dd95608a4f2f49bfca5578931c1afc34b9872e1851930918d0e22a
SHA51291ddea591dc3a843cd5c14d75d4c2141bd405e27b234789a20c6e523ca71ee72eb33f6d3709e1facb5a6f8781ae95df6267494dfb7e94e12d7948d8295485196
-
Filesize
19KB
MD56a7e3a588331936c817c8d087d313bff
SHA12bde719d322265923e36069f39496912a115c857
SHA256fd7251dc7b8b835105ced3556dd85ae8f52e91a33387cf084e9dacbd144d02a4
SHA5122cd82db184239152f3a1f33cdd019467dbac19ca8415610b18d22e295146dd8e481c28ca1df5e5522727cb8fc2cc7e8928c555f14a09b076130439fda2958f86
-
Filesize
18KB
MD5f41564df7b2c8a8946d807e6cbe925e5
SHA103c39aa0077dbf73eb7c1b7a69cb042859011004
SHA256a0e46704ef8521f262893d81eb97174705410e90b41949d1579f4a8746f6aec1
SHA51293ab1c1f72fbca86d47bbf4e8a27371095a544a20023f18903da504bf6f05e094f9615dedb916786cc7e34d757355aac18e98b1165b8dae7b34acb7a1148085f
-
Filesize
6KB
MD556641e542d70a03e2bb087b6e6de538d
SHA14c06c0a2304625bf440e2c576f10aeb11ef25bc2
SHA256e958ce50360d292d94acad244f2b462366e45bf7490dfd79c189ffebb5ec34bd
SHA512bdcd56da83f0d947e875f0f9451023a5610d841ff62a16a7929d7d0ca594277ccde42d78cad824a24fcd5cc797efd54650122b6163a0f1d6c22abe515462ec34
-
Filesize
5KB
MD5134328d6e77366fe721682115faa9296
SHA1184f31acba1ab62da5f6514d68c4215441b572d8
SHA256d2313d0608db49a7a4b70a7a73aa5d200c75fd8743de6a982f729b0c6c5a33b3
SHA51266778e48da0b3b439008a2a1b20d98548770f0b72d4824f1cbac49cfe85be5a93f2031f6e9c63fca22025eb3c7ec1b0caca167fa09d342452c6ace166a520863
-
Filesize
15KB
MD5cdecb27a5c08d7b5e9e9958b1351e6c9
SHA11a520afea95af8087959e28ca8190d49e2fe2552
SHA256a8b96991024e2e7dda3f2d9251dcffa67e777b67fed1993c3cdc7502dcd0fe4c
SHA512389080a284e8f7954547758e5b5e498529e1e63258aabf3bb64a5490637ddd3d097a6b190592e48ec85e416be9ed222d78682009d269e4de141e75d55108e761
-
Filesize
19KB
MD50e6f2aded60672fd91ef5c5db93fa9c9
SHA1ae2ea149adba18a2ed4a2ce8cbf3828102f3a897
SHA25686999d53cd0b8a8e0831c8f680e6784d517d0a550c757ff9072bf9263e89d8a7
SHA5122f63d58bac8d5da1f536375881af5ebdd0e400a25bccaf8fa98cba29a8616907629ee301746553a1e40c9ccc126ab151b77a0621cdcc755eea9e4bce1f76359e
-
Filesize
6KB
MD5a00ffa973eabda4cef9e9e18bdfd7c57
SHA1f7b87f9f474643466f71a1cab2345405b7de51b2
SHA256eb4167d0273ccc79776cc1af76843f2477bf8cf7ec03303c229c7b2ef9767a20
SHA51250c23de3aa218d36990e799ef706f0f5ad45115c39cfa893c36fe98160ea8d0e6a5056d11025ba01a2de8f14b52d6232bd6becf8881b468a84099c58bb964e18
-
Filesize
7KB
MD56e209122a19f66252d0f11abe024e428
SHA12aeab1f115bc0c0e4437f5815bc5eb04b7d29684
SHA256b3c7ffb997b93935a32c7ab729ecd6937f6699782365f9c2289c7ab25dfd6743
SHA5120949ec47c9b24ffabe55a8553b8396d9e1a06e56a968cbe7a730db9995aecedff0c891d6667fa7763ea4d9a4c7911f529e7e1534e37619bf6ac62f540eb66d0f
-
Filesize
370B
MD5a52a6ad968c017f929b690b34f1efee4
SHA10b0c8c431b43ba3c39b19529211ea97afa92e9dd
SHA2561d4748ecd2f18ae5396165c15b889b85f61977a7c673f71432f5c53ec97f02d3
SHA5121560c4279d10839f54c6615c2ff25981fff23ffee4cb65ff4c0236abd0a8735960c0621fed5ae05d2c0e80d6b9ec146c05647a1d42790d3b3e6bc05ffc10e7b2
-
Filesize
1KB
MD53c488c945e6270fc0093c972e9898cc9
SHA17758606950a846a2f0b0a6e8b0cd7574fad59b3e
SHA256375a7874542cadeede7016eb10eebcf56b407b69f5f6ba27181011dd4e1cd4f5
SHA512ac8aa4fa571bf407e9a0ad6bab51d2f9b1f36bc87564a6fe2afa26db7d2905a0cb032786d0b9b1ecdb10227979d42834d2934340139d24d18a2978e00489b789
-
Filesize
4KB
MD5c5168bc754c12097b2010766560b26e9
SHA195d0af34d80a706e01b4a5afb8ba69550e2b7b0a
SHA2564454ba9e5c1a25989bc6bca8b7ec2c961cf1f14ae7020b8cc1920daef84251de
SHA5127828205ab0bf89f08f0455282917baa1060f8c7064f9e528cbfc386436abd808e0ed542d46b5c6bd11b10d1f194a0d1ca785d8bd68966505c8d20d678769b8b1
-
Filesize
6KB
MD579da91cfca96f7f39b3bd6c133cf05f2
SHA1ec1cce011a8db6d9bb2314ddd5455cbc6ed9bb67
SHA256a11e2f4543cda9e2d4dded879145faa9790ebf4a831082053351e78b2d621b9b
SHA51263c84e74e5e914ad206d32521c0e806435203c5f7bab63584831b5673937b28547c1d2bfc3212114459f9b2a905a39760afbb510c1bae569102516153ea95900
-
Filesize
7KB
MD521798fd14b3f4edce4dbade048e5ed87
SHA10080f1321c240dccbce1f616315d2e03462c0916
SHA25666116deadb9b0c5e87aed0c27b462069c8e502364dabe16707b5ce16d7c4ee0d
SHA5122c3194510bdf2e3a70ca3ed7f1f74615c06cd8a14647b6f2b372b3e9ef879ba32f0f128758e4684c0080668efdb364b0d0cba5c2ed0be68d76e6f529b223efcf
-
Filesize
7KB
MD535c728f522906e49b16a9a651a2ed550
SHA11a0d4deb0a3093acf6e353528fcfa05f1faf5db6
SHA25624a034f85320e916d218188762437c791a270b431b1d4eb29cf9bba150e24314
SHA5127416b6fdc684d0cb9860abc6d39e4ed26cff6f82625b03f1b96b309e8a61701f973e6f4b122577f6f6148dd7da75dbd588c199bde114d3909bb3a24db53e9f52
-
Filesize
370B
MD5816849bc354904bd936d000c1d16a11e
SHA16f24a66940fcb2b2daba7056db448608ac5130d0
SHA256efc638a955c296b9dcc37ff0d68332ac2e8b4465db5e7f9c37d99ba0ce155753
SHA512614fe852399dd3fe3c2ac18371aeb9b1776fc0f1f4f75e3b96f9236c78d79427c4930c317803787c48e3254b25a62a0435de746e5b070fe240920cb12b7c593b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5437576138ec218433b5d7f6ab8debcc5
SHA1ed33bafd0fa815ca8489a9dbce7034effe324c76
SHA256b77be78b210e6f9203d8ab373e9c4de3e97db7feda116c259ba9976d479897c1
SHA51218ffeb8359e60a95da869a59c7a0b6a3848e09475796a0ef4f7aef0ca5476cb62776e6f51738994321f450590037d985ebc5e6b9fde209592a0c03a84ebd2ece
-
Filesize
11KB
MD533a97bcd8f6b49817c6677cb0106ee78
SHA1f271ea093cf2f2743a03a38354bdd2366f40f6ff
SHA256240b8b828da107f7954e59e63ee0f8bf42d2d41ae21f82ee7e99df262265ffa5
SHA512171cce9a08d5a562d15a339c827be3c4c2394f1f9cf8c5dc266e1dfa77ae28496fc857651c9411c30ec41a3e2335e9537073d13ad0022ea0423fa7e54ca12ca3
-
Filesize
11KB
MD5f8c2dd35de8f9d4b35bac1e520b42e92
SHA19672e5092369da056ac532181f3d427473b725fe
SHA256a992571248dfc87807ac705705c119b31897e9ef212a5fd1d99360b339d1a65f
SHA512cda1fdbaabccbc7896bbee97e16a3f661668aeb0c522a1c4450fdfe85ad68876e6d9c8fcbb73d6005fb98c89a81bd7c1056e4955f836b57b34cf32dbdcf647d1
-
Filesize
11KB
MD518ac9fe94e6e1654fb1e4c9f823dfa21
SHA15492492cfceed208c813f96db04915405f3b05f5
SHA25681b27c447db746fa9c109683ffeccc4155a47d35720fff805e3035534babda2b
SHA512afcb83df7db943ef59241e3e7129adbb30c3c0da085cb8dcf03e8637b6d11d7e58261d5c3e84df21049551123f3cea224f54a5ddc1549313eee6999f753d0d0d
-
Filesize
11KB
MD58aaa06008fe3035fd2bfe305d0be036c
SHA17ec0f9afd3d1dcf48b242b41be881bba14aa1bd9
SHA256aa1bcfd92a82dd1996f23ebf463917a1a7be3d1030570776040743ca0ea6b8fd
SHA512a5f3a9aa0892ec421a950c8641a9a080fe94c373e518ab15d3d474ec9154352fcc472394341c5259f40831420230d75e39917a1d5e254e5f5bbc19fce3feff34
-
Filesize
28.0MB
MD558b8915d4281db10762af30eaf315c9e
SHA11e8b10818226fa29bfa5cdd8c2595ba080b72a71
SHA256c19df49f177f0fecf2d406ef7801a8d0e5641cb8a38b7b859cbf118cb5d0684e
SHA51249247941a77f26ab599f948c66df21b6439e86d08652caa9b52ffbcefd80a8c685d75c8088361c98dde44936e44746c961f1828a5b9909fecd6ce9e7e6d2f794
-
Filesize
67KB
MD57d5d3e2fcfa5ff53f5ae075ed4327b18
SHA13905104d8f7ba88b3b34f4997f3948b3183953f6
SHA256e1fb95609f2757ce74cb531a5cf59674e411ea0a262b758371d7236c191910c4
SHA512e67683331bb32ea4b2c38405be7f516db6935f883a1e4ae02a1700f5f36462c31b593e07c6fe06d8c0cb1c20c9f40a507c9eae245667c89f989e32765a89f589
-
Filesize
1.9MB
MD56676518e445c141dd44bed41dd13ad5d
SHA1aa456e451146f8402dc636506d4815c348a2de0b
SHA256c8ecf7d20fac0de8a1f4e4dc7c58f23f3bef0975a1dc1837a40dad52d95a043f
SHA512df76db899cccf175b36090380c441a1d61912d40c47ad64641a6f78a29d16c055c864999f5f0eb3fc6901f3ba3a95023fd4886e7e1a22c54e9150d85f08303fc
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin
Filesize7KB
MD5717b171ac4b24be167573f359e166224
SHA163d9fe7034a8265d2daf84b6ae5e84b00d76e8f4
SHA256d8b24d6d34d7743a1de7e28954f6aab3e8a10197bb055f49beec84e0df8dd689
SHA512a9d5be9feb8fc5528ecffde87185fa00cd77d8f5990ff95bc2fbe7d253dbabc3871677a9edc63a544d1731dd63de5fada42a5cf695553ad9f6adc8bc3c85e936
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5e1f3fa1073849de1110e4ea78c3dc9db
SHA1a0cdc9152dd5daacea9b12075bf394eff4cad68f
SHA256c5039e6da1f4a36952c7af944ffce544a786d0c69ba9f442d28581c73e087b34
SHA5125d997bc1683930908937524494c3dd9bdd74b95c86ee193591049cbf618df8e869ec5e11d7a775263a0c43bd2afe059ab7924645b6ac22aba2ff06cad6467ad3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD510fc86c40968dfb0ee01735790276280
SHA18139bbc4e88058541296aad5e16adcb5736dce0b
SHA256588b1347cf5d06b6da2d69a17d8aeda0be2c1c83a5383e420f1ac48e366593af
SHA512f5cdb71b19aea63f6f66149cf68cf5c12b37ee19dcf574120a5d5f7c59fccb722eb21566519b67a21ab6c8e6a52f08253f52d27bb8ceb3eb193c8f5fab3a3b61
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\70f3183d-e228-4400-a9be-f3c4231219cb
Filesize26KB
MD5e0bd5c399034c0ae170c0f6108e9003e
SHA1950cfc46724007321030a816d04b8e1663d9121e
SHA256d58fe7aa07e7ec6eddd705c57f0087fc335b9b55352f8aee73a6b804c238cc10
SHA512c28d4ccc90999c0f3a5df0672a8e9bda2aa77d3f112d2508f4103cdd5006d9d0be0f12bd458cf77e4bff0248a4308b000951f331d1f397320fb2e020de092bbe
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\bef668cb-83cb-4b04-951b-5721e978cb12
Filesize982B
MD533cbf7f1a63b179fa75f256f75e56c96
SHA1686c2811247c66e37af03c7cef33c54bbba7a3b3
SHA25643eb39b24ec8331c482ad2aa7c785e63af1f176c15202bf363e7a625b422782b
SHA5123df780ae9a70d1ab4b1433dcb9272099bb9656dae6e907f720bdd0283c28c89a52ae8f24e4a77157f6d5eb0ecb3c45b2f47b5768534fd4ed5657c70c5de0d39c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\d9a7f902-6c6d-48ab-873e-4764facb013b
Filesize671B
MD5f1017f69d25bddb3434d59913a013846
SHA10f9bd03a84f02a0fab8536e5733216af56a0cb9d
SHA256c5ab1657474e1bcbc166a6c9a547667a3827488b2aa688fae4b53404269b23a1
SHA5128315f26a74390faddea09eea12d876b66468f3eccbef670dbb317ced9adf0267a2504735c55e29798372aecebfe3d2c541c27e4038ee10ffc341007077b3759c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
9KB
MD53454b7fc1e021c13b64b2dee477604ff
SHA1235fca524bb2f5e339d05c93213e3cf656a778a1
SHA256b5fe14994d89ded6ed6acf395d8ca2e8bab905de8719de7ec5ec9fc417ef8c62
SHA5123125bd82c329570dc3e14c2193a78debb03b911389cb1fc3dc73da366c595f14f35e634b697e39b09820210a9c8a91be3fe8070d5943b64fedd3fd711643f900
-
Filesize
8KB
MD5d0275884f33890e967eb684fc7960a14
SHA1ddfada4c749be8cdff3fe4ae3680a9454b8f3f50
SHA256ec1fc36fcb008325aac4e95eae20110bcde5ac957129fd9d2ba765537dc8c872
SHA51283ee2f05754de1588d002b180bab51a68dedb55c95aed5b5763b98a12957af53c128d4193b2ea0fbb8c79e22b6d0f3cd2b5735f12da6bb5a58ac99db71bd525e
-
Filesize
9KB
MD5313e27b50af01aae74699c3471da9f8e
SHA16de2ca8b2f3b46ffdab2e2a8e21fe57f8e8e6944
SHA25693588f2bbceefe2c53e81f36ec16a8161065d30cd323e2b9da53f7edc0b391e4
SHA5125a25d0fb340167d776575bb6c8c35ad3cd014d475559b22fa76ec1e091901e5e6edcfaebc9da68ee3f49b462c35e962bcc61a27b3bd48a499b8a2d1249cbdc94
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
Filesize3KB
MD582a2e849ac0ab08c0f7bae7e0a8784aa
SHA1b821300ff75be3ffca0fea9c2797f03b8247a65c
SHA256cf9569f04762d16e1acc8df603ce82e87b8d8e0285d9eb39f2c4ce12a9981eaa
SHA512af9733847327ade6d8687ad9a51c406dde077d9a766eff432ad72bddc69213cfc53fe43fac49ee9bb55608591c96fd31b9747ee6698f468bc28bd96d1d57436b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
Filesize4KB
MD5cb5be7a7f610633cdfe6f0511244aa4f
SHA155484fd2a8158713cae4629af0291e4b9f0e9805
SHA25652b6ef881c8fc307ba234113175370dd61c028e63612adb02e2b1326f40a2702
SHA5125de30f1179f645af75b02125f60c60c6ac53fc93a28ca4efe476da14fafda1fd590ba3d5d0d5fa4a7f3e062c271c9374e49d97623e9f627380e8c8b4982ed1c8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
Filesize4KB
MD50ac3a56b9cf13f404bbd4fec6655b0aa
SHA119a00bf477f7e534c401c0df552cdc4f585e379b
SHA25605ee5dfd36429e2df20789577cb24c2727cffc6369365586b5cbd801a4e8dc0d
SHA5124e9e96b52baf7a23a2a1d65724f56ab6a17c6498344c57cd9fd13e016357c44274b9292189af3afeeb10e4545b8da685ff38f4589954705f8958b58d0b6b0128
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4
Filesize6KB
MD5d08ff51f097136b03d37e08458b8d973
SHA1c6f968ae076423211b0514bea6fa3a1f17625bea
SHA256d57eb61ebbb383ef24d0015e4277b409e320db30b92c0b65f72f15691e66c451
SHA512f58a51b139369d37016892e79402f48e184cb4d4aa4080789b2d4e19af236cf6befbd8d7d43e0e05dc7678bb284e185117dcf954076d6ed75808ad787c625b85
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize200KB
MD525e4300c801bfbb00dae8ba999e0d755
SHA106700161a74442f11b6b0950118dd670cdef8f44
SHA2565292592931a8ccf65291aaee6db2f9ed380219dcb864f297df87cdd8c7668f90
SHA5128cad74782f2e338bf1ba5dc907c4a031e86728d4d54d8efd6e3516c2c95b8b3ea5aea2c2b30e38447256dffe3038e7e5a119793f4d62281d9e719f1ff9775a36
-
Filesize
5.4MB
MD5cfefb36838560b726b44c5eb64bc55f6
SHA128b9646a5d6e9aecf4b6cdf6bb97fe30f18900f3
SHA256eb02f21fab1f3bd916d086a5129c7d9aa39027cab9b61e93866e0bfb0724d85a
SHA512732173841815647fe8d3fa758669afebcf9e754c93ed1722b4d4119d04f6a5297ca6177ee1c777b3302ff6f72a810a037b2d344c66ba6086af791ed8a50c9519
-
Filesize
148B
MD540cf653374691fda80428fd3e053b02e
SHA1ade26f417c4cd5ff44cfdc684db48a850a57b840
SHA2562bffa360b610bbeae2ca6479218a4955c6830b191352845f48eb566bbe4578e6
SHA512bf610c3d7f8aa328a08bab69bb2d96dcebba3b030eb09309999b15c15d72ec1d0e83f2e00f9e090f5cd514ae4f020262d145864d569c35e395fd2bdd7b68e444
-
Filesize
3.3MB
MD53470dad8219537a4b4d9f1ff73436893
SHA1fc5ba88ce9719ad6ba6febbaab971801cd625933
SHA2561f5cc5c2211c48f57acf7d4113a487fbbd74a423303102821c913139d7ff782a
SHA5122cf931cf203650781ca27051cf58b61a26700cb492086ce04a8680a49126b63276c77241d5d3f31a8a948edf56e0accec57c78e620200d310af48fa076d33c94