Analysis

  • max time kernel
    26s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-06-2024 20:09

General

  • Target

    19080603ce869f54525b8740d18dca57ee1cbc2ee4d52a4a17d1ec4963047b9d.exe

  • Size

    2.5MB

  • MD5

    764f4baced7ef6823e658d10cf71b392

  • SHA1

    e8c24ea84679d6cf8ed4dd1dff934edecd63fb81

  • SHA256

    19080603ce869f54525b8740d18dca57ee1cbc2ee4d52a4a17d1ec4963047b9d

  • SHA512

    174a27d27e358f4e9c1f6f82e694e1ed86857e7abb34a1f4ad964cc3990f6267f91ff7ea5ca4469b0ac6956f43de652a176194244f3d801789e778fbae2b4e85

  • SSDEEP

    49152:6Hyjtk2MYC5GDIHyjtk2MYC5GDhEh5Cenun9:6mtk2aZmtk2aiQCenun9

Malware Config

Signatures

  • Detect Neshta payload 45 IoCs
  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

  • Checks computer location settings 2 TTPs 13 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 19 IoCs
  • Loads dropped DLL 8 IoCs
  • Modifies system executable filetype association 2 TTPs 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 3 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 17 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies registry class 13 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 44 IoCs
  • Suspicious use of AdjustPrivilegeToken 22 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 57 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19080603ce869f54525b8740d18dca57ee1cbc2ee4d52a4a17d1ec4963047b9d.exe
    "C:\Users\Admin\AppData\Local\Temp\19080603ce869f54525b8740d18dca57ee1cbc2ee4d52a4a17d1ec4963047b9d.exe"
    1⤵
    • Checks computer location settings
    • Modifies system executable filetype association
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3580
    • C:\Users\Admin\AppData\Local\Temp\3582-490\19080603ce869f54525b8740d18dca57ee1cbc2ee4d52a4a17d1ec4963047b9d.exe
      "C:\Users\Admin\AppData\Local\Temp\3582-490\19080603ce869f54525b8740d18dca57ee1cbc2ee4d52a4a17d1ec4963047b9d.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4072
      • C:\Users\Admin\AppData\Local\Temp\._cache_19080603ce869f54525b8740d18dca57ee1cbc2ee4d52a4a17d1ec4963047b9d.exe
        "C:\Users\Admin\AppData\Local\Temp\._cache_19080603ce869f54525b8740d18dca57ee1cbc2ee4d52a4a17d1ec4963047b9d.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2572
        • C:\Windows\svchost.com
          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE"
          4⤵
          • Executes dropped EXE
          • Drops file in Windows directory
          • Suspicious use of WriteProcessMemory
          PID:856
          • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
            C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~1.EXE
            5⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:4228
            • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
              "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE"
              6⤵
              • Executes dropped EXE
              PID:732
      • C:\ProgramData\Synaptics\Synaptics.exe
        "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:232
        • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
          "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
          4⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Drops file in Windows directory
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:3700
          • C:\Windows\svchost.com
            "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
            5⤵
            • Executes dropped EXE
            • Drops file in Windows directory
            • Suspicious use of WriteProcessMemory
            PID:4084
            • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
              C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
              6⤵
              • Checks computer location settings
              • Executes dropped EXE
              • Adds Run key to start application
              • Modifies registry class
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:3576
              • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                7⤵
                • Executes dropped EXE
                PID:2908
              • C:\ProgramData\Synaptics\Synaptics.exe
                "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                7⤵
                • Checks computer location settings
                • Executes dropped EXE
                • Loads dropped DLL
                • Modifies registry class
                • Suspicious use of WriteProcessMemory
                PID:4228
                • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                  "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                  8⤵
                  • Checks computer location settings
                  • Executes dropped EXE
                  • Drops file in Windows directory
                  • Modifies registry class
                  • Suspicious use of WriteProcessMemory
                  PID:4016
                  • C:\Windows\svchost.com
                    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                    9⤵
                    • Executes dropped EXE
                    • Drops file in Windows directory
                    • Suspicious use of WriteProcessMemory
                    PID:2200
                    • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                      C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                      10⤵
                      • Checks computer location settings
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Adds Run key to start application
                      • Modifies registry class
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of WriteProcessMemory
                      PID:4612
                      • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                        "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                        11⤵
                        • Executes dropped EXE
                        PID:2440
                      • C:\ProgramData\Synaptics\Synaptics.exe
                        "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                        11⤵
                        • Checks computer location settings
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Modifies registry class
                        • Suspicious use of WriteProcessMemory
                        PID:3792
                        • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                          "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                          12⤵
                          • Checks computer location settings
                          • Executes dropped EXE
                          • Drops file in Windows directory
                          • Modifies registry class
                          • Suspicious use of WriteProcessMemory
                          PID:3576
                          • C:\Windows\svchost.com
                            "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                            13⤵
                            • Executes dropped EXE
                            • Drops file in Windows directory
                            • Suspicious use of WriteProcessMemory
                            PID:4084
                            • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                              C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                              14⤵
                              • Checks computer location settings
                              • Executes dropped EXE
                              • Loads dropped DLL
                              • Modifies registry class
                              PID:4668
                              • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                15⤵
                                  PID:5100
                                • C:\ProgramData\Synaptics\Synaptics.exe
                                  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                  15⤵
                                    PID:2192
                                    • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                      "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                      16⤵
                                        PID:552
                                        • C:\Windows\svchost.com
                                          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                          17⤵
                                            PID:3744
                                            • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                              C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                              18⤵
                                                PID:3516
                                                • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                  "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                  19⤵
                                                    PID:4228
                                                  • C:\ProgramData\Synaptics\Synaptics.exe
                                                    "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                    19⤵
                                                      PID:5100
                                                      • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                        20⤵
                                                          PID:5096
                                                          • C:\Windows\svchost.com
                                                            "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                            21⤵
                                                              PID:3012
                                                              • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                22⤵
                                                                  PID:5076
                                                                  • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                    "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                    23⤵
                                                                      PID:4972
                                                                    • C:\ProgramData\Synaptics\Synaptics.exe
                                                                      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                      23⤵
                                                                        PID:4628
                                                                        • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                          "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                          24⤵
                                                                            PID:2440
                                                                            • C:\Windows\svchost.com
                                                                              "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                              25⤵
                                                                                PID:448
                                                                                • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                  C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                  26⤵
                                                                                    PID:2876
                                                                                    • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                      "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                      27⤵
                                                                                        PID:5052
                                                                                      • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                        "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                        27⤵
                                                                                          PID:5180
                                                                                          • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                            "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                            28⤵
                                                                                              PID:5264
                                                                                              • C:\Windows\svchost.com
                                                                                                "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                29⤵
                                                                                                  PID:5416
                                                                                                  • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                    C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                    30⤵
                                                                                                      PID:5476
                                                                                                      • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                        "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                        31⤵
                                                                                                          PID:5644
                                                                                                        • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                          "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                          31⤵
                                                                                                            PID:5936
                                                                                                            • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                              "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                              32⤵
                                                                                                                PID:6040
                                                                                                                • C:\Windows\svchost.com
                                                                                                                  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                  33⤵
                                                                                                                    PID:4980
                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                      C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                      34⤵
                                                                                                                        PID:4556
                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                          35⤵
                                                                                                                            PID:5176
                                                                                                                          • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                            "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                            35⤵
                                                                                                                              PID:5536
                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                36⤵
                                                                                                                                  PID:5692
                                                                                                                                  • C:\Windows\svchost.com
                                                                                                                                    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                    37⤵
                                                                                                                                      PID:5820
                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                        38⤵
                                                                                                                                          PID:5880
                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                            39⤵
                                                                                                                                              PID:5960
                                                                                                                                            • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                              "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                              39⤵
                                                                                                                                                PID:5648
                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                  40⤵
                                                                                                                                                    PID:5328
                                                                                                                                                    • C:\Windows\svchost.com
                                                                                                                                                      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                      41⤵
                                                                                                                                                        PID:5260
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                          42⤵
                                                                                                                                                            PID:5616
                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                              43⤵
                                                                                                                                                                PID:5748
                                                                                                                                                              • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                43⤵
                                                                                                                                                                  PID:4980
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                    44⤵
                                                                                                                                                                      PID:4036
                                                                                                                                                                      • C:\Windows\svchost.com
                                                                                                                                                                        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                        45⤵
                                                                                                                                                                          PID:448
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                            46⤵
                                                                                                                                                                              PID:5572
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                47⤵
                                                                                                                                                                                  PID:4564
                                                                                                                                                                                • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                  47⤵
                                                                                                                                                                                    PID:5996
                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                      48⤵
                                                                                                                                                                                        PID:6088
                                                                                                                                                                                        • C:\Windows\svchost.com
                                                                                                                                                                                          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                          49⤵
                                                                                                                                                                                            PID:5352
                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                              50⤵
                                                                                                                                                                                                PID:5504
                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                  51⤵
                                                                                                                                                                                                    PID:1624
                                                                                                                                                                                                  • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                    "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                    51⤵
                                                                                                                                                                                                      PID:5212
                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                        52⤵
                                                                                                                                                                                                          PID:5588
                                                                                                                                                                                                          • C:\Windows\svchost.com
                                                                                                                                                                                                            "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                            53⤵
                                                                                                                                                                                                              PID:6104
                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                54⤵
                                                                                                                                                                                                                  PID:864
                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                    55⤵
                                                                                                                                                                                                                      PID:6120
                                                                                                                                                                                                                    • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                      55⤵
                                                                                                                                                                                                                        PID:4804
                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                          56⤵
                                                                                                                                                                                                                            PID:5980
                                                                                                                                                                                                                            • C:\Windows\svchost.com
                                                                                                                                                                                                                              "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                              57⤵
                                                                                                                                                                                                                                PID:5976
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                  58⤵
                                                                                                                                                                                                                                    PID:5768
                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                      59⤵
                                                                                                                                                                                                                                        PID:2972
                                                                                                                                                                                                                                      • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                        "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                        59⤵
                                                                                                                                                                                                                                          PID:3800
                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                            60⤵
                                                                                                                                                                                                                                              PID:2028
                                                                                                                                                                                                                                              • C:\Windows\svchost.com
                                                                                                                                                                                                                                                "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                61⤵
                                                                                                                                                                                                                                                  PID:3908
                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                                    62⤵
                                                                                                                                                                                                                                                      PID:5616
                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                        63⤵
                                                                                                                                                                                                                                                          PID:1096
                                                                                                                                                                                                                                                        • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                          "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                          63⤵
                                                                                                                                                                                                                                                            PID:2436
                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                              64⤵
                                                                                                                                                                                                                                                                PID:5980
                                                                                                                                                                                                                                                                • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                  65⤵
                                                                                                                                                                                                                                                                    PID:5012
                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                                                      66⤵
                                                                                                                                                                                                                                                                        PID:5616
                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                          67⤵
                                                                                                                                                                                                                                                                            PID:5376
                                                                                                                                                                                                                                                                          • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                            "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                            67⤵
                                                                                                                                                                                                                                                                              PID:6388
                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                68⤵
                                                                                                                                                                                                                                                                                  PID:6520
                                                                                                                                                                                                                                                                                  • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                    "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                    69⤵
                                                                                                                                                                                                                                                                                      PID:6700
                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                                                                        70⤵
                                                                                                                                                                                                                                                                                          PID:6752
                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                            71⤵
                                                                                                                                                                                                                                                                                              PID:6844
                                                                                                                                                                                                                                                                                            • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                              "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                              71⤵
                                                                                                                                                                                                                                                                                                PID:7160
                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                  72⤵
                                                                                                                                                                                                                                                                                                    PID:6236
                                                                                                                                                                                                                                                                                                    • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                                      "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                      73⤵
                                                                                                                                                                                                                                                                                                        PID:6284
                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                                                                                          74⤵
                                                                                                                                                                                                                                                                                                            PID:6384
                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                              75⤵
                                                                                                                                                                                                                                                                                                                PID:6592
                                                                                                                                                                                                                                                                                                              • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                                                "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                75⤵
                                                                                                                                                                                                                                                                                                                  PID:6936
                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                    76⤵
                                                                                                                                                                                                                                                                                                                      PID:6108
                                                                                                                                                                                                                                                                                                                      • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                                                        "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                        77⤵
                                                                                                                                                                                                                                                                                                                          PID:6376
                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                                                                                                            78⤵
                                                                                                                                                                                                                                                                                                                              PID:5800
                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                                                                                                                "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                                79⤵
                                                                                                                                                                                                                                                                                                                                  PID:6968
                                                                                                                                                                                                                                                                                                                                • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                                                                  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                                  79⤵
                                                                                                                                                                                                                                                                                                                                    PID:5568
                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                                      80⤵
                                                                                                                                                                                                                                                                                                                                        PID:6964
                                                                                                                                                                                                                                                                                                                                        • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                                                                          "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                                          81⤵
                                                                                                                                                                                                                                                                                                                                            PID:6900
                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                                                                                                                              C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                                                                                                                              82⤵
                                                                                                                                                                                                                                                                                                                                                PID:6952
                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                                                  83⤵
                                                                                                                                                                                                                                                                                                                                                    PID:4564
                                                                                                                                                                                                                                                                                                                                                  • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                                                                                    "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                                                    83⤵
                                                                                                                                                                                                                                                                                                                                                      PID:5232
                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                                                        84⤵
                                                                                                                                                                                                                                                                                                                                                          PID:7056
                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                                                            85⤵
                                                                                                                                                                                                                                                                                                                                                              PID:5668
                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                                                                                                                                                86⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:2348
                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                                                                    87⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:7012
                                                                                                                                                                                                                                                                                                                                                                    • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                                                                                                      "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                                                                      87⤵
                                                                                                                                                                                                                                                                                                                                                                        PID:1592
                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                                                                          88⤵
                                                                                                                                                                                                                                                                                                                                                                            PID:5912
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                                                                              89⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:4036
                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                                                                                                                                                                  90⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:5652
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                                                                                      91⤵
                                                                                                                                                                                                                                                                                                                                                                                        PID:6164
                                                                                                                                                                                                                                                                                                                                                                                      • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                                                                                                                        "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                                                                                        91⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:3592
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                                                                                            92⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:5644
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                                                                                                93⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:2412
                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                                                                                                                                                                                    94⤵
                                                                                                                                                                                                                                                                                                                                                                                                      PID:6704
                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                                                                                                        95⤵
                                                                                                                                                                                                                                                                                                                                                                                                          PID:2412
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                                                                                                                                                                                                                                                          "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                                                                                                          95⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:7380
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
                                                                                                                                                                                                                                                                                                                                                                                                              96⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:7464
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\svchost.com" "C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                                                                                                                  97⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:7604
                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Users\Admin\AppData\Local\Temp\3582-490\_CACHE~2.EXE InjUpdate
                                                                                                                                                                                                                                                                                                                                                                                                                      98⤵
                                                                                                                                                                                                                                                                                                                                                                                                                        PID:7644
                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE
                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~2.EXE" InjUpdate
                                                                                                                                                                                                                                                                                                                                                                                                                          99⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:7792
                                                                                                                                                                                                                      • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                        "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                        • Suspicious behavior: AddClipboardFormatListener
                                                                                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                        PID:464
                                                                                                                                                                                                                      • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                        "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                        PID:3796
                                                                                                                                                                                                                      • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                        "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                        PID:3120
                                                                                                                                                                                                                      • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                        "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                          PID:1936
                                                                                                                                                                                                                        • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                          "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                            PID:2032
                                                                                                                                                                                                                          • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                            "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                              PID:1168
                                                                                                                                                                                                                            • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                              "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                PID:5276
                                                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3700 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8
                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                  PID:6004
                                                                                                                                                                                                                                • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                  "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                    PID:6056
                                                                                                                                                                                                                                  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                      PID:5688
                                                                                                                                                                                                                                    • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                      "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                        PID:5288
                                                                                                                                                                                                                                      • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                        "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                          PID:5476
                                                                                                                                                                                                                                        • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                          "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                            PID:6040
                                                                                                                                                                                                                                          • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                            "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                              PID:5260
                                                                                                                                                                                                                                            • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                              "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                PID:872
                                                                                                                                                                                                                                              • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                                "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                  PID:232
                                                                                                                                                                                                                                                • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                                  "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                    PID:5284
                                                                                                                                                                                                                                                  • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                                    "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                                                      PID:6540
                                                                                                                                                                                                                                                    • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                                      "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                                                        PID:6148
                                                                                                                                                                                                                                                      • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                                        "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                                                          PID:2220
                                                                                                                                                                                                                                                        • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                                          "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                                                            PID:7048
                                                                                                                                                                                                                                                          • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                                            "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                                                                              PID:6900
                                                                                                                                                                                                                                                            • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                                              "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                                                                PID:6800
                                                                                                                                                                                                                                                              • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                                                "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                                                                  PID:5008
                                                                                                                                                                                                                                                                • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                                                                                                                                                                                                                                                                  "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                                                                    PID:7480

                                                                                                                                                                                                                                                                  Network

                                                                                                                                                                                                                                                                  MITRE ATT&CK Matrix ATT&CK v13

                                                                                                                                                                                                                                                                  Persistence

                                                                                                                                                                                                                                                                  Event Triggered Execution

                                                                                                                                                                                                                                                                  1
                                                                                                                                                                                                                                                                  T1546

                                                                                                                                                                                                                                                                  Change Default File Association

                                                                                                                                                                                                                                                                  1
                                                                                                                                                                                                                                                                  T1546.001

                                                                                                                                                                                                                                                                  Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                  1
                                                                                                                                                                                                                                                                  T1547

                                                                                                                                                                                                                                                                  Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                  1
                                                                                                                                                                                                                                                                  T1547.001

                                                                                                                                                                                                                                                                  Privilege Escalation

                                                                                                                                                                                                                                                                  Event Triggered Execution

                                                                                                                                                                                                                                                                  1
                                                                                                                                                                                                                                                                  T1546

                                                                                                                                                                                                                                                                  Change Default File Association

                                                                                                                                                                                                                                                                  1
                                                                                                                                                                                                                                                                  T1546.001

                                                                                                                                                                                                                                                                  Boot or Logon Autostart Execution

                                                                                                                                                                                                                                                                  1
                                                                                                                                                                                                                                                                  T1547

                                                                                                                                                                                                                                                                  Registry Run Keys / Startup Folder

                                                                                                                                                                                                                                                                  1
                                                                                                                                                                                                                                                                  T1547.001

                                                                                                                                                                                                                                                                  Defense Evasion

                                                                                                                                                                                                                                                                  Modify Registry

                                                                                                                                                                                                                                                                  2
                                                                                                                                                                                                                                                                  T1112

                                                                                                                                                                                                                                                                  Credential Access

                                                                                                                                                                                                                                                                  Unsecured Credentials

                                                                                                                                                                                                                                                                  1
                                                                                                                                                                                                                                                                  T1552

                                                                                                                                                                                                                                                                  Credentials In Files

                                                                                                                                                                                                                                                                  1
                                                                                                                                                                                                                                                                  T1552.001

                                                                                                                                                                                                                                                                  Discovery

                                                                                                                                                                                                                                                                  Query Registry

                                                                                                                                                                                                                                                                  3
                                                                                                                                                                                                                                                                  T1012

                                                                                                                                                                                                                                                                  System Information Discovery

                                                                                                                                                                                                                                                                  4
                                                                                                                                                                                                                                                                  T1082

                                                                                                                                                                                                                                                                  Collection

                                                                                                                                                                                                                                                                  Data from Local System

                                                                                                                                                                                                                                                                  1
                                                                                                                                                                                                                                                                  T1005

                                                                                                                                                                                                                                                                  Replay Monitor

                                                                                                                                                                                                                                                                  Loading Replay Monitor...

                                                                                                                                                                                                                                                                  Downloads

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    175KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    576410de51e63c3b5442540c8fdacbee

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    8de673b679e0fee6e460cbf4f21ab728e41e0973

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    3f00404dd591c2856e6f71bd78423ed47199902e0b85f228e6c4de72c59ddffe

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    f7761f3878775b30cc3d756fa122e74548dfc0a27e38fa4109e34a59a009df333d074bf14a227549ae347605f271be47984c55148685faac479aeb481f7191db

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    454KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    bcd0f32f28d3c2ba8f53d1052d05252d

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    c29b4591df930dabc1a4bd0fa2c0ad91500eafb2

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    bb07d817b8b1b6b4c25e62b6120e51dec10118557d7b6b696ad084a5ba5bfdeb

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    79f407735853f82f46870c52058ceee4d91857a89db14868ee1169abd5c0fd2e3fa1ed230ab90b5f479a9581b88998643d69b0df498defea29e73b0d487f3b10

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.2MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    d1c48274711d83d4a1a0cfb2abdf8d31

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    b4367dd7201ef0cc22d56613e428efda07da57a8

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    ade1db79870327538841d5470483c6474083f08d871bb7d56cfc9e76971c8640

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    7a3e7927b8be3dc1706e6511bf04475558da076696435f937c4eafa94111c378f3bcaa1ea4e5063e91e3e333c91f086a75baaff6c5cc190d3d314c5eee1687a3

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\java.exe
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    325KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    9a8d683f9f884ddd9160a5912ca06995

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    98dc8682a0c44727ee039298665f5d95b057c854

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    5e2e22ead49ce9cc11141dbeebbe5b93a530c966695d8efc2083f00e6be53423

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    6aecf8c5cb5796d6879f8643e20c653f58bad70820896b0019c39623604d5b3c8a4420562ab051c6685edce60aa068d9c2dbb4413a7b16c6d01a9ac10dc22c12

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\COMMON~1\Oracle\Java\JAVAPA~1\javaws.exe
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    546KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    2fbf8e73fc690c57c64459cb4c349ddb

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    1038053aff4e542a8dbb77fc4d100fe083493e50

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    408ad7354171bc8d51846bbe8238e8fbd6a5bf9b0b12b3f55b43f61e03371bf2

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    7e29b6ae75865dc9e7004665f6c90513e5b8f593509cbd209f523ea5602ea9e242ef1fee867f8d293781a51fa816d502456bbe97414de2e7ecbc6f6f640a49fc

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\COMMON~1\Oracle\Java\javapath\javaw.exe
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    325KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    892cf4fc5398e07bf652c50ef2aa3b88

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    c399e55756b23938057a0ecae597bd9dbe481866

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    e2262c798729169f697e6c30e5211cde604fd8b14769311ff4ea81abba8c2781

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    f16a9e4b1150098c5936ec6107c36d47246dafd5a43e9f4ad9a31ecab69cc789c768691fa23a1440fae7f6e93e8e62566b5c86f7ed6bb4cfe26368149ea8c167

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    230KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    e5589ec1e4edb74cc7facdaac2acabfd

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    9b12220318e848ed87bb7604d6f6f5df5dbc6b3f

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    6ce92587a138ec07dac387a294d0bbe8ab629599d1a2868d2afaccea3b245d67

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    f36ab33894681f51b9cec7ea5a738eb081a56bcd7625bdd2f5ef2c084e4beb7378be8f292af3aeae79d9317ba57cc41df89f00aef52e58987bdb2eac3f48171a

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    207KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    3b0e91f9bb6c1f38f7b058c91300e582

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    6e2e650941b1a96bb0bb19ff26a5d304bb09df5f

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    57c993cadf4bf84810cea23a7112c6e260624beaab48d0e4332d3462900fec1d

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    a4fbe28a0135f4632e0a5b6bd775f8d010250b0fbfe223db1fe81d18552a6bc166ebce807853ba02e6a476e9829454805e415ca828a5e043bd1e63dc53599d0f

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    265KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    25e165d6a9c6c0c77ee1f94c9e58754b

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    9b614c1280c75d058508bba2a468f376444b10c1

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    8bbe59987228dd9ab297f9ea34143ea1e926bfb19f3d81c2904ab877f31e1217

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    7d55c7d86ccabb6e9769ebca44764f4d89e221d5756e5c5d211e52c271e3ce222df90bc9938248e2e210d6695f30f6280d929d19ef41c09d3ea31688ae24d4bf

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~4.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    439KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    400836f307cf7dbfb469cefd3b0391e7

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    7af3cbb12d3b2d8b5d9553c687c6129d1dd90a10

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    cb5c5abb625a812d47007c75e3855be3f29da527a41cf03730ad5c81f3eb629a

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    aa53cb304478585d6f83b19a6de4a7938ba2570d380a565a56ff5365aed073d5f56b95ad3228eb7d1e7e6110c6172a58b97bd6a5e57e4a8d39e762ed31dc17c8

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\MICROS~1\EDGEUP~1\13185~1.17\MICROS~1.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    242KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    247348036dbe419034c3289f577ec6ea

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    6adfd450bd84a629c612c7a2f8b2a613afb49245

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    29af76a6a5c935cae799cba744b4604da06d69f30e272a873f15ecfd57043b1d

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    1c8c636f9a1c3c0e4f92ef026f9509fd29d696823bb1c7086b877f6f32663c2c42a83ea51c9751192cae331ad25733b417030dba81654fd747903cc3eae11025

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\MICROS~1\EDGEUP~1\13185~1.17\MICROS~4.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    264KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    87a9a3c1e1477e659286afd59790e1b3

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    19909ca38a6c2be2fefce3f10357b7cf210f1739

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    863824b473ecc45e018a7e394c4c3926e56a244134ac08b849a05d1177fc18d4

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    d15502a82bf5c6ff8abf3bad088bf833000e2e8253d4af8e7182d2d7479497f20bb153062984a7bc0afeee24d03e1d7dcd01d868fc2d2ac3bc73dc0d2b318105

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\MICROS~1\EdgeCore\122023~1.52\BHO\IE_TO_~1.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    555KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    46bda7f4ac4ec1457af4aceec4b0951e

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    9038a90a2b4f6363fd20dc45984405e1d1e2a2d6

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    5eb1cd925ce4a5c5dd035a0de64bb7249303e53d1efff96ea510b0930470524f

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    36e917760e250ad7550b73b20471c5c8264a6ab12984e95d4bba1f3f15602aa8ac1acbb0af3fa8fbd9aba80f002eeb444d1fb49a6d64b720e5368a7a8ce58465

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\MICROS~1\EdgeCore\122023~1.52\COOKIE~1.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    157KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    fe0269e24575d8a8590185540f7b4f6c

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    e133f0f269ac97b93caf93fe6f7ecf55e929cef1

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    1b3d321b505dd2f13e8b669f554b31e6e00f5a5ab4f98160a8f7a0dd96c3b9fa

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    b30ce7aad664d2ad7ad9ff046e16a80bbf13caa70c981c12ee164f45f570b7e2013dacb630d6341ee67d4821519a9c33277f2801ad87521329b984e66873e6c0

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\MICROS~1\EdgeCore\122023~1.52\ELEVAT~1.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.7MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    f31b25bb1e8bd429892a63eaac0bce5d

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    f007774635ef84623a7b4e0c892a8ee14c4b6221

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    35e16cb335e2e73dc5a8ea0117598cebc98aa2e3550b32a4fb2b3d1f60be17d9

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    f9515824dc4de6968903471bcc842e97acc30489d2054357c61098af190aae30ec7027c5e99aa9da1f527d53cddc209dd793db937e69f316ba1c9206884dff0a

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\MICROS~1\EdgeCore\122023~1.52\MSEDGE~2.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.2MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    7f88f3f90ac64568f91d7886f56ff0b6

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    2ef4a4496c09928a09da0af641e3c092ade4f03b

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    1dc1ebb5939a050cd9eff7b7011afbf877cb33f21950fff127d7481f3e9d38b2

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    412345a84eeffd2ddd1bd66230d4eef5fa29e35891a4b5f329626f4b557fb2fc972f05f131b8c4c94c8296c774545b288da7ba2fda93e6654733a03d247f33e3

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\MICROS~1\EdgeCore\122023~1.52\MSEDGE~3.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.6MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    037eb09ec7455bed1c2cc12ead01b246

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    821ca5516402d68a0e6aa8d807abb2f3e2a78554

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    fe404e589880c9a7065f3e2cfcfa4675953dccc5250f26715f29986d7580d924

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    bfae4a3f1ef8a8036e5c3c7700796bb2e5b534fd602a2ed9f209e0974b111ace42f7f82683388f2fdefbf7939bc504b57901af0cc881b2e06c74036bf802760b

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\MICROS~1\EdgeCore\122023~1.52\NOTIFI~1.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.4MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    9265ab18f47b9624d04a7bcc4794cd89

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    4589d080807701f5a4813326a1b72d62e71d2880

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    0cb11ab79f1810b4589f2a28a12dee99c8c913428b6c6e497123800e2134ec3c

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    aa7870c60af1a278e78569c487950f6b9868b4941a25783fad63ea4bc07ba2959a8bb1b2242fc492a2ec85df610dcfcda08013501a2dd9fd9b8dcd728c0d5ead

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\MICROS~1\EdgeCore\122023~1.52\msedge.exe
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    3.9MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    5d756a0168c787760258a53087193fcd

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    3a1190370ec84df9cbc2d0b8dc2c3c040268e667

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    4dcb3cc3b7e87ea4fdfe524d5d24a32eab1f87f1d477620879edbf8ac99c25d8

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    213c39edbce4602f5e2882ba39d59ab51552b5e1c384c5e274addf3ddaafecd50fd9763a888fac7b406f136dcca63ca29a696ba407ae5e1e0446bee95ad24af4

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\122023~1.52\INSTAL~1\setup.exe
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    6.8MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    1cae3b29628f35e661eab78f1c8b4a99

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    97fb011f97340a0687204a2f35e0e7e85112c97f

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    643df72069bacb87065bfa4a0b552c97655c9497aeadea96e48e3d5df10cf3b0

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    30924f452425afe598f4f21d59433c05c4bd217bf313363c22be4e9d23e712f96cef905a2411cdbf23da08b3f8d61e20f127fd4d2ab3aab35483f46b4e32759b

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\122023~1.52\identity_helper.exe
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.2MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    a4c554903ffddf2c66eca876c614a75d

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    cc789ac39fea72c579a5ec64970d2b6cc9daeac1

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    09f2820a2ee73dc9ee5288fd25b3cde313e400f99f730464a31b71cfdbbd7f31

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    d1feb67afcbacc1cb8c76c8774687546ab9ac6c0962ca62a8059a2b04b7332e9a0d8575ef37f9887a367b3f4f47b4bd5ea9010f754fdf0049498a58ba9fee088

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\122023~1.52\msedgewebview2.exe
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    3.5MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    a4b214a072e3b243c4ebc478e6eb36a7

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    03d0e04d345971141a1cd5f56e31e7f8480974f7

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    77411e2933273fb7b04fd0dec90ea0a620b2293b6fbdbd5c29afa0cd7536fa51

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    e32edd286477a52cbeaea9a0d20c49328bf78e86698620cee8c6900b672c0cc7feed5d2a5426770e9c2c70fe2a339814db4468d9fc960070e61e928ca3866a8d

                                                                                                                                                                                                                                                                  • C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\122023~1.52\pwahelper.exe
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.2MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    6aa892c7d9621d5388526f832195fc0f

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    9f77f2fe1166734a4eda02222b5ec080091b68c9

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    e5f38ea31c0d27d3d0435d4f19e3da0e023a9fa94bf611d5d522b72d9a2b3b66

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    6bf56ce59afcf84265cd757ff99b8d664361f0f23d521386b0092b1574d34eb619184c6f8925b57fa0b94f5edf30453d6cec3b39273f8735cfe1835961ac0e3c

                                                                                                                                                                                                                                                                  • C:\ProgramData\Synaptics\RCX1519.tmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.1MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    e4a7eb2876ffd171ff603b1c2888348c

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    c04ba85968b72370a1839cfe4062a4726c1c12d1

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    ba74794ef25aa8148fe3cede53880bce6a702b154538178362ae3c5aded0497b

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    0db4a73f570aa7659db581f6fe44bcf6555b41c225e9c542fd3b1d5b75e7ad17cf0b002167e8556f02d0a966051ce3e5b426ec7004b3b3b2f0dc87224dce96b2

                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\71274F68-5B29-4D28-BB3B-689642AEF5A6
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    167KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    a85b5ec08f3b0e06fda515545d1ecd56

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    84492f691d8ddf28734a6ca964415cbbc91f925e

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    005866230944be1d38adaafe1d82348ca80e450ab036b77e904503d809c10416

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    0a94e718d92c41905f5a9e44fbda87485d7fac2afb0f7862500f4063fcd5ceb4902e4893ed9dbd149fe6de0528cdfdba39516961f18171a8e91c0b0404456e20

                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    2KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    b2c766e2d8b5b26e189f0c4f84cd2aa8

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    6248b51576750abaf4534a05d3d2662f63aca17a

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    3f13bf03c4ddc7fd5db223769bd37ce5cd0f235c2451d720cf283556c0fae25a

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    e0b66841060032433a28bc9cd973d6078c62c1a139efc378f8555cb2256af2d44ddd70eb4d25cddf5a43fe74aa28a3e036ab2c058562763b86c49288568aa878

                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\._cache_19080603ce869f54525b8740d18dca57ee1cbc2ee4d52a4a17d1ec4963047b9d.exe
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.4MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    c6b7d88af09bed8ef817c3ad1f68f9f4

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    c49df92061197098f62c7e5031e8b9ce406d911c

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    b116d954ddce3d3df3ef09a44aac5433c91ea2fee317dbf33fc5c4e5cec06af5

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    75452e228ccfc14f144d4ce777b5898ace42ca5638c2607cc00b1dd1ba1ff05e3074af33bfad39979b0e3b035daad4a7503a1c88f3c3a5ecf2ce3266d0a33c2d

                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\._cache__CACHE~1.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    266KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    c08ebf3a175b66593b27a3c071df5115

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    4acafe7abdf85c922cac6065c9e4d0c909c22c85

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    1a7cebff8a5859fcd9847bef3695ee9f8d29ddca361d8f52a6b23d824deba968

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    79b17d05ebc6e5b17f25f0ce1c202e1ef4c959246073e1b242edc4c4c45a2bcf4b3ffac2f01f4394112eadc961c6b8934208a071658493ef7a7c34e810e567a9

                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\3582-490\._cache_19080603ce869f54525b8740d18dca57ee1cbc2ee4d52a4a17d1ec4963047b9d.exe
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.3MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    94e5f271b702947d8c96c432a77e99e7

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    a284a7fb14c9576a380052f16e1aadf4c82a2105

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    a3c7ec7dbd6ef0b778f0f05e140b965f5c1af8bce1a729ed5f8e183822dc10b9

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    60dfef773155ce6a70b3c37f08c9d210fb4e9ae6aba4ed2b230ec1577f5484fd154cfbe27de7dd795ec171c6d24814813f89165d7011f14a224d64a2bf1dcb71

                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\3582-490\19080603ce869f54525b8740d18dca57ee1cbc2ee4d52a4a17d1ec4963047b9d.exe
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    2.5MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    44cce607c901188b1ceca88705a3edfb

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    104192763c1994a8686e1b813dde36109e83a1b6

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    f85efbd3d02c72fc85aabcf5549b6803fd9968cc301dbf7dc4c745c3d3da1309

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    1a4116c0fbb63cdf1ac1ab30b542286e501b2d94e9090ef0812d2b8c5a076c9a1b83295f3d333929df72c47e97faac683db473c74d915e8452a83b0d9492bdab

                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\lBtUbPTN.xlsm
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    17KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    e566fc53051035e1e6fd0ed1823de0f9

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    00bc96c48b98676ecd67e81a6f1d7754e4156044

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

                                                                                                                                                                                                                                                                  • C:\Windows\directx.sys
                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                                                                                                                  • C:\Windows\directx.sys
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    57B

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    6b3bfceb3942a9508a2148acbee89007

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    3622ac7466cc40f50515eb6fcdc15d1f34ad3be3

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    e0a7bae2a9ac263cff5d725922e40272d8854278d901233a93a5267859c00a3c

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    fa222bfcade636824af32124b45450c92b1abec7a33e6e647a9248eef5371c127d22ccb7cc5a096b4d5d52e2457f3841293a1b34304e8e5523549856ac02f224

                                                                                                                                                                                                                                                                  • C:\Windows\svchost.com
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    40KB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    2ff724ca136d4a831421dfd891e167c6

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    5416f8de17ae4a8d9ea2e2d4570c5dd9ba7e5eb8

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    ff787f8231bb6f6a30eb61f46d56920e742ae22dd047622f8fbe6266d8bb864d

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    5ad202eb3222b9a95695ee1ffcebdaa3cd7235dbc8a1bf845e560736f514d9d7c92bc509c7089f53ff391bcd1d053050ccf0d889102a2b53b373d211dfbd9dc0

                                                                                                                                                                                                                                                                  • C:\odt\OFFICE~1.EXE
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    5.1MB

                                                                                                                                                                                                                                                                    MD5

                                                                                                                                                                                                                                                                    02c3d242fe142b0eabec69211b34bc55

                                                                                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                                                                                    ea0a4a6d6078b362f7b3a4ad1505ce49957dc16e

                                                                                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                                                                                    2a1ed24be7e3859b46ec3ebc316789ead5f12055853f86a9656e04b4bb771842

                                                                                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                                                                                    0efb08492eaaa2e923beddc21566e98fbbef3a102f9415ff310ec616f5c84fd2ba3a7025b05e01c0bdf37e5e2f64dfd845f9254a376144cc7d827e7577dbb099

                                                                                                                                                                                                                                                                  • memory/232-321-0x0000000000400000-0x0000000000680000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    2.5MB

                                                                                                                                                                                                                                                                  • memory/464-230-0x00007FF9642F0000-0x00007FF964300000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/464-232-0x00007FF9642F0000-0x00007FF964300000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/464-231-0x00007FF9642F0000-0x00007FF964300000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/464-320-0x00007FF962170000-0x00007FF962180000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/464-233-0x00007FF9642F0000-0x00007FF964300000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/464-234-0x00007FF9642F0000-0x00007FF964300000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/464-259-0x00007FF962170000-0x00007FF962180000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/552-739-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/732-258-0x0000000005530000-0x00000000055CC000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    624KB

                                                                                                                                                                                                                                                                  • memory/732-308-0x0000000005BD0000-0x0000000006174000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    5.6MB

                                                                                                                                                                                                                                                                  • memory/732-256-0x0000000000B30000-0x0000000000B78000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    288KB

                                                                                                                                                                                                                                                                  • memory/732-380-0x0000000005860000-0x00000000058B6000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    344KB

                                                                                                                                                                                                                                                                  • memory/732-379-0x00000000055D0000-0x00000000055DA000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    40KB

                                                                                                                                                                                                                                                                  • memory/732-309-0x0000000005620000-0x00000000056B2000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    584KB

                                                                                                                                                                                                                                                                  • memory/856-136-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/1936-738-0x00007FF962170000-0x00007FF962180000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/1936-726-0x00007FF962170000-0x00007FF962180000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/2032-823-0x00007FF962170000-0x00007FF962180000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/2032-815-0x00007FF962170000-0x00007FF962180000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/2192-742-0x0000000000400000-0x000000000055F000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.4MB

                                                                                                                                                                                                                                                                  • memory/2200-444-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/2572-741-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/2572-608-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/3012-831-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/3120-624-0x00007FF962170000-0x00007FF962180000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/3120-613-0x00007FF962170000-0x00007FF962180000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/3516-808-0x0000000000400000-0x000000000055F000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.4MB

                                                                                                                                                                                                                                                                  • memory/3576-410-0x0000000000400000-0x000000000055F000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.4MB

                                                                                                                                                                                                                                                                  • memory/3576-633-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/3580-607-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/3580-832-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/3580-414-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/3700-245-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/3744-740-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/3792-651-0x0000000000400000-0x000000000055F000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.4MB

                                                                                                                                                                                                                                                                  • memory/3796-441-0x00007FF962170000-0x00007FF962180000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/3796-445-0x00007FF962170000-0x00007FF962180000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    64KB

                                                                                                                                                                                                                                                                  • memory/4016-431-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/4072-13-0x0000000002410000-0x0000000002411000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    4KB

                                                                                                                                                                                                                                                                  • memory/4072-133-0x0000000000400000-0x0000000000680000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    2.5MB

                                                                                                                                                                                                                                                                  • memory/4084-257-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/4084-639-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/4228-481-0x0000000000400000-0x000000000055F000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.4MB

                                                                                                                                                                                                                                                                  • memory/4228-227-0x0000000000400000-0x000000000055F000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.4MB

                                                                                                                                                                                                                                                                  • memory/4612-591-0x0000000000400000-0x000000000055F000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.4MB

                                                                                                                                                                                                                                                                  • memory/4668-717-0x0000000000400000-0x000000000055F000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.4MB

                                                                                                                                                                                                                                                                  • memory/5076-899-0x0000000000400000-0x000000000055F000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.4MB

                                                                                                                                                                                                                                                                  • memory/5096-830-0x0000000000400000-0x000000000041B000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    108KB

                                                                                                                                                                                                                                                                  • memory/5100-833-0x0000000000400000-0x000000000055F000-memory.dmp
                                                                                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                                                                                    1.4MB