Analysis Overview
SHA256
a9157bff7034c95796152201796c6f97530e27277429af9ff350ac554bd37939
Threat Level: Known bad
The file a9157bff7034c95796152201796c6f97530e27277429af9ff350ac554bd37939 was found to be: Known bad.
Malicious Activity Summary
Vidar
Vidar family
Detect Vidar Stealer
Downloads MZ/PE file
Uses browser remote debugging
Loads dropped DLL
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Executes dropped EXE
Checks computer location settings
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Enumerates processes with tasklist
Drops file in Windows directory
Unsigned PE
System Location Discovery: System Language Discovery
Program crash
Enumerates physical storage devices
Browser Information Discovery
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Checks processor information in registry
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-05 11:54
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-05 11:54
Reported
2024-11-05 11:57
Platform
win7-20240903-en
Max time kernel
66s
Max time network
150s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Vidar
Vidar family
Downloads MZ/PE file
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | N/A |
Reads user/profile data of web browsers
Checks installed software on the system
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Drops file in Windows directory
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\findstr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a9157bff7034c95796152201796c6f97530e27277429af9ff350ac554bd37939.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\findstr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\findstr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\choice.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703085300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc252000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc35300000001000000230000003021301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a82000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a9157bff7034c95796152201796c6f97530e27277429af9ff350ac554bd37939.exe
"C:\Users\Admin\AppData\Local\Temp\a9157bff7034c95796152201796c6f97530e27277429af9ff350ac554bd37939.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c copy List List.bat & List.bat
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa opssvc"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 6605
C:\Windows\SysWOW64\findstr.exe
findstr /V "CEREMONYBRAZILEARNINGSPAPER" Phys
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b ..\Particle + ..\Watt + ..\Reel + ..\Colours + ..\Fires + ..\Walks + ..\Th + ..\B + ..\Telephone + ..\Commissioner + ..\Vc + ..\Optional + ..\Tigers + ..\Maldives + ..\Applicant + ..\Trinidad P
C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif
Alternatives.pif P
C:\Windows\SysWOW64\choice.exe
choice /d y /t 5
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6cd9758,0x7fef6cd9768,0x7fef6cd9778
C:\Windows\system32\ctfmon.exe
ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 --field-trial-handle=1172,i,3386070242589671326,14200221436638145364,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1172,i,3386070242589671326,14200221436638145364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1172,i,3386070242589671326,14200221436638145364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2184 --field-trial-handle=1172,i,3386070242589671326,14200221436638145364,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2176 --field-trial-handle=1172,i,3386070242589671326,14200221436638145364,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1456 --field-trial-handle=1172,i,3386070242589671326,14200221436638145364,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --remote-debugging-port=9223 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1316 --field-trial-handle=1172,i,3386070242589671326,14200221436638145364,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3480 --field-trial-handle=1172,i,3386070242589671326,14200221436638145364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3584 --field-trial-handle=1172,i,3386070242589671326,14200221436638145364,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1172,i,3386070242589671326,14200221436638145364,131072 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 844
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mYbjAvywFosZBhLDuXPQzfkfV.mYbjAvywFosZBhLDuXPQzfkfV | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| FI | 65.109.241.94:443 | 65.109.241.94 | tcp |
| FI | 65.109.241.94:443 | 65.109.241.94 | tcp |
| FI | 65.109.241.94:443 | 65.109.241.94 | tcp |
| FI | 65.109.241.94:443 | 65.109.241.94 | tcp |
| FI | 65.109.241.94:443 | 65.109.241.94 | tcp |
| FI | 65.109.241.94:443 | 65.109.241.94 | tcp |
| FI | 65.109.241.94:443 | 65.109.241.94 | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | tcp |
| GB | 172.217.16.238:443 | apis.google.com | tcp |
| GB | 142.250.178.10:443 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:9223 | tcp | |
| US | 8.8.8.8:53 | crl.microsoft.com | udp |
| GB | 2.19.252.157:80 | crl.microsoft.com | tcp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.213.3:443 | beacons.gcp.gvt2.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\List
| MD5 | e73430fed8b772ee346e05ace0cbb3a2 |
| SHA1 | f5a89b962504408636e64c6d3d171ab50e1de8a6 |
| SHA256 | 35b8c8e6ffaacab2cf18bd3dbe5e2de44ce9652c7a4a2e6b59a5522c88b4db95 |
| SHA512 | 43ba88788330bda0d7314e8eecd5ea4c452c926984887401ad40f591da08899385bd536df2b9658240b82e9f77e8e88b9cdb82f0cb7ac963b0b758fc8cf3398c |
C:\Users\Admin\AppData\Local\Temp\Phys
| MD5 | a83b54819f8bb4640619ec47cefbd2e3 |
| SHA1 | dc54b87e4d6b4ea47e76476c3a21a8bbf45d208c |
| SHA256 | 3392ddff8c2e92168709742131843bcc7c87ae7e519ba8b4e59c4a0da63e4b89 |
| SHA512 | ff3a7b4ab7609cbdd329203d4a58f4cc3c3da6ba6767f11635cbf71c94efd0c994a3c50202d55540bd28138dc2a2c417a263ad946dc0963a8ef2b8787f1a4413 |
C:\Users\Admin\AppData\Local\Temp\Graph
| MD5 | 9544c3c85a44d02cae05f426dba03d5a |
| SHA1 | d1318a16e0bfcc5ceb26c304f35e625f11fb2e79 |
| SHA256 | ff79936cfcf0abc704659ed5b0c1db7c367a78d09ffb9a459e082f48758264bb |
| SHA512 | 79c2ec200c0fa14ce324176f34f4a44f596ed77c8a28452a89e59e6db4692541a4cce98b3a39d91db1a2c358cd297f1cc00c1bda18399d9f8cfb47fbd9c5f2b7 |
C:\Users\Admin\AppData\Local\Temp\Particle
| MD5 | 7e35268f9e5a77094daa410be23e44bb |
| SHA1 | 0f279144a2338f9808a6079058eb6d0ad1db39ac |
| SHA256 | 5354833f3b8d7130b391fcc6e56d8a2a29e5eb55980c7d485ee8713e4d8c89cf |
| SHA512 | 6d66920f3b1545c7412e66c6676ccf126978803a78f062d5a6b80d0787f05f4d42ebf49b48c491dc5d61e1b175bb67c87dbb2e1b818112b1633eab0997f3baf7 |
C:\Users\Admin\AppData\Local\Temp\Watt
| MD5 | c1417dd7a4f57927835f9dc4bd5d161b |
| SHA1 | 8985d33327cba9bd6adee01ee8755f1d40b87932 |
| SHA256 | c2165e8373253cab652528f0511b623bbea4037d211936d3cf613090a1cdd3ba |
| SHA512 | 4618dc37ac68d55dd15cf0199d894ee6c2c3387e93d51dc7b466c63e97da30b04154d001f7d9f1578e9212111ea4c49a57109880ccf6b53d21ccbbd433ff6a00 |
C:\Users\Admin\AppData\Local\Temp\Reel
| MD5 | 71a1d80c1c0d09598aa3bdb89bb916fc |
| SHA1 | 8114685210d3627e3e788133cfd8e421344add0f |
| SHA256 | 320d3ba624db4a583f95c0f43e226246823224b4664d71bd7a774d2314b8f3de |
| SHA512 | 8892c6533a65bc1a752cc387c63935fb7f3f59f31aa7512d4b68f43f2b6bfefa4353ca0c5ad01d48fe9429ee5d07a381f7f6a1abec289033140d1a6e1015bac0 |
C:\Users\Admin\AppData\Local\Temp\Fires
| MD5 | aba7e7380e48c24866740ff22eab2797 |
| SHA1 | 4707a8a80793985e49c56c787cd540fb2ef8d7d7 |
| SHA256 | c41beff691522fe522cb197509ebca3e1922fb853bca578353bacfa6b9b2e76e |
| SHA512 | 0cb8524187d1e349366538ddd4a2db5e962997b5817476da3a4e15c72500944a8321489d1208adf65fcda5c144db309fd7d059af3f479624a11ce3f14245386b |
C:\Users\Admin\AppData\Local\Temp\Trinidad
| MD5 | 99e50eae127dee9a187a3479bffb2611 |
| SHA1 | f2feb6779af7e2f36ff75d55708498eea0dc75dd |
| SHA256 | 8fdcf3f130fdc46abae2a437e6922bcd849d0ad535e10f7e338daa4f335596c5 |
| SHA512 | 8a998836f4a375ae4c5c31b733c9e9cf452e33d87b80a153944bb1a95a0bcf1a1d21f2854d6d5f343f636517b7ef4c578dd1a7a838ae375528cbdf38bfbf734a |
C:\Users\Admin\AppData\Local\Temp\Applicant
| MD5 | f4159fd7a4aa23ff1af3f83184c7b591 |
| SHA1 | f169d89a439745fbe04996eae64286466996d6e4 |
| SHA256 | 1964e48f3e0b4ecb562783680f23b71a0290a607958e40f22f600d829103ea38 |
| SHA512 | c0358c489dc3ec763ebc6bae6de9047fe36387b3817163a131e13bffde4fc0dbad5bde53a8967b2f8e6d64356fdf16d6a0fcffdfe749b41982c2607f5ec62c98 |
C:\Users\Admin\AppData\Local\Temp\Maldives
| MD5 | 453f52e664b31a955f4349ecb45a559f |
| SHA1 | d04ce1e3508478f7a41d4d3713b90c94bed94f93 |
| SHA256 | c65690e2c56db99f8915548823c9edd68020416271ffaf2d4291024de644c9b4 |
| SHA512 | 2ad18152b4b4642832d7b6b172d7cd94d9fd9c2e60d7f5597c3d20840a9442b7dd3cd770fba84627d2ed83f7c639942749b9f2de0914f167250b3964350338ec |
C:\Users\Admin\AppData\Local\Temp\Tigers
| MD5 | fe10c257f3d7eefd76a9ea96917b3dac |
| SHA1 | 8150e95eff9f15bef4f1c744022755b11a9ce6ff |
| SHA256 | bf1045e5fe1a84579c823e2f07ee272f09db5167a029db019af20cb2fd12c943 |
| SHA512 | 21069c0285f21ecaf140e107e7214c76eff59fd8efbd5344835b3dbfa5a0aecee6e4676cffec95ce81d229aa75bdbbde424a87e37179efbb90b98781d1cd1397 |
C:\Users\Admin\AppData\Local\Temp\Optional
| MD5 | 2e0cbfc717a59ff4d40477dca3c47505 |
| SHA1 | 682293c207567df1c6a83543e46117bc5fa756a6 |
| SHA256 | 5cfbe754f8b85189fc063b08277820912c9c88fb0cb0b9330d2c2a2246fe0aa1 |
| SHA512 | 13e7d4268f8a7d7e745be1c5239bff791881e31bccc5f423c30536ff420d577b378f3411f340c759804df24c43a5924bddab5197aae4b442692bf1e5fb8e7cc1 |
C:\Users\Admin\AppData\Local\Temp\Vc
| MD5 | d58f412c0608af2b7d9230b8af1c6ca8 |
| SHA1 | 7239b104825828dcf7ffd6172d9e370e99ea2975 |
| SHA256 | 782d31412eac898866880132e32638592f36b6219a19e682ccd4a85552581a01 |
| SHA512 | 94434b737b0f128e058f38e360ce80b6a447149a176d5fce2caa06162e0001f1dd7d56f25c8d7fd6c0e07ff6ed1ec55fbdb5d9b3bd82ed62db8c10b324f7ba40 |
C:\Users\Admin\AppData\Local\Temp\Commissioner
| MD5 | 4d9bbaf20064cc706915a5f08c490e12 |
| SHA1 | 532bec59a472644f7d80482e44c9aacf300ee808 |
| SHA256 | a6fe61e5a1a5bac30c4a92a3cb05e0ae4cfcfa225954aa59210f249e980b199d |
| SHA512 | 69eaf4aad8a3d42af23e626d23fce6c50c8329a23f6e5010b045312c2bf8a3cd0e17e6f478e207d64bf27c613effd89d51375c752401ce55f981cba5283f2f8b |
C:\Users\Admin\AppData\Local\Temp\Telephone
| MD5 | e0aeb372a59033b33e86e336050912b3 |
| SHA1 | 08dfdbeb1b934408c1c18bba3277306661c3c419 |
| SHA256 | 60a52e926ddab397d29cd866d25239a8b6b474152901181152987cc5537df24d |
| SHA512 | 5752401d487c0369684e8f5b179b5571a7584089c5029288a6393f9008164f8ea53347a84e1ad6be6cd286a63fe63301a31785b2ffd62e81f2aca40640fe722c |
C:\Users\Admin\AppData\Local\Temp\B
| MD5 | 813623fef4fc3598586163fe0e32b58d |
| SHA1 | 72e58713ffa3b9ca31b8233a54210830385d935e |
| SHA256 | ceac9db58859eaa3887a614adf65a767c2f5127b420d153982cb536fa3851360 |
| SHA512 | 16008b825dc59bd2a7814045dcd73da008f0788bbbba7a95cf8d834e7768265fa99c3bb4214b3aad81e721f758ae5f5c91ba411f2bac93594e1d3403a631b7f7 |
C:\Users\Admin\AppData\Local\Temp\Th
| MD5 | fd51fde362fa58526a959290644a357c |
| SHA1 | bd2fa0c67d01a6b46a5280b79ca95d899abcca55 |
| SHA256 | f7b805e776026b2ac8efb05212858fec60084e1f5c85c408b8b5aaf7d63c362d |
| SHA512 | 8fe073748d315d288d1b63b9bd69d66b7cc946240f7e5ab04f2c87ab010325b86611c0045e0c2d96693a65df51d66102a8c9e5fc22976b22d88963aa564f1293 |
C:\Users\Admin\AppData\Local\Temp\Walks
| MD5 | 4e08d104a885b2fc68f87012b213dac5 |
| SHA1 | cc36ead0dd87bc6d5c9274107f4946a48b1a0f7d |
| SHA256 | ecb370f7ee955af6363a24c036cbf83e29818b54804d508778dbf89cd9478db8 |
| SHA512 | c76575ee85e2c768934235a5a1436521c1fb379402b5933501dacd4ac2727f599a55c6f2cdbb79ba3e3135f67f313c77df6bd74df41fcc385d5f4c4e3a7a471f |
C:\Users\Admin\AppData\Local\Temp\Colours
| MD5 | 6f6be76a0dc7e40a48dea1b4b627c6fe |
| SHA1 | c659ade9e22bfb1472c8e3964d66f66e21b48976 |
| SHA256 | 9be563f70ec4e53e5a7ef93e435c565afd4fdd766247217307f13dc0fad83257 |
| SHA512 | 06e8451799656751d7fb10adfd2225603f377a8a5e43d6a484ec4b0ca449d93912e5c3be4aa610bf18c9366710ee82cd37e584561cd80145d4816ba3a365e23b |
\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif
| MD5 | 18ce19b57f43ce0a5af149c96aecc685 |
| SHA1 | 1bd5ca29fc35fc8ac346f23b155337c5b28bbc36 |
| SHA256 | d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd |
| SHA512 | a0c58f04dfb49272a2b6f1e8ce3f541a030a6c7a09bb040e660fc4cd9892ca3ac39cf3d6754c125f7cd1987d1fca01640a153519b4e2eb3e3b4b8c9dc1480558 |
C:\Users\Admin\AppData\Local\Temp\6605\P
| MD5 | 6e06051a757d905f5fe32eda39c4e546 |
| SHA1 | 46361de4c63de69cc8c7d2b55ea7ad1c8c3fdf09 |
| SHA256 | 4d7df4553338d788a6ea13a139d4733f0ce791ef44207c48e9d5eedaa480f61f |
| SHA512 | fc2997135cfaa39d08a134e2ea5a3c3d0724f1b26c20ca351becd5cc48f234f19305eca4e9eb18c056960a718ad6267135302ab6af9775b424d5509f63f73b09 |
memory/2880-389-0x0000000003DC0000-0x00000000040C0000-memory.dmp
memory/2880-390-0x0000000003DC0000-0x00000000040C0000-memory.dmp
memory/2880-388-0x0000000003DC0000-0x00000000040C0000-memory.dmp
memory/2880-391-0x0000000003DC0000-0x00000000040C0000-memory.dmp
memory/2880-393-0x0000000003DC0000-0x00000000040C0000-memory.dmp
memory/2880-392-0x0000000003DC0000-0x00000000040C0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\CabD6E1.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarD703.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
memory/2880-534-0x0000000003DC0000-0x00000000040C0000-memory.dmp
memory/2880-553-0x0000000003DC0000-0x00000000040C0000-memory.dmp
memory/2880-573-0x0000000010000000-0x000000001025F000-memory.dmp
\ProgramData\chrome.dll
| MD5 | eda18948a989176f4eebb175ce806255 |
| SHA1 | ff22a3d5f5fb705137f233c36622c79eab995897 |
| SHA256 | 81a4f37c5495800b7cc46aea6535d9180dadb5c151db6f1fd1968d1cd8c1eeb4 |
| SHA512 | 160ed9990c37a4753fc0f5111c94414568654afbedc05308308197df2a99594f2d5d8fe511fd2279543a869ed20248e603d88a0b9b8fb119e8e6131b0c52ff85 |
\??\pipe\crashpad_2040_QHDSNOQXREVPXYJH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp
| MD5 | 18e723571b00fb1694a3bad6c78e4054 |
| SHA1 | afcc0ef32d46fe59e0483f9a3c891d3034d12f32 |
| SHA256 | 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa |
| SHA512 | 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f8171dd448bc7ce04866148156bd56b2 |
| SHA1 | 765e45bcf9cdaa40d522be61863111f5095b83c5 |
| SHA256 | 031f3dae0b12a89a5a50c0db4d64e21b90b41d19194d0354a96c8a3a6690334a |
| SHA512 | 47b86fd72c6dc6ed4519e97525c8519803911b2740370d398db7cbfe07b9329363fa843311f115b5f7066386cd8954fdc14b545f37ac3d16eb44402444ffb5de |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f3b90ad9a8783b712f5ae69948ea966e |
| SHA1 | 7f8c984f514a0e66d11a14e86852c4afa9c58d4e |
| SHA256 | cba173b9cc8d832657040d48fc26332afaf05abbfff9a5dbe0b6e221a67345d7 |
| SHA512 | af5abad6aa168b1bde30003392fd2c27b9037b03736a9380e1ca6febbb30d5d481402a734ec9bc630f85f10e838daece3eb6528b4657b0cdfc10b4b897f21cc8 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-05 11:54
Reported
2024-11-05 11:57
Platform
win10v2004-20241007-en
Max time kernel
135s
Max time network
143s
Command Line
Signatures
Detect Vidar Stealer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Vidar
Vidar family
Downloads MZ/PE file
Uses browser remote debugging
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\a9157bff7034c95796152201796c6f97530e27277429af9ff350ac554bd37939.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
Reads data files stored by FTP clients
Reads user/profile data of web browsers
Unsecured Credentials: Credentials In Files
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Drops file in Windows directory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\findstr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\findstr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\choice.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a9157bff7034c95796152201796c6f97530e27277429af9ff350ac554bd37939.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\findstr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133752813114942970" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\a9157bff7034c95796152201796c6f97530e27277429af9ff350ac554bd37939.exe
"C:\Users\Admin\AppData\Local\Temp\a9157bff7034c95796152201796c6f97530e27277429af9ff350ac554bd37939.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c copy List List.bat & List.bat
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa opssvc"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr -I "avastui avgui bdservicehost nswscsvc sophoshealth"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 6605
C:\Windows\SysWOW64\findstr.exe
findstr /V "CEREMONYBRAZILEARNINGSPAPER" Phys
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b ..\Particle + ..\Watt + ..\Reel + ..\Colours + ..\Fires + ..\Walks + ..\Th + ..\B + ..\Telephone + ..\Commissioner + ..\Vc + ..\Optional + ..\Tigers + ..\Maldives + ..\Applicant + ..\Trinidad P
C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif
Alternatives.pif P
C:\Windows\SysWOW64\choice.exe
choice /d y /t 5
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9e03bcc40,0x7ff9e03bcc4c,0x7ff9e03bcc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,5924083229256222977,12096411579959252736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1752,i,5924083229256222977,12096411579959252736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2524 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,5924083229256222977,12096411579959252736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2636 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3192,i,5924083229256222977,12096411579959252736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3236,i,5924083229256222977,12096411579959252736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,5924083229256222977,12096411579959252736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3648,i,5924083229256222977,12096411579959252736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4616 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4788,i,5924083229256222977,12096411579959252736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4884,i,5924083229256222977,12096411579959252736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,5924083229256222977,12096411579959252736,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e03c46f8,0x7ff9e03c4708,0x7ff9e03c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,8777180604216997661,840412771306188301,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,8777180604216997661,840412771306188301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,8777180604216997661,840412771306188301,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2180,8777180604216997661,840412771306188301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2180,8777180604216997661,840412771306188301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2180,8777180604216997661,840412771306188301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=2180,8777180604216997661,840412771306188301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,8777180604216997661,840412771306188301,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,8777180604216997661,840412771306188301,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,8777180604216997661,840412771306188301,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2776 /prefetch:2
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\IECFIEGDBKJK" & exit
C:\Windows\SysWOW64\timeout.exe
timeout /t 10
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.27.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mYbjAvywFosZBhLDuXPQzfkfV.mYbjAvywFosZBhLDuXPQzfkfV | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.me | udp |
| NL | 149.154.167.99:443 | t.me | tcp |
| US | 8.8.8.8:53 | votae.top | udp |
| US | 8.8.8.8:53 | 99.167.154.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.249.124.192.in-addr.arpa | udp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| US | 8.8.8.8:53 | e5.o.lencr.org | udp |
| GB | 2.23.210.82:80 | e5.o.lencr.org | tcp |
| US | 8.8.8.8:53 | 32.169.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.251.201.195.in-addr.arpa | udp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| US | 8.8.8.8:53 | 82.210.23.2.in-addr.arpa | udp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ogads-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| GB | 216.58.213.10:443 | ogads-pa.googleapis.com | udp |
| GB | 216.58.201.110:443 | apis.google.com | udp |
| GB | 216.58.213.10:443 | ogads-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | udp |
| GB | 172.217.16.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| GB | 216.58.201.110:443 | clients2.google.com | udp |
| GB | 216.58.201.110:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 195.201.251.31:443 | votae.top | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 195.201.251.31:443 | votae.top | tcp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.21:443 | nw-umwatson.events.data.microsoft.com | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| US | 8.8.8.8:53 | 21.173.189.20.in-addr.arpa | udp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| N/A | 127.0.0.1:9223 | tcp | |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| DE | 195.201.251.31:443 | votae.top | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\List
| MD5 | e73430fed8b772ee346e05ace0cbb3a2 |
| SHA1 | f5a89b962504408636e64c6d3d171ab50e1de8a6 |
| SHA256 | 35b8c8e6ffaacab2cf18bd3dbe5e2de44ce9652c7a4a2e6b59a5522c88b4db95 |
| SHA512 | 43ba88788330bda0d7314e8eecd5ea4c452c926984887401ad40f591da08899385bd536df2b9658240b82e9f77e8e88b9cdb82f0cb7ac963b0b758fc8cf3398c |
C:\Users\Admin\AppData\Local\Temp\Phys
| MD5 | a83b54819f8bb4640619ec47cefbd2e3 |
| SHA1 | dc54b87e4d6b4ea47e76476c3a21a8bbf45d208c |
| SHA256 | 3392ddff8c2e92168709742131843bcc7c87ae7e519ba8b4e59c4a0da63e4b89 |
| SHA512 | ff3a7b4ab7609cbdd329203d4a58f4cc3c3da6ba6767f11635cbf71c94efd0c994a3c50202d55540bd28138dc2a2c417a263ad946dc0963a8ef2b8787f1a4413 |
C:\Users\Admin\AppData\Local\Temp\Graph
| MD5 | 9544c3c85a44d02cae05f426dba03d5a |
| SHA1 | d1318a16e0bfcc5ceb26c304f35e625f11fb2e79 |
| SHA256 | ff79936cfcf0abc704659ed5b0c1db7c367a78d09ffb9a459e082f48758264bb |
| SHA512 | 79c2ec200c0fa14ce324176f34f4a44f596ed77c8a28452a89e59e6db4692541a4cce98b3a39d91db1a2c358cd297f1cc00c1bda18399d9f8cfb47fbd9c5f2b7 |
C:\Users\Admin\AppData\Local\Temp\Particle
| MD5 | 7e35268f9e5a77094daa410be23e44bb |
| SHA1 | 0f279144a2338f9808a6079058eb6d0ad1db39ac |
| SHA256 | 5354833f3b8d7130b391fcc6e56d8a2a29e5eb55980c7d485ee8713e4d8c89cf |
| SHA512 | 6d66920f3b1545c7412e66c6676ccf126978803a78f062d5a6b80d0787f05f4d42ebf49b48c491dc5d61e1b175bb67c87dbb2e1b818112b1633eab0997f3baf7 |
C:\Users\Admin\AppData\Local\Temp\Watt
| MD5 | c1417dd7a4f57927835f9dc4bd5d161b |
| SHA1 | 8985d33327cba9bd6adee01ee8755f1d40b87932 |
| SHA256 | c2165e8373253cab652528f0511b623bbea4037d211936d3cf613090a1cdd3ba |
| SHA512 | 4618dc37ac68d55dd15cf0199d894ee6c2c3387e93d51dc7b466c63e97da30b04154d001f7d9f1578e9212111ea4c49a57109880ccf6b53d21ccbbd433ff6a00 |
C:\Users\Admin\AppData\Local\Temp\Reel
| MD5 | 71a1d80c1c0d09598aa3bdb89bb916fc |
| SHA1 | 8114685210d3627e3e788133cfd8e421344add0f |
| SHA256 | 320d3ba624db4a583f95c0f43e226246823224b4664d71bd7a774d2314b8f3de |
| SHA512 | 8892c6533a65bc1a752cc387c63935fb7f3f59f31aa7512d4b68f43f2b6bfefa4353ca0c5ad01d48fe9429ee5d07a381f7f6a1abec289033140d1a6e1015bac0 |
C:\Users\Admin\AppData\Local\Temp\Colours
| MD5 | 6f6be76a0dc7e40a48dea1b4b627c6fe |
| SHA1 | c659ade9e22bfb1472c8e3964d66f66e21b48976 |
| SHA256 | 9be563f70ec4e53e5a7ef93e435c565afd4fdd766247217307f13dc0fad83257 |
| SHA512 | 06e8451799656751d7fb10adfd2225603f377a8a5e43d6a484ec4b0ca449d93912e5c3be4aa610bf18c9366710ee82cd37e584561cd80145d4816ba3a365e23b |
C:\Users\Admin\AppData\Local\Temp\Th
| MD5 | fd51fde362fa58526a959290644a357c |
| SHA1 | bd2fa0c67d01a6b46a5280b79ca95d899abcca55 |
| SHA256 | f7b805e776026b2ac8efb05212858fec60084e1f5c85c408b8b5aaf7d63c362d |
| SHA512 | 8fe073748d315d288d1b63b9bd69d66b7cc946240f7e5ab04f2c87ab010325b86611c0045e0c2d96693a65df51d66102a8c9e5fc22976b22d88963aa564f1293 |
C:\Users\Admin\AppData\Local\Temp\Walks
| MD5 | 4e08d104a885b2fc68f87012b213dac5 |
| SHA1 | cc36ead0dd87bc6d5c9274107f4946a48b1a0f7d |
| SHA256 | ecb370f7ee955af6363a24c036cbf83e29818b54804d508778dbf89cd9478db8 |
| SHA512 | c76575ee85e2c768934235a5a1436521c1fb379402b5933501dacd4ac2727f599a55c6f2cdbb79ba3e3135f67f313c77df6bd74df41fcc385d5f4c4e3a7a471f |
C:\Users\Admin\AppData\Local\Temp\Fires
| MD5 | aba7e7380e48c24866740ff22eab2797 |
| SHA1 | 4707a8a80793985e49c56c787cd540fb2ef8d7d7 |
| SHA256 | c41beff691522fe522cb197509ebca3e1922fb853bca578353bacfa6b9b2e76e |
| SHA512 | 0cb8524187d1e349366538ddd4a2db5e962997b5817476da3a4e15c72500944a8321489d1208adf65fcda5c144db309fd7d059af3f479624a11ce3f14245386b |
C:\Users\Admin\AppData\Local\Temp\B
| MD5 | 813623fef4fc3598586163fe0e32b58d |
| SHA1 | 72e58713ffa3b9ca31b8233a54210830385d935e |
| SHA256 | ceac9db58859eaa3887a614adf65a767c2f5127b420d153982cb536fa3851360 |
| SHA512 | 16008b825dc59bd2a7814045dcd73da008f0788bbbba7a95cf8d834e7768265fa99c3bb4214b3aad81e721f758ae5f5c91ba411f2bac93594e1d3403a631b7f7 |
C:\Users\Admin\AppData\Local\Temp\Telephone
| MD5 | e0aeb372a59033b33e86e336050912b3 |
| SHA1 | 08dfdbeb1b934408c1c18bba3277306661c3c419 |
| SHA256 | 60a52e926ddab397d29cd866d25239a8b6b474152901181152987cc5537df24d |
| SHA512 | 5752401d487c0369684e8f5b179b5571a7584089c5029288a6393f9008164f8ea53347a84e1ad6be6cd286a63fe63301a31785b2ffd62e81f2aca40640fe722c |
C:\Users\Admin\AppData\Local\Temp\Commissioner
| MD5 | 4d9bbaf20064cc706915a5f08c490e12 |
| SHA1 | 532bec59a472644f7d80482e44c9aacf300ee808 |
| SHA256 | a6fe61e5a1a5bac30c4a92a3cb05e0ae4cfcfa225954aa59210f249e980b199d |
| SHA512 | 69eaf4aad8a3d42af23e626d23fce6c50c8329a23f6e5010b045312c2bf8a3cd0e17e6f478e207d64bf27c613effd89d51375c752401ce55f981cba5283f2f8b |
C:\Users\Admin\AppData\Local\Temp\Vc
| MD5 | d58f412c0608af2b7d9230b8af1c6ca8 |
| SHA1 | 7239b104825828dcf7ffd6172d9e370e99ea2975 |
| SHA256 | 782d31412eac898866880132e32638592f36b6219a19e682ccd4a85552581a01 |
| SHA512 | 94434b737b0f128e058f38e360ce80b6a447149a176d5fce2caa06162e0001f1dd7d56f25c8d7fd6c0e07ff6ed1ec55fbdb5d9b3bd82ed62db8c10b324f7ba40 |
C:\Users\Admin\AppData\Local\Temp\Tigers
| MD5 | fe10c257f3d7eefd76a9ea96917b3dac |
| SHA1 | 8150e95eff9f15bef4f1c744022755b11a9ce6ff |
| SHA256 | bf1045e5fe1a84579c823e2f07ee272f09db5167a029db019af20cb2fd12c943 |
| SHA512 | 21069c0285f21ecaf140e107e7214c76eff59fd8efbd5344835b3dbfa5a0aecee6e4676cffec95ce81d229aa75bdbbde424a87e37179efbb90b98781d1cd1397 |
C:\Users\Admin\AppData\Local\Temp\Optional
| MD5 | 2e0cbfc717a59ff4d40477dca3c47505 |
| SHA1 | 682293c207567df1c6a83543e46117bc5fa756a6 |
| SHA256 | 5cfbe754f8b85189fc063b08277820912c9c88fb0cb0b9330d2c2a2246fe0aa1 |
| SHA512 | 13e7d4268f8a7d7e745be1c5239bff791881e31bccc5f423c30536ff420d577b378f3411f340c759804df24c43a5924bddab5197aae4b442692bf1e5fb8e7cc1 |
C:\Users\Admin\AppData\Local\Temp\Maldives
| MD5 | 453f52e664b31a955f4349ecb45a559f |
| SHA1 | d04ce1e3508478f7a41d4d3713b90c94bed94f93 |
| SHA256 | c65690e2c56db99f8915548823c9edd68020416271ffaf2d4291024de644c9b4 |
| SHA512 | 2ad18152b4b4642832d7b6b172d7cd94d9fd9c2e60d7f5597c3d20840a9442b7dd3cd770fba84627d2ed83f7c639942749b9f2de0914f167250b3964350338ec |
C:\Users\Admin\AppData\Local\Temp\Applicant
| MD5 | f4159fd7a4aa23ff1af3f83184c7b591 |
| SHA1 | f169d89a439745fbe04996eae64286466996d6e4 |
| SHA256 | 1964e48f3e0b4ecb562783680f23b71a0290a607958e40f22f600d829103ea38 |
| SHA512 | c0358c489dc3ec763ebc6bae6de9047fe36387b3817163a131e13bffde4fc0dbad5bde53a8967b2f8e6d64356fdf16d6a0fcffdfe749b41982c2607f5ec62c98 |
C:\Users\Admin\AppData\Local\Temp\Trinidad
| MD5 | 99e50eae127dee9a187a3479bffb2611 |
| SHA1 | f2feb6779af7e2f36ff75d55708498eea0dc75dd |
| SHA256 | 8fdcf3f130fdc46abae2a437e6922bcd849d0ad535e10f7e338daa4f335596c5 |
| SHA512 | 8a998836f4a375ae4c5c31b733c9e9cf452e33d87b80a153944bb1a95a0bcf1a1d21f2854d6d5f343f636517b7ef4c578dd1a7a838ae375528cbdf38bfbf734a |
C:\Users\Admin\AppData\Local\Temp\6605\Alternatives.pif
| MD5 | 18ce19b57f43ce0a5af149c96aecc685 |
| SHA1 | 1bd5ca29fc35fc8ac346f23b155337c5b28bbc36 |
| SHA256 | d8b7c7178fbadbf169294e4f29dce582f89a5cf372e9da9215aa082330dc12fd |
| SHA512 | a0c58f04dfb49272a2b6f1e8ce3f541a030a6c7a09bb040e660fc4cd9892ca3ac39cf3d6754c125f7cd1987d1fca01640a153519b4e2eb3e3b4b8c9dc1480558 |
C:\Users\Admin\AppData\Local\Temp\6605\P
| MD5 | 6e06051a757d905f5fe32eda39c4e546 |
| SHA1 | 46361de4c63de69cc8c7d2b55ea7ad1c8c3fdf09 |
| SHA256 | 4d7df4553338d788a6ea13a139d4733f0ce791ef44207c48e9d5eedaa480f61f |
| SHA512 | fc2997135cfaa39d08a134e2ea5a3c3d0724f1b26c20ca351becd5cc48f234f19305eca4e9eb18c056960a718ad6267135302ab6af9775b424d5509f63f73b09 |
memory/1388-387-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-386-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-388-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-389-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-390-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-391-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-409-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-410-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-411-0x0000000010000000-0x000000001025F000-memory.dmp
C:\ProgramData\chrome.dll
| MD5 | eda18948a989176f4eebb175ce806255 |
| SHA1 | ff22a3d5f5fb705137f233c36622c79eab995897 |
| SHA256 | 81a4f37c5495800b7cc46aea6535d9180dadb5c151db6f1fd1968d1cd8c1eeb4 |
| SHA512 | 160ed9990c37a4753fc0f5111c94414568654afbedc05308308197df2a99594f2d5d8fe511fd2279543a869ed20248e603d88a0b9b8fb119e8e6131b0c52ff85 |
\??\pipe\crashpad_2008_HROZMQXTPXPBFCUX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 0c04fdffbabe092e2c30058918f00bb1 |
| SHA1 | 0a01b8b0e209987a22aafb99f563d059823fb8dc |
| SHA256 | 3d8ea48c3d540f5b8868822962d37fc5fffadbf041df9bc095c75af220ad3313 |
| SHA512 | 44fe4eaa3396a6268d6bee864d87702c09278c89e8f63579ade9718cdf3cbe3fdb7dc323c9293c3cb63e82d9398fef9bc03e0a34f26e14982d43933d656c3696 |
memory/1388-461-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-462-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-468-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-469-0x00000000043B0000-0x00000000046B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 443a627d539ca4eab732bad0cbe7332b |
| SHA1 | 86b18b906a1acd2a22f4b2c78ac3564c394a9569 |
| SHA256 | 1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9 |
| SHA512 | 923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 99afa4934d1e3c56bbce114b356e8a99 |
| SHA1 | 3f0e7a1a28d9d9c06b6663df5d83a65c84d52581 |
| SHA256 | 08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8 |
| SHA512 | 76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 226f48792c69c5a673c9cc81054d3d8f |
| SHA1 | 9a515b973b9cdc760a422a5cd5933c1ff7160fa0 |
| SHA256 | 5295253fbfd648514bfa845eda6d0bf63ff13d47c003aee2392970a3e89b4db5 |
| SHA512 | 79756c2e962c4adfaeaec215dec25443939c383ed680aace4c211b35cc350961f5cd87e30643b9cab90f090ecb20699b77bb8d22b727aa5808aa0cb0bc750b7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 78dab026be29b7d2a7e39b45b10c97c1 |
| SHA1 | b500c558f7fd1c0ff92bb8dc635e516cf1f4c0d1 |
| SHA256 | ec53a5641c7e5f4cd718576d4f13a025a5a182a116b9ad6a3e8595033674ce3f |
| SHA512 | 7d2190a95c4e7eff0c5709cd0d506dad7aeff135e221beae82ba76469e2eb1338986b1864b5c777834b2feb6bca6621c08588b3b36226e8fd9cfedaf4f6566df |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\31838487-713f-4d53-a005-ec7ad9f54901.dmp
| MD5 | fb5f124e43c4205d6b1043dffe4f4b58 |
| SHA1 | af40167353771019ee60c4bc72dd022e51ffee3e |
| SHA256 | 8b87b1093c9db727bb87b9b103af2360d05a1d4f6565e1cdb037fb98d2ff2689 |
| SHA512 | 4e14fc96f5ab02ccc248317760e022588624681816cc7f32abb76a384f35ed74081d5d683bf253d62e57ab0c7fb6201888e9fe90262884b9890a483c9fb7482a |
memory/1388-532-0x00000000043B0000-0x00000000046B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\bf65bda4-8a88-453a-bfe2-3364543754f3.dmp
| MD5 | 1b0c0bb6085fea67d1d29e778b1c9948 |
| SHA1 | aa75efa165f6c2214c2290284572bc35d78f8285 |
| SHA256 | dbc4cdbdfb233cd80ecf795bc9c8b6f4f1035b97e968db104d4ef8b4cae56c68 |
| SHA512 | b7143da477e4ce3ed476e7683c2ae1c4a587db897a4e27fd7084358081a23a9e6d85316ec6cc945f96669c81a79f25f481e822b3088cf623cb4801010e3070b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2557f0b4dc28be43e82e2efd29bd3d5b |
| SHA1 | 458f160f22a4e678fdd98ecd148b6f5e983ec11c |
| SHA256 | 78026c5dbd1ae78314701f2de96f6b0bfa63fe1a9482da8058e4647c4b2705e7 |
| SHA512 | d8106ccbbd3cc3409e6ca888c42729a5bbbdce4aa2e9bec975c3e258126443b889db5565e3ca4236df9f2b4b1791cb7f5c7d76067756d54281815798a5dcfb37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\a9c698a8-cf00-42e0-9dbd-7c0ba50f9fda.dmp
| MD5 | d2d856f33a46c50c1dd6a6d87c0caad0 |
| SHA1 | ba8e554bcffdc20fc3acefb2cda85db30b9a222e |
| SHA256 | a4777520b7e15e35b983814779c266cf755bfb9d0fa6aa8b23bbb7b096c54774 |
| SHA512 | 1fb0ecc4438d2b52c2eff90944f9d0ed9abbf1efe2cb661c940fb78bcf40ea31ef92c41081d23809bc1ebef48cf3a639b92ce07dc69f180b7f0d9430eb812cc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/1388-615-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-621-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-622-0x00000000043B0000-0x00000000046B0000-memory.dmp
C:\ProgramData\nss3.dll
| MD5 | 1cc453cdf74f31e4d913ff9c10acdde2 |
| SHA1 | 6e85eae544d6e965f15fa5c39700fa7202f3aafe |
| SHA256 | ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5 |
| SHA512 | dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571 |
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
memory/1388-644-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-645-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-652-0x00000000043B0000-0x00000000046B0000-memory.dmp
memory/1388-653-0x00000000043B0000-0x00000000046B0000-memory.dmp