Resubmissions
11/03/2025, 15:04
250311-sfzq8swmt5 811/03/2025, 14:20
250311-rnmwzavmx7 811/03/2025, 13:45
250311-q2pr2svyby 810/03/2025, 19:09
250310-xtytbavzcs 810/03/2025, 19:01
250310-xplyysvxhz 810/03/2025, 18:29
250310-w42ghstps7 810/03/2025, 15:21
250310-srpqeazshz 410/03/2025, 14:53
250310-r9d6ysyxdv 810/03/2025, 14:46
250310-r5e8fsywes 609/03/2025, 18:14
250309-wvp25axvd1 10Analysis
-
max time kernel
897s -
max time network
900s -
platform
windows11-21h2_x64 -
resource
win11-20250218-en -
resource tags
-
submitted
10/03/2025, 14:53
General
-
Target
test.txt
-
Size
18B
-
MD5
5b3f97d48c8751bd031b7ea53545bdb6
-
SHA1
88be3374c62f23406ec83bb11279f8423bd3f88d
-
SHA256
d8fce9dd9c65ca143343f7711859a7cffc3c5e656a8b84108183fb769a12ed8b
-
SHA512
ed2de1eec50310ced4bde8ef6ae4b7902920b007df7b6aeb200cfe9fcc0d36ef05af7526c4675be2feac52831668798d5fe3523175efad6f6549b30f30a0b5d6
Score
8/10
Malware Config
Signatures
-
Boot or Logon Autostart Execution: Active Setup 2 TTPs 6 IoCs
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory 9 IoCs
-
Executes dropped EXE 21 IoCs
-
Loads dropped DLL 30 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs
-
Drops file in System32 directory 64 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 44 IoCs
-
Launches sc.exe 2 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
-
Program crash 15 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 24 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 7 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 51 IoCs
-
Suspicious use of SetWindowsHookEx 18 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\test.txt1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\test.txt2⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4088,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:141⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3b0bcc40,0x7ffc3b0bcc4c,0x7ffc3b0bcc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,4588785871285769658,7146802241331777825,262144 --variations-seed-version=20250217-180411.635000 --mojo-platform-channel-handle=1832 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,4588785871285769658,7146802241331777825,262144 --variations-seed-version=20250217-180411.635000 --mojo-platform-channel-handle=2128 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,4588785871285769658,7146802241331777825,262144 --variations-seed-version=20250217-180411.635000 --mojo-platform-channel-handle=2200 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,4588785871285769658,7146802241331777825,262144 --variations-seed-version=20250217-180411.635000 --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,4588785871285769658,7146802241331777825,262144 --variations-seed-version=20250217-180411.635000 --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,4588785871285769658,7146802241331777825,262144 --variations-seed-version=20250217-180411.635000 --mojo-platform-channel-handle=4484 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4616,i,4588785871285769658,7146802241331777825,262144 --variations-seed-version=20250217-180411.635000 --mojo-platform-channel-handle=4604 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4620,i,4588785871285769658,7146802241331777825,262144 --variations-seed-version=20250217-180411.635000 --mojo-platform-channel-handle=4740 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,4588785871285769658,7146802241331777825,262144 --variations-seed-version=20250217-180411.635000 --mojo-platform-channel-handle=4700 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,4588785871285769658,7146802241331777825,262144 --variations-seed-version=20250217-180411.635000 --mojo-platform-channel-handle=4976 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3704,i,4588785871285769658,7146802241331777825,262144 --variations-seed-version=20250217-180411.635000 --mojo-platform-channel-handle=4312 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4416,i,4588785871285769658,7146802241331777825,262144 --variations-seed-version=20250217-180411.635000 --mojo-platform-channel-handle=5256 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4448,i,4588785871285769658,7146802241331777825,262144 --variations-seed-version=20250217-180411.635000 --mojo-platform-channel-handle=3548 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4296,i,4588785871285769658,7146802241331777825,262144 --variations-seed-version=20250217-180411.635000 --mojo-platform-channel-handle=4668 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1832 -prefsLen 27421 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {362fd2dd-fe6a-4726-8a2a-893a8b7d121c} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" gpu3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 27299 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc7c0b1f-aae1-41bc-be58-776aab88acb6} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" socket3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3220 -childID 1 -isForBrowser -prefsHandle 3292 -prefMapHandle 3264 -prefsLen 27440 -prefMapSize 244658 -jsInitHandle 1044 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79ad4b8f-aa35-48e5-85b4-2134f732dfb4} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3664 -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3572 -prefsLen 32673 -prefMapSize 244658 -jsInitHandle 1044 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33eea53d-cf39-46f4-9066-7b5c2de82ca0} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4472 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4440 -prefMapHandle 1232 -prefsLen 32673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef72f13e-52a4-4a0a-8605-f2c4637c708c} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" utility3⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5376 -prefMapHandle 5308 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1044 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {533b52a0-fc2b-40b4-b7a3-5aa114d02597} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 4 -isForBrowser -prefsHandle 5496 -prefMapHandle 5500 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1044 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a2902e0-cc82-40a3-ad51-3af81587c46a} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" tab3⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5776 -childID 5 -isForBrowser -prefsHandle 5600 -prefMapHandle 5700 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1044 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {933b865f-6c25-46d7-ac8a-acfd9f22a328} 4912 "\\.\pipe\gecko-crash-server-pipe.4912" tab3⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --always-read-main-dll --field-trial-handle=764,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=1016 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --always-read-main-dll --field-trial-handle=3976,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=3944 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --always-read-main-dll --field-trial-handle=3808,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=5636,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:141⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=5648,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=5692 /prefetch:141⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --always-read-main-dll --field-trial-handle=6288,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6272 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --string-annotations --always-read-main-dll --field-trial-handle=6600,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6552 /prefetch:141⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6744,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6752 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6716,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --always-read-main-dll --field-trial-handle=7076,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=7100 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --always-read-main-dll --field-trial-handle=7012,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6836 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --always-read-main-dll --field-trial-handle=7048,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=7212 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --always-read-main-dll --field-trial-handle=4624,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --always-read-main-dll --field-trial-handle=7216,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --always-read-main-dll --field-trial-handle=6992,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --always-read-main-dll --field-trial-handle=5160,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6136 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --always-read-main-dll --field-trial-handle=6124,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --always-read-main-dll --field-trial-handle=6392,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=1016 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --string-annotations --always-read-main-dll --field-trial-handle=7668,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=7640 /prefetch:141⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --always-read-main-dll --field-trial-handle=7676,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=7664 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --always-read-main-dll --field-trial-handle=8136,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8144 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --always-read-main-dll --field-trial-handle=8320,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8296 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --always-read-main-dll --field-trial-handle=8452,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8332 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=7300,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=7376 /prefetch:141⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --always-read-main-dll --field-trial-handle=7480,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8680 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --always-read-main-dll --field-trial-handle=8636,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8620 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --always-read-main-dll --field-trial-handle=8604,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8864 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=5128,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8600 /prefetch:141⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --always-read-main-dll --field-trial-handle=5324,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --always-read-main-dll --field-trial-handle=9072,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8740 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --always-read-main-dll --field-trial-handle=6944,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8836 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --always-read-main-dll --field-trial-handle=7352,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8848 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --always-read-main-dll --field-trial-handle=9232,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=9284 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --always-read-main-dll --field-trial-handle=9460,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=9472 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --always-read-main-dll --field-trial-handle=5328,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=7684 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --always-read-main-dll --field-trial-handle=8796,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8304 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --always-read-main-dll --field-trial-handle=9456,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=4344 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=10236,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=7856 /prefetch:141⤵
- NTFS ADS
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=65 --always-read-main-dll --field-trial-handle=9604,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=9212 /prefetch:11⤵
-
C:\Windows\System32\msiexec.exe"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\OpenVPN-2.6.13-I002-amd64.msi"1⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 7DAB52B682E4ECCE9AB4005F6B844492 C2⤵
- Loads dropped DLL
-
C:\Program Files\OpenVPN\bin\openvpn-gui.exe"C:\Program Files\OpenVPN\bin\openvpn-gui.exe"3⤵
- Executes dropped EXE
- Modifies registry class
- NTFS ADS
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\OpenVPN\bin\openvpn.exeopenvpn --version4⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
-
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding 16C2427B1766E63133C9780926C0F7F12⤵
- Loads dropped DLL
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding C3CDE31B6479C625D931ACBE0040F42F E Global\MSI00002⤵
- Boot or Logon Autostart Execution: Active Setup
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Windows\System32\netsh.exenetsh interface set interface name="Local Area Connection" newname="OpenVPN Wintun"3⤵
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\System32\netsh.exenetsh interface set interface name="Local Area Connection" newname="OpenVPN TAP-Windows6"3⤵
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\System32\netsh.exenetsh interface set interface name="Local Area Connection" newname="OpenVPN Data Channel Offload"3⤵
- Event Triggered Execution: Netsh Helper DLL
-
-
C:\Windows\System32\sc.exe"C:\Windows\System32\sc.exe" config OpenVPNService start= auto3⤵
- Launches sc.exe
-
-
C:\Windows\System32\sc.exe"C:\Windows\System32\sc.exe" start OpenVPNService3⤵
- Launches sc.exe
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV14⤵
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --always-read-main-dll --field-trial-handle=10272,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=10404 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --always-read-main-dll --field-trial-handle=10440,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=7860 /prefetch:11⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --always-read-main-dll --field-trial-handle=10688,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=10912 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --always-read-main-dll --field-trial-handle=10720,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=10916 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --always-read-main-dll --field-trial-handle=10656,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=10940 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --always-read-main-dll --field-trial-handle=10752,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=10960 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --always-read-main-dll --field-trial-handle=10776,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11000 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --always-read-main-dll --field-trial-handle=10660,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=10920 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --always-read-main-dll --field-trial-handle=10700,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=10928 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --always-read-main-dll --field-trial-handle=10824,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11048 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --always-read-main-dll --field-trial-handle=10804,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=10932 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --always-read-main-dll --field-trial-handle=11008,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11780 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --always-read-main-dll --field-trial-handle=11020,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11880 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --always-read-main-dll --field-trial-handle=10800,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=9780 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --always-read-main-dll --field-trial-handle=7660,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=10268 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --always-read-main-dll --field-trial-handle=9820,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12184 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --always-read-main-dll --field-trial-handle=12344,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12324 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --always-read-main-dll --field-trial-handle=12364,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12504 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --always-read-main-dll --field-trial-handle=9824,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12644 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --always-read-main-dll --field-trial-handle=7380,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8876 /prefetch:11⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "1" "C:\Windows\Temp\1f1340d95c844144057e6601796f94625c06f941f74dc8f33d3ba2d8d7dd675b\wintun.inf" "9" "427961067" "0000000000000148" "WinSta0\Default" "0000000000000158" "208" "C:\Windows\Temp\1f1340d95c844144057e6601796f94625c06f941f74dc8f33d3ba2d8d7dd675b"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "1" "C:\Windows\Temp\3111833a68c992903dfe278ad27d429b4cdcbafbbcf5859e8289ab504053ee3a\OemVista.inf" "9" "4a6b148f3" "0000000000000164" "WinSta0\Default" "0000000000000160" "208" "C:\Windows\Temp\3111833a68c992903dfe278ad27d429b4cdcbafbbcf5859e8289ab504053ee3a"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "1" "C:\Program Files\Common Files\ovpn-dco\Win11\ovpn-dco.inf" "9" "4e746adf3" "0000000000000160" "WinSta0\Default" "0000000000000170" "208" "C:\Program Files\Common Files\ovpn-dco\Win11"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "11" "ROOT\NET\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:9ef34515d755ec66:Wintun.Install:0.8.0.0:wintun," "42b53aaff" "0000000000000154" "b2f4"2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "11" "ROOT\NET\0001" "C:\Windows\INF\oem4.inf" "oem4.inf:3beb73aff103cc24:tap0901.ndi:9.27.0.0:root\tap0901," "433338203" "0000000000000174" "b2f4"2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "11" "ROOT\NET\0002" "C:\Windows\INF\oem5.inf" "oem5.inf:c695c3de07ba2b5d:ovpn-dco_Device:1.2.1.0:ovpn-dco," "43b135903" "0000000000000180" "b2f4"2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman1⤵
- Modifies data under HKEY_USERS
-
C:\Program Files\OpenVPN\bin\openvpnserv.exe"C:\Program Files\OpenVPN\bin\openvpnserv.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Program Files\OpenVPN\bin\openvpn.exeopenvpn --log "C:\Users\Admin\OpenVPN\log\dsdasdadsddsfr.first.log" --config "dsdasdadsddsfr.first.ovpn" --setenv IV_GUI_VER "OpenVPN GUI 11.51.0.0" --setenv IV_SSO openurl,webauth,crtext --service 1ec800000f30 0 --auth-retry interact --management 127.0.0.1 25340 stdin --management-query-passwords --management-hold --pull-filter ignore route-method --msg-channel 5082⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\OpenVPN\bin\openvpn.exeopenvpn --log "C:\Users\Admin\OpenVPN\log\dsdasdadsddsfr.first (1).log" --config "dsdasdadsddsfr.first (1).ovpn" --setenv IV_GUI_VER "OpenVPN GUI 11.51.0.0" --setenv IV_SSO openurl,webauth,crtext --service 1ec800001374 0 --auth-retry interact --management 127.0.0.1 25341 stdin --management-query-passwords --management-hold --pull-filter ignore route-method --msg-channel 5362⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Program Files\OpenVPN\bin\openvpnserv2.exe"C:\Program Files\OpenVPN\bin\openvpnserv2.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=7572,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=5816 /prefetch:141⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=7564,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=2612 /prefetch:141⤵
- NTFS ADS
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --always-read-main-dll --field-trial-handle=8380,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:11⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --string-annotations --always-read-main-dll --field-trial-handle=6784,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8916 /prefetch:141⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --always-read-main-dll --field-trial-handle=6848,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=10384 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --always-read-main-dll --field-trial-handle=10948,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11576 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --always-read-main-dll --field-trial-handle=11060,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12476 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --always-read-main-dll --field-trial-handle=10416,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=9548 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=11936,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=4296 /prefetch:141⤵
- NTFS ADS
-
C:\Users\Admin\Downloads\Remcos-v6.1.0-Light\Remcos v6.1.0 Light.exe"C:\Users\Admin\Downloads\Remcos-v6.1.0-Light\Remcos v6.1.0 Light.exe"1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --always-read-main-dll --field-trial-handle=12072,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8920 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --always-read-main-dll --field-trial-handle=12436,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11412 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=97 --always-read-main-dll --field-trial-handle=11364,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11208 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --always-read-main-dll --field-trial-handle=12264,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12556 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --always-read-main-dll --field-trial-handle=12252,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12600 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --always-read-main-dll --field-trial-handle=12300,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12528 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --always-read-main-dll --field-trial-handle=12280,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12580 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --always-read-main-dll --field-trial-handle=12304,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11400 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --always-read-main-dll --field-trial-handle=12012,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12576 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --always-read-main-dll --field-trial-handle=12232,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12584 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --always-read-main-dll --field-trial-handle=10280,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12768 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=106 --always-read-main-dll --field-trial-handle=8608,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=7356 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=107 --always-read-main-dll --field-trial-handle=7284,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12752 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=108 --always-read-main-dll --field-trial-handle=6996,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6916 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=109 --always-read-main-dll --field-trial-handle=9008,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6404 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --always-read-main-dll --field-trial-handle=12444,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11512 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=111 --always-read-main-dll --field-trial-handle=8744,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11100 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=112 --always-read-main-dll --field-trial-handle=7232,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8980 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=113 --always-read-main-dll --field-trial-handle=11956,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11908 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=114 --always-read-main-dll --field-trial-handle=10768,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11944 /prefetch:11⤵
-
C:\Users\Admin\Downloads\Remcos-v6.1.0-Light\remcos_a.exe"C:\Users\Admin\Downloads\Remcos-v6.1.0-Light\remcos_a.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 5682⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3784 -ip 37841⤵
-
C:\Users\Admin\Desktop\remcos_b.exe"C:\Users\Admin\Desktop\remcos_b.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 5682⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4900 -ip 49001⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=5752,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=10116 /prefetch:141⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=116 --always-read-main-dll --field-trial-handle=7120,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=117 --always-read-main-dll --field-trial-handle=12328,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=5908 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=11800,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:141⤵
- NTFS ADS
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --string-annotations --always-read-main-dll --field-trial-handle=5352,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:141⤵
-
C:\Users\Admin\Desktop\1.exe"C:\Users\Admin\Desktop\1.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 5682⤵
- Program crash
-
-
C:\Users\Admin\Desktop\remcos_b.exe"C:\Users\Admin\Desktop\remcos_b.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 5442⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4192 -ip 41921⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 6120 -ip 61201⤵
-
C:\Users\Admin\Desktop\1.exe"C:\Users\Admin\Desktop\1.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 5442⤵
- Program crash
-
-
C:\Users\Admin\Desktop\remcos_b.exe"C:\Users\Admin\Desktop\remcos_b.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 5362⤵
- Program crash
-
-
C:\Users\Admin\Desktop\remcos_a.exe"C:\Users\Admin\Desktop\remcos_a.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 5802⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6516 -ip 65161⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 5744 -ip 57441⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 7740 -ip 77401⤵
-
C:\Users\Admin\Desktop\2.exe"C:\Users\Admin\Desktop\2.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 5682⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1476 -ip 14761⤵
-
C:\Users\Admin\Desktop\remcos_a.exe"C:\Users\Admin\Desktop\remcos_a.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 5482⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 7156 -ip 71561⤵
-
C:\Users\Admin\Desktop\1.exe"C:\Users\Admin\Desktop\1.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 5602⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 7940 -ip 79401⤵
-
C:\Users\Admin\Desktop\remcos_b.exe"C:\Users\Admin\Desktop\remcos_b.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 5362⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 380 -p 6428 -ip 64281⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffc3b0bcc40,0x7ffc3b0bcc4c,0x7ffc3b0bcc582⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1848,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=1844 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2072,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=2128 /prefetch:32⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=2224 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=3264 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=3292 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4424,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=3584 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3780,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=4604 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4584,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=4744 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4872,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=4688 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4988,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=4588 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5188,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=5204 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=4480 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4472,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=4068 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5336,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=5632 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5612,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=5624 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4944,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=4480 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5144,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=5432 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5004,i,3119288509954752460,17121864144328174739,262144 --variations-seed-version=20250309-183315.488000 --mojo-platform-channel-handle=4460 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url mailto:[email protected]3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1824 -parentBuildID 20240401114208 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 27326 -prefMapSize 244741 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f4cc2e2-08a9-4b58-ac41-3a8d0584f2be} 6028 "\\.\pipe\gecko-crash-server-pipe.6028" gpu4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2204 -parentBuildID 20240401114208 -prefsHandle 2184 -prefMapHandle 2172 -prefsLen 27326 -prefMapSize 244741 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8087804e-d999-455f-bbbf-7a9abdf525a2} 6028 "\\.\pipe\gecko-crash-server-pipe.6028" socket4⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3268 -childID 1 -isForBrowser -prefsHandle 2900 -prefMapHandle 3200 -prefsLen 23020 -prefMapSize 244741 -jsInitHandle 1096 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f64cd97f-2d7b-4be3-859a-404c367b511b} 6028 "\\.\pipe\gecko-crash-server-pipe.6028" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2912 -childID 2 -isForBrowser -prefsHandle 3580 -prefMapHandle 2476 -prefsLen 33001 -prefMapSize 244741 -jsInitHandle 1096 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbcb30b4-2b8c-4f58-a902-58547e1894f9} 6028 "\\.\pipe\gecko-crash-server-pipe.6028" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4532 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4480 -prefMapHandle 4524 -prefsLen 33001 -prefMapSize 244741 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43f5438d-48b1-4326-b5a8-e4bcd972398d} 6028 "\\.\pipe\gecko-crash-server-pipe.6028" utility4⤵
- Checks processor information in registry
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5140 -childID 3 -isForBrowser -prefsHandle 5132 -prefMapHandle 5128 -prefsLen 27419 -prefMapSize 244741 -jsInitHandle 1096 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {205339e2-b6f8-4bdf-8369-92d7333d74b1} 6028 "\\.\pipe\gecko-crash-server-pipe.6028" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5272 -childID 4 -isForBrowser -prefsHandle 5280 -prefMapHandle 5284 -prefsLen 27419 -prefMapSize 244741 -jsInitHandle 1096 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81d64840-fd33-41e6-849a-b131387c2f72} 6028 "\\.\pipe\gecko-crash-server-pipe.6028" tab4⤵
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 5 -isForBrowser -prefsHandle 5564 -prefMapHandle 5560 -prefsLen 27419 -prefMapSize 244741 -jsInitHandle 1096 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5628fbb-5117-4ea6-a7cd-748530c57b4d} 6028 "\\.\pipe\gecko-crash-server-pipe.6028" tab4⤵
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=120 --always-read-main-dll --field-trial-handle=11340,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --string-annotations --always-read-main-dll --field-trial-handle=12112,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:141⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=123 --always-read-main-dll --field-trial-handle=6720,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=5884 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=124 --always-read-main-dll --field-trial-handle=11696,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11660 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=125 --always-read-main-dll --field-trial-handle=11900,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12164 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=126 --always-read-main-dll --field-trial-handle=12812,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8948 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=127 --always-read-main-dll --field-trial-handle=8424,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12036 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=128 --always-read-main-dll --field-trial-handle=12992,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=13000 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=129 --always-read-main-dll --field-trial-handle=6636,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=13144 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=130 --always-read-main-dll --field-trial-handle=13136,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6656 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=131 --always-read-main-dll --field-trial-handle=11728,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=10604 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=132 --always-read-main-dll --field-trial-handle=12060,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=7204 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=133 --always-read-main-dll --field-trial-handle=4208,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=134 --always-read-main-dll --field-trial-handle=6612,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=7636 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=135 --always-read-main-dll --field-trial-handle=11048,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12976 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=136 --always-read-main-dll --field-trial-handle=13100,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8464 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=137 --always-read-main-dll --field-trial-handle=11224,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12912 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=138 --always-read-main-dll --field-trial-handle=12780,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12792 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=139 --always-read-main-dll --field-trial-handle=12204,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11672 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=140 --always-read-main-dll --field-trial-handle=6032,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --string-annotations --always-read-main-dll --field-trial-handle=6812,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6700 /prefetch:121⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004DC1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=142 --always-read-main-dll --field-trial-handle=12960,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=13144 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=143 --always-read-main-dll --field-trial-handle=11988,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=144 --always-read-main-dll --field-trial-handle=7592,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=145 --always-read-main-dll --field-trial-handle=13536,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=13600 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=146 --always-read-main-dll --field-trial-handle=13884,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=13820 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=147 --always-read-main-dll --field-trial-handle=13784,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=13764 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=148 --always-read-main-dll --field-trial-handle=13736,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=13668 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=149 --always-read-main-dll --field-trial-handle=5912,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=13748 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=150 --always-read-main-dll --field-trial-handle=14076,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=14100 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=151 --always-read-main-dll --field-trial-handle=13340,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=13644 /prefetch:11⤵
-
C:\Users\Admin\Desktop\1.exe"C:\Users\Admin\Desktop\1.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 5362⤵
- Program crash
-
-
C:\Users\Admin\Desktop\remcos_b.exe"C:\Users\Admin\Desktop\remcos_b.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 5362⤵
- Program crash
-
-
C:\Users\Admin\Desktop\remcos_a.exe"C:\Users\Admin\Desktop\remcos_a.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 5362⤵
- Program crash
-
-
C:\Users\Admin\Desktop\2.exe"C:\Users\Admin\Desktop\2.exe"1⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 5362⤵
- Program crash
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3776 -ip 37761⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 9012 -ip 90121⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 9052 -ip 90521⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5544 -ip 55441⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=152 --always-read-main-dll --field-trial-handle=3956,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=13856 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=153 --always-read-main-dll --field-trial-handle=13932,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=13920 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=154 --always-read-main-dll --field-trial-handle=9144,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8720 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=9156,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8612 /prefetch:141⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=156 --always-read-main-dll --field-trial-handle=6084,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=13688 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=157 --always-read-main-dll --field-trial-handle=12628,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=158 --always-read-main-dll --field-trial-handle=6668,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=10880 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --string-annotations --always-read-main-dll --field-trial-handle=13896,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=6536 /prefetch:141⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=160 --always-read-main-dll --field-trial-handle=14068,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8324 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=12584,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=8752 /prefetch:141⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=162 --always-read-main-dll --field-trial-handle=13948,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=11772 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=8464,i,8472368907592355691,7708928369085365785,262144 --variations-seed-version --mojo-platform-channel-handle=12644 /prefetch:141⤵
- NTFS ADS
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
2Active Setup
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Netsh Helper DLL
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
917KB
MD536996a7a1a1a5712f8799cd1cf8bfbaa
SHA10b03498350e13e8d79e1fdfb18f70b9a45e26bfb
SHA256f0ca7bad4281546ec47129230d13105f952cef42014bcb6fdf42521f568b411c
SHA512a60f09e01fd54532eafbff4d17a0801c6edd24b057f6576a8fdb6994cc4d207fe0cd9444e299fc7b74ec48a91edfd4aa56c68dde7d8b93b60da21780fe3db8f9
-
Filesize
11KB
MD58fd89f82a273cd3ed2f76f7f09cf30ae
SHA143bb4e81acac468715e874ab86521497ca2e9369
SHA2568c9456aeacd5566234519b5b34ceecd0f7ebb22f6813747e595f5945517ec438
SHA512f77ad5dca3f72701ab2b779e900d22fa3f0c3ca6b8713e25bb7d6d1480992518d66879b6315122c555b32be527fef7c86ead1d59244c955287d48c3132b684f0
-
Filesize
90KB
MD56b0722f0b6ed86877d96da4a57f3aa03
SHA185cd52a10a8be6ca807fb5f6e180a1b1a1554583
SHA2562c2958dac6f36922ae094705e058bf6470e1622b31318fb9fe0db5457e383f45
SHA51274c399af44e982bb02eeb103bc634d2b5923b5623625a87bd148b6dad1afc438775a00ecbcdeeb2adb13d04c3b1d23a92cd9ee815c89f1af4fdbb3eb8fc3f49b
-
Filesize
2KB
MD577da079a3665afc84d05c3d07bcaa0d0
SHA13fbfafe2c08100f5b46b792398c2ecb9157760e9
SHA2561f6c35bc11d910f91c32ea54894d0fddb0094876bdd526d04a9287d04d636242
SHA51210fcd8464c6aab386bf2f675175598764e0b784a898b7b450fef3d055ecf902c7a57ac0aef2725b9e6899146e4e9230c8677bfd2a8f18489b642fa6beca25507
-
Filesize
1.1MB
MD50cee566f2c2d798b4097f6914f57d5c8
SHA1c6a188d52c06516d5fa483cab93f8578b01c524a
SHA256ea1285ae791f1fd9c17d6e217dc06b1bfa9337f265e87192cc076b7ccaf09aaa
SHA512aa7008ee4be9d048abb50bd546d3c454f9af53cb7122f6ec77fc4f948cabbd7379684c03c89f269e94d15e417ca10c801aebb5d23aa9e65d1dad42af5f833bdb
-
Filesize
454B
MD52b7d47401bad3221ed6d92996d49f9f7
SHA1a3b8cbc667f5023e4a4dd8c50bc6ab78c51048de
SHA25618b542b3de918da103ea6d79f3be0c5af8349502dc9c673f2db5b6f05dc57d35
SHA512dceafceeff05a61fde179dbdf13bc2b1243ee756028b1c8a96e311f279effbd9e2567f65f8ae063841ca2c4961f6b522553b9c7095daa94898ff5ed048607aa5
-
Filesize
75KB
MD5fe311fcc29a019c380ce1804d5637d51
SHA1e8b0bb40fd0b2da77b6db5f9f12b8595765d6317
SHA2565f95e5558ce796448734407be8ce03df2c0e08ab658f3b2e1489b8cee83714ae
SHA51252292080f71a30402fbb05ef71e620639dee1000db9a1271fcbfe832b7f73c27d6fe2f4e0113a7d34aed188269ea55faaafb731cc887d506f2543bd99c8ae2b0
-
Filesize
23KB
MD5bc71317e0308cdbb60c144de84ab3c68
SHA101f4d0d5c856f9f283d93c7c909088e862679ec3
SHA256d1e995a2d32e7833a369aa849e8b877162e07c1a161c6dccb95ca2052fc8b1e7
SHA51217f2333020eb2375f79a4bcb4884662fba8129ada9de24e6d2ca51c623f0de16e6e7e5ba60a119b13474d6627b1807b466f886a414c120c5d0d85d7f71427ded
-
Filesize
52KB
MD5f8a8e9bd330996b3d2672c3a15f92f9c
SHA19269ace4cbc58387bae86a800a16eea312812ce1
SHA25674ac4e4a9a1aa4e4836ffc075829cbd6922d464849722f136894a02f5739ebf6
SHA512c4782a7f5bad197051e1deca0b3578d1a4e60800fcadea07664f6b07c0785a549f10baef98b46923b8b03230bcf70cae2e7db7be13cebe5910897905294fcdc4
-
Filesize
94KB
MD55797d2a762227f35cdd581ec648693a8
SHA1e587b804db5e95833cbd2229af54c755ee0393b9
SHA256c51c64dfb7c445ecf0001f69c27e13299ddcfba0780efa72b866a7487b7491c7
SHA5125c4de4f65c0338f9a63b853db356175cae15c2ddc6b727f473726d69ee0d07545ac64b313c380548211216ea667caf32c5a0fd86f7abe75fc60086822bc4c92e
-
Filesize
40B
MD5bae7391588852886b11bfe8459e9d24f
SHA1cdba151eb14b0711f27db41d13f6a308def3039d
SHA2561d681632312d967f458f2db523ae5af976e53bb049505ebca7ea16b0e97dd687
SHA51277eb32fe8ca511e947aeb0b882c2f7c3c09096049c4d52552ebdc88bfa8bfbcdd19958417a83eac2a27b6234c2c77813e5ec160630d0612f3a3eea53708a4e38
-
Filesize
649B
MD5ccb19fb3c29526267fa54d0720fe1464
SHA15bcc2fe57b8bfcf1acc11507379b92b13d8fcd1c
SHA2563e6873671bdf1852af48e49975b137c9f1b77df8705bffcc0a6800c54ce65c26
SHA512a2ce60b0fd6c065a9e8c17cf5c79168552c8c643d8d517506042b2931a68abe4cd4c589ee656dd221139360ffa542ce1281a20f9f4fc341706b918d119a62cea
-
Filesize
216B
MD56e5b3e1c8654b57ed7b6437680a1e5ba
SHA1966cdba1a7d765753b627c2e2824cfd86b75c52a
SHA256b289c0b160218a9b116e7c7a036536985cc251c04d9389902d1bbd22288b8bc6
SHA512cf04e1770d479767ec488fb672a2d15f2026511a409047604713d4dda52cd573771628f9128dca15e370d34b487d077555e5e527dbc7689f41a0be9c543b530d
-
Filesize
264KB
MD5ab054690a0ced0d2045459ece5520328
SHA1ba7fa24d67c74f2a6457280e8d07262983f2cc09
SHA256ec7de32d178104983d7dac41ed2d8f6ce8b2b17df49a2a30c03a62d677b805a5
SHA51261c4d73b3fb3cd56aad3915f2998f0ab7cf301a58710f0399f17b4581c3349a015864f0519c325588a90da736688e5fa56c1e95768449a8fd4d547809a60dcdb
-
Filesize
851B
MD507ffbe5f24ca348723ff8c6c488abfb8
SHA16dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA2566895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA5127ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6
-
Filesize
854B
MD54ec1df2da46182103d2ffc3b92d20ca5
SHA1fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA2566c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d
-
Filesize
4KB
MD5c805653ec19f70447074b31ac5309597
SHA1bbe698d49930756f75bfacefacfd5a144654210d
SHA256d2ff745ad73ca2bac1b288ba646cc20700711030d87dabe1019cfac20e588cfd
SHA51237e76220dfa7d624995776e8f1e8a4cd4f8f324fc3c2faab469c24c00f662f391b55549677cd7b80b0a9014840e431c19bdfd551e1775325af7ed7c06dbbc067
-
Filesize
2KB
MD55965383c6577d55ce4325edf0c756c1e
SHA11a317c1dea0ae3632e931b2f2fd65022ba9b3b10
SHA256c08c324c88163b695ab93c396301afac3be1f79751b05b6a0b4b0a191d5c7c15
SHA51250177f9728bffd68c289944814aaff7612d18e6eb24da2055bd0eedcddfe11aa4c6c44d770ca6d6d27827841efc6e6845f553ef5d2dee7aa0378f9f442624921
-
Filesize
2KB
MD514117503a37b974599716ed06aa9391e
SHA18dd99c5f06a9a7ac5b131008883ffc56dedc6047
SHA256947842102ac489ecc1d2cae5a8dd3d366aad97dd9749082cf4ddca0056410c87
SHA5128802afccad7c0b303b36a7bccff28ab1c2f5c4ccaabcd9c56fc6220a531382c2014e1bfa771da7daab90004b4146eabb56511145a6452387916cafd163f2b69e
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD543538801b9a4a0546de7cf09badf5641
SHA13a3569a4962a18886c299c86d9248488b7a6400e
SHA256f5251a04331c3f257af5f7967632fc59e11c434ed8995a4dc86736ca38db9e7b
SHA512f86bc4142918b9f7df31cabe3d160d0fc73ff6130f1a7cc389b9b3011ae435642c1a67ceca2d10ded4543cdd458b9681f50b64649159d9092d49e1c194419b2f
-
Filesize
524B
MD5feb4dd738a8dd4ee0d6bf880d3662158
SHA15a5cd9ffb74ac0fdc664c8e9791ac79be51dcb28
SHA256a77e0d4ce8d23151603920d754034700c141e201aa4efe662eae87ad69b63fda
SHA512e45881816a5a192974e46d9b27a35f2713656a2ba754495dee1b8d14516af94575e708e81719d4d40c7afd0957e570fcec54ab6f8a1a9c5f82e67f872d0def8a
-
Filesize
9KB
MD5947a36db8b77a3c39f4acea6f9d792dd
SHA1cfd5ef1ba3a74564589a9a74bd38803a1864c648
SHA2568e7b4a7b210cfe5ab57e88e5d5565b10fd35875b25ce395cf6fae3315c9fbc23
SHA5126af3190f1652da0785ecefa4fd9f1d07022f8548cdd57737d16d5b472cdfba2dd6232217301eec14e146208089d0c6383cf021a67bc8394216856590416c137d
-
Filesize
9KB
MD5df7ebcc584dceb4685d801afc8c991e0
SHA1e41ba25c8b8ed4deac7b2bac91a3fba1738b80fd
SHA25694e6ff874f845824358f40d518a6a041efbebda98f27040bf2db8e539fae6306
SHA512bc340ad3e83aa23a7f51af51ba3e2027bb62988278da83015952fdc84555fe3fe98de9047605a83bce7c33b8eae8d79c49d79b3974e48b0bd8c53687e39f0c9a
-
Filesize
10KB
MD5e87611d3541371db7cb6c452300d954d
SHA117e0d4cccccc5694bcc3d2d520ecbbcaf1a7f18e
SHA256329942357da97374d9923d027b3646e2bdb6233ffff3a139593d71f0a5635b2a
SHA51229a31ad0a11aed843233a03c052388eabf698e1b27bc9bf3de21cdca5a063c618e320dfec31eb661c71a99e3ca06b2b194dd416db12a7bcd9eb715fc33ee7c96
-
Filesize
9KB
MD594a6719b22b11735b801a1c29e4be84f
SHA198b28831f48314527b3665ad8d0a5472dd85155b
SHA256c238f07beda23881859aa594b56d9388b8201db34d7b192650b1aef12a788654
SHA512a1c931dd5a1ade6fe0cee5d98cdd7e02b4154ffc58ebf10788fbd546371cbc669d1b9ff38946ccd9bd906b15622dd0925a5c2130fd3b69bdcc1fedb4cf277895
-
Filesize
9KB
MD5518f9b05ba65bda5d9a3654b0d13a705
SHA105ba5995a3386020d562141e725ddbbca551759c
SHA2564f508c9e27f3aa11205e7407533d8a5ca349fc9e9278b9dbc0c84a18bd18b7e2
SHA512daed83615bb2a972e044739a13b6df07c25cbc1e591e44997cdf24b9448cb6eaf7cff49143dc9b3124c3f7a420dddf5894d0592ca1c38e9cf30c9928a4e465fb
-
Filesize
9KB
MD5d857cf7dd863cb1eecf3a709369eeea3
SHA13471e56a7af51f85978ba375c13c8ab33cd2c475
SHA25622c98db5d49fd8c7ef6bb07239087b317483f4adcaa5de4c89909dd856676fee
SHA512353610f7e18d7d573d203f95c37e5c6fc051a95d48c246988d3f1a873c8a2743048f31ae7ee01096f8388ea8d647e5d615c8b87c1dfb038b18dd879599941302
-
Filesize
15KB
MD5020a8b2a92b95a7559808d7fc5c6d9ca
SHA19186f7465a75286b6157cff94dce38b8fb412e36
SHA25630ae86be9d4c91f49f58d6cb57232966da93d1e2571d1c7c9b4aaa083fc45b47
SHA51239d1210f31915409635267ddbdb7f239420b22b538c235fe64a5b0b29ebf90076623832455c5685caafe9eb5174be01a02d419775d836b2c190db65476304f19
-
Filesize
72B
MD5e020eae9dbb68190eaed1b441d51f75a
SHA10be98418fb3125d682ef767c36bd5115107f0166
SHA256e48b86b94634c6543355c7f167a6e3a005771de76d9ddc5a330c31f22ee68e06
SHA5125ceb445acfd4399eb0c3c50ffbea2368a9d6f0c69169e28a147fdda18c37f3f8c0154388d3b538f5276b2a6a4d1230763303faed1f3833f3dcb1dfddc3a4c473
-
Filesize
126KB
MD51efdbd47b7709c8c346bad48e4fe64da
SHA1722654789ad3345bf7d0a05baf9845f84f4c1c32
SHA256ef0d44318b8e10fcf38826cb3d8fe9e868d6ad5d269144ca5c3c2224e85848ef
SHA512adb904c4ee76b159012595c768673f9e1a1c5ea0f4531022826fbba63008360f32c9a1f3f3b295b991403eb815b60fac9ba276b18ecb97af4ac97027a8974458
-
Filesize
245KB
MD5ebcfe5b66298de88fe8841f4543b91e4
SHA1dda53a12a618e6fa3c251f5a13aad12bcf60c24f
SHA2560e38281a1b66a876058492d0e8826bfb08a3d24310bba73615effceba23ef8eb
SHA512ebe20f6bfe9871319c6e4cdba200f77cb0494a5c6bf15f85559759f14151766669aa70ad57f15f5a226a9da5d08a5ce383654c63cc00ba7c407d9a3280b35ae7
-
Filesize
245KB
MD51ba1748b0c04a690ae01225d96254a8c
SHA1fcb0accbd67f0ee575e86ce777a8b43a8bdee784
SHA256634d347698559e19784ae06055bbc536d627ff42531c34abd53d9b0e27dad05d
SHA512067fe47a6d663fb91ca74b5705e08f6cd59f5e022d3a128ba2761f6940acea8a2fcb540f432da676df5f80611f2ef30611f42558a86772ea7c780c0f36ee4a9e
-
Filesize
245KB
MD5398eb2be1d9fc1ff8d006d9bfa33b991
SHA10935d1670842a23800cda27846c173318652c5e5
SHA256b04cf895418033a55209037f1faae29bd91146511f64f5922abf05b53b6f970f
SHA512be620755f508d516de4fa27bcd765073cdaf95ae9cea7713f0816fbc84a16c13f560a7bfe0a94c9e7d9d6d2877a40662b3bd9481e8347928c32b91b53da55444
-
Filesize
126KB
MD5a89d589f2074e928e534882a336d6db6
SHA1b8c84a496d8aa395f272a23d246b4b4418ba1e13
SHA256d12d285cc05dae59b2edd19e0a1792549b8c1323230eee2bbce1cb8ced2e3cf6
SHA512ec766fbccd2dee49bcbde82bb91abee3bac36c9826a4f372fefe521c8b390518f51ddd2711f6058b532f9a2332a8ab114424e08339a4222b0c4c2b3d8fef6e95
-
Filesize
28KB
MD56ab957ea1a854f314f744f86f2832557
SHA1cd65f99ae511bc7d64722320306477b500fdac62
SHA256a41191c1141b3f8abfdef2aef00d4e33a6e0b237bf3b16d19cbe661123dd4587
SHA51283d7c4e686744abac737c5196ee494ff977c1e2c88abdd488313fa498b2ee7d776eb6ea4e2d0500aa0375e1cf8033eae7c01e38952155d6ec426a5162013d662
-
Filesize
22KB
MD5bb0caa4df97779e7cc5bfd2211935365
SHA1f5a1d934a54c808997efb91c2b8d7633ef7e2662
SHA25603b6d60810837313ee7da7e95f8c8e40c71e62eb091215dcd49628612b80ec92
SHA512018bdd06bc6e9cde4c5ef75a5f42e5102d1e7bbd6f8636c60f6d1dfa3ab3e53a439a3901f48f150b86527d1e719465b3d7695d38ca5a2281b3a9c2e2567ff931
-
Filesize
15KB
MD596c542dec016d9ec1ecc4dddfcbaac66
SHA16199f7648bb744efa58acf7b96fee85d938389e4
SHA2567f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798
SHA512cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658
-
Filesize
107KB
MD501d6950584931c7857736555b600937a
SHA11c56e39cebd9203d30570db15a6e4bdddbe1cdc7
SHA2566326c79e4d3b0475793624e7093090b9c8d68e13d57488fb957ec1c9f8c21d61
SHA51289080fa95dcf85b01305c6e6c5fda30778170ef7e72ef13a86832ecb86f203ff91c65edd56b0172d006cac79cd5ce900a4348c9676a25a24ae296edac27c135d
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
219KB
MD54618d60a78caf2f9765e6faf472d76a4
SHA120af6f1922cc4615d85257148a04002ce43d452c
SHA256d3b5deff36c337f4c57f4172a49846bb7dd40823f105e6405c878812fa7c96a6
SHA512780fa12ed5122c38c4da449134ead144bca532ad8b7b58f7ecbe8bbafe043e38b14c7965560419869da4053b62ec57206c513a7748b8413a0b9c4d57e3b3811a
-
Filesize
150KB
MD5eae462c55eba847a1a8b58e58976b253
SHA14d7c9d59d6ae64eb852bd60b48c161125c820673
SHA256ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad
SHA512494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3
-
Filesize
711B
MD5558659936250e03cc14b60ebf648aa09
SHA132f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA2562445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA5121632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727
-
Filesize
5KB
MD554060fec82989a317326afe899e24ad1
SHA16ef8d62c33ce89d2fae967079da9b61ae4324362
SHA2568c8a3d310485f9c88c8aec6665f16c22aa96d303e3a8b4a61b8e348c4c8f6a51
SHA512d6b120e4acfee6a67cc2c777ff3d95ee9e1e1556f2df8f7e779400e7e559fe45a28bc04d3f8b26344c1dd15586b32e72180df2cea0a925aff55365d0de2746a4
-
Filesize
6KB
MD59f828e4dcd7b09ca6308f3826b6d1942
SHA1cab3fff36852f6f03529067038b7627b024a6f93
SHA256c1a5eb40723de6eb50e693c90da0ac1b192265fc0309097206fe58d846f80ca0
SHA5120e6e0d401fb9216ce990671fc95408b04dddac2a4c072ba446b316f22219d9d34ae76da4e88c592174662d8f653d740e741bbe98e22bbca7bf4ff5c53f2b8aac
-
Filesize
16KB
MD589dd646cf73f5522e7bc98e126a9edb2
SHA10c7d8ccb5041f622485ee2fdc7d47dd62cd87e7e
SHA256b1f9153ea1bcdc545d40d305ddfc339aeaa0e5226733ded0cb5761bca29a359e
SHA5128e78df22bf6b67f4844318c1435baed28e998a7499f396ff5eab38bf1d3b0bcd86a901737368471928829b5388d2c454a501a74e3a82156926d5eae3427d9bb6
-
Filesize
15KB
MD5c39e3a288d0030b03b7f9196c8f495ee
SHA175d7e7369e074d0d245727e05d2563db5da820bf
SHA256e2e03fd6e699329dafb73f144cac6b23d644377698e7194fc5ac6ba09bfd0553
SHA5127a3a393f71c21eddd814dc685e059993f52f033cbd85b52f31d86975a1fb04827513dc63f17cb96bd28a7ac4f3aa820924bcaee5821af3949a26340e17770e25
-
Filesize
905B
MD52cd95014fcefe4abe5be8b0258586b60
SHA1647d688f0f559c1ebb8b43d8da196a1fdc59c83e
SHA25636b89810114e8738dc08ff338962bf1c470df0ffc33e459f78d047e11260e384
SHA512842df29dc5aa98f270ea92a94c84f787f6ec0f36ef391ed35e74b9f321321b13467210d0a78a7846918e652d515e8197e2cd12f6109b6fa4b032bed20038fcb3
-
Filesize
27KB
MD541cb0949c1c8f45027ba83fa27e93351
SHA127ea3902a9e2d789a5653f476ab20996d348863f
SHA25640f53335ba0349f19dc457321d2dc117da5c8336e297cbe7312df3e81832edbe
SHA512398ba698fb1e3a6937b741671487cd65107ad964a92e3e33aaf579134e5b56fb10382b22d5c526dae77349865d1e14bdcfed930f96fcef931cf81301f59a0e0c
-
Filesize
1KB
MD55d98de33c4929e198794bdaadbd2b11d
SHA161c09a63a014a2f53de424ea5ce6e980ea94ec78
SHA256cfef74b8af6522872c24f3350dddbcba7311129943cdb2c9a68360f730afb7e0
SHA512a839d2308d7a093bcc58b7ac4a35dc5407c627fcb295c18bad054dd914639fc317f2a135ec714115761e8fa52d57ac9adc69b8c895abfde93dfaeeb109aff576
-
Filesize
671B
MD5a06de0d504a05dcf17a4a4745becfcf1
SHA145733c551631b44b5c9776ca6fc50ab1315e3838
SHA2561cdbfcbfc15dc0ba0f4aea27614098e4371879860ff66cd42325c66aba6a775b
SHA5129d25a60f8f32c97db7e09af6292f733830adf66d349075bf6d23adc447fb020a4965a14b8419916a96f58cf6e8e7ac293c1d32e23baa3ff8319e8284307e8b55
-
Filesize
659B
MD5a0e37c58b87a84d10aa25c48034832fc
SHA1af962ecf9181d09817e8b7c87237c51967bcc96d
SHA256826cfc58a46e7d59b2fcca9ec1f1c27de2e98a84b0077b41a3a9ed586c71776f
SHA5129ee8567d3bc45c5836a982fcec7ea5ed2c934cf4b6efef627d89a06b0d0ca1874b721624cf7c258787bf35ea4af7c289640c369e13f3f5cbedbcb33525be4268
-
Filesize
10KB
MD5488879f10360b63af55b8a7cd2793f38
SHA1f0bd188a22514f0502d2c9ad67b26790fd28fff1
SHA25668173443761f2526f18a1e9aa384e6da07c1dfa7f46ba76392cb3dc5c378686a
SHA512658514caa1252e2fc256a37e536611cd696c20aecf407183649a0c4e955e61a2118017592933586de768a0f1376d58c4f190892c1b3a02ee551915b08f9589e3
-
Filesize
10KB
MD55fac9baeb83052585531439b4d0884f9
SHA1e117dd0d001b6c420be4cefbc2a8fc27367ebf26
SHA25695e7a37174528ce6916be82e16eba7ca5eb03f6bb0f9cfd252dc2a7d21bc0c5c
SHA5120ccad3c6706452befefd327ddd49a52ebb5824b4c5e57cb525c6a4da4e26ed75b6481617375ec13358f0609ffb0a4572339e487cb8d4b75aa06c3f55bdabc005
-
Filesize
146B
MD565690c43c42921410ec8043e34f09079
SHA1362add4dbd0c978ae222a354a4e8d35563da14b4
SHA2567343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9
-
Filesize
90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
Filesize
53B
MD5ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19
-
Filesize
122B
MD599601438ae1349b653fcd00278943f90
SHA18958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA25672d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55
-
Filesize
288B
MD5948a7403e323297c6bb8a5c791b42866
SHA188a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA2562fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA51217e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a
-
Filesize
430KB
MD53bca2b3c330750c24ba7a49c4637e54d
SHA1b901b44726ddd3100dbe5eba8dc831d2350b247e
SHA2564d08f602b593fc397e74c171abcc3932bf6cc9177e96e69d95a1e71385b2ff94
SHA512fbd7debf2126cd0106ea3edb1793a703bda6b9cfaa7fae68920ec0b6903eb379094eceb6d8f0252bf3d959c441286a1c3fe65715617b21985fb11b79a328b24d
-
Filesize
5.5MB
MD5d23fbdb4820878d5af830a2fed68cd53
SHA11438f1d01bc0f22710f963ed8dbae65bda278c05
SHA2566a6e96b2860c6e2b2fb751e6a12fceb2ed0449bc6877836a21d888b38e018c6c
SHA512c70f5ac8d7919f27d61325820090f2f14c8cf75e5feef26ee13feb18fef2b16aea99718e2f0b6d0058558c284df219497e62d4c0631afa7d4849d9540333e3cc
-
Filesize
398B
MD587b2d9f287e386304071ab0367b2f162
SHA1e1cc7002d96913fa2d9bda2fe23a136fbf6dba43
SHA256d50671403045ef77352966fdc83b71505b42a89efb791a0e9a27b3fc1033da86
SHA512f154757d2cf08a9321fa00b7a6eb8728d20e12d3370d9b647e58757bf7d797950ac453da712718e181e4628b38adfb91bd3544c671f11c02bfce344196a9f4ce
-
Filesize
400B
MD5843db6d59789e8ec4e6e3e8504c53162
SHA1345eee8ec6fa887f0873d1166dc905a53320482c
SHA2560da2abc92c051d306dac8280c7a1051395d00f4bee20e764cc614f4c7cdd5175
SHA512fd721e9772ba54a1994af9b6066f40375cb29983ce3f9bd72a2a26714651ec8d3a73ace1b59e9bfdaf26d6789f7834e7a130bee4c47cf9b6f4df9b175c1dddce
-
Filesize
416B
MD520abdd1fda046f67cd47e8ad8e857a45
SHA10d0d1ba709ff2def536df69a8b95a69a9e6d2aae
SHA256a17e25498a6a820a96381b04ff43b1949647cfd24c3ff270acd064667ff2ca6a
SHA51214b9945256274de9d2d9afa53015ef0db02c359509c543e5d9f9168dd68322f3a01d8b3e4a321e5dbccedd06745ce8df48380b34849a4a65442303aaf4a94968
-
Filesize
392B
MD588e01f184ed4669a9ae053cacaf4fc89
SHA1082dd737dc2a2ee778151a92f56d16d695731d07
SHA25680f960c607d30a07df6094bcef5025c27accecc5e83602491ce117d38fe65347
SHA512029fda66015897b0ff4865b3f31e20a8a41ede0ce33f37bb850110b3751c927833a6dd605d4ff583a167dec5dd20356f17e64f5892643483c65e0af7d7cba5fd
-
Filesize
29B
MD55ef6edd2053ba7dae1c9b137deddff92
SHA13f8a68838109ca0fa42e451aded13c1dcb5496e3
SHA2564ef0b5f5085ee7b911b8f64a66c40c45cc3049b74e1e8154acc8338337ab717f
SHA512f1a3a705e9d49ad6f1f4408a2cd2f7b1803c15ea0c2d7d1326e52e27689add38a5a718f87015697cfd4af043a64718f369e9a1e9276940c0304efcee3098572e
-
Filesize
98B
MD5f56daa79149ce23d7e62fe57f097c80f
SHA1c9fbf2a1f5678142e71ac80470e79601b883aea1
SHA2565f18d8c9331d160c7c8b645b44e2bc8177a2a8baab4b3e558563ad633cd4ba11
SHA51241394432c108a60e5984df9d2b4a7924c1269bc2e03e6dba864b4bb0795f84254b0a50e987ea4b8535337a6179acec6c7ece922bce7b8f51ef489f61ead1630e
-
Filesize
139B
MD5c66dd9111a507f5987c221db144217db
SHA13eb2140a8739b0ad8ccd6b58d13a155ad048b11f
SHA256df240002125314704b83312156332941c7ce4249e83a23df736e99816e5ebb7b
SHA5122c81914c0909fce05bff3f974aceae83d63c9c83affc2ffa865e3f48af0cd4e563e1d85ac561f1e8031ea77cf6e8812b8fe3ecd4b43ece1cff0b83c9806b2413
-
Filesize
633B
MD5619ebb8ad5304856b813b0a1d77aac55
SHA18ace3cd41ee03e057b34d154116bcd72036e48c5
SHA256f7541ec94346359204e23bb5a7fe1977d5bbe50bbd6cf3c3d5d96bde19960c28
SHA5122166f1efe8dd15bb9c076c59e258517c41a7031957a6bfd4a69288f531154c411724be834beddfc11653bc598b8646dae553eec1b77b58e9d53d2976b45efcbd
-
Filesize
633B
MD58e192afcddf1bd5d418afb4a07c3c951
SHA18a414991fc0975e06f158b89a65e893d324bbe1e
SHA256f789a6eaa843bfc0138f78581d97609d36fcee7c0e13adf19c773d70ae5db755
SHA512b0b2af428f7318eb83173bc5297daf48366fd22b71f2e85f79a409eab9b0d939a0a0baa667ccee25fbada9d7b2ab8257d6be5c9f952b5f7e63e213a84987ac0b
-
Filesize
55B
MD59bd60f5b5c02a065e1866b7c3e59f0e0
SHA1efd7a102c0ff35b91b4ba0dbdeaa47900385157f
SHA2565386d5c9142c2e4c38e0c06d7490e5786d57e963a09f5c3c7d56fac66a15c8c9
SHA5126e2c11291ae3ce1f24e1597bd9e622926d0d4dd54a1c6c60f7c5405de0ebb1b9c669ae2a2a175b673f98ecb8e8f6fa269895641ae88beea80cbdd75597e8920f
-
Filesize
275KB
MD52232c07e354364e0eb1dc80024593826
SHA165bb4232c0416cfb2c158bfc32a7732ad72cee72
SHA256fb1cd5e7c3ea30dfafd3cc1862e311388361d896610db28c63716da9d71e8f3f
SHA512f0d295565b209f4dedd2a79123fa54ff9b8cbb173f14463ab3d3707b8d87aad84b05c2898478ecc148e29d02fa07ddda9499795e0ceafc2982c0adbd570a3572
-
Filesize
281KB
MD5718222e232d11298dfbabbc2b70d8b14
SHA189fc560692111c2245694867b8772fd8969f46d2
SHA25645e855461f5d1be28a2f88416603070bd1778055abdd06834ae58e97b7ddf53c
SHA5129191961c28a7a4647ae8f9f9e1956d60b97f5f5c3e4e838d888bf78c1ea665e98e8e3c75cc1247a68a89b2413493ea6d39dbc60827eec919ddba0536d793c801
-
Filesize
143KB
MD584a1cc9540d5cdad74bc54f8090dd27a
SHA1c6f82d1491015457785ae0d365e7196d693d9a6b
SHA2562738720da0b6ce474ca6eb51a92372d047eca2d713c256f0cd6c147ac3a0db21
SHA5129c25d6e7331844d01d732ac923e99c68f305749d92407c873cd09b451e59a8864001e308864fda319fa4a2bcae9dbe50682201c67901dce14272291dedecd2c8
-
Filesize
104KB
MD5a2d6dcfee7117d2b5c3025069e702411
SHA1240305e107ef852805ce7f9cfa1577a9695a5c92
SHA256e0890da0b323a43604606ef8dc4d4d8f8b5805688e81b5b9cfa9fcd6b38c5159
SHA5129b8708a8489c19c844d12d7055dcdae4b5fe65c8519e9670b67fb526e9be0bec293bcba5741f6638088e5b77639797cff67b52ad12c20943933c4041ba74dc01
-
Filesize
104KB
MD58c5e18a7676593f838eed7de233aeb3c
SHA1e5ff0fde232fe59918d4979b3855f76f3af4f90b
SHA256803cc0572d3e5c637abb997015d767de31a571aadeff3f18b19f6aa67611a489
SHA5125f4683cf4a48b96f8c423a8e07233e463b950ab53df656eafbac144a04eaef41ed04766e454a337e95271e8be839152bd6b2d572109f7499f6efffdacccc4e29
-
Filesize
9KB
MD5faba2ccb8fe366fd281ca6be6d2bb7c2
SHA1bb7bd32a21f3eba652fde24146387ffc5278143e
SHA256602187e5470ddbdf9421045bb0515f358c88bf88f59fd8a886fb6373da5d0f82
SHA512ec424a545e2598f299706499dab07b4d12b0734a52f928216a53bca2b7f384b97bd4fc092d7d68de636a75daf79ac392c4b49b7251ec011236de1659253d6214
-
Filesize
37KB
MD51945d7d1f56b67ae1cad6ffe13a01985
SHA12c1a369f9e12e5c6549439e60dd6c728bf1bffde
SHA256eb58bf00df7b4f98334178e75df3348c609ea5c6c74cf7f185f363aa23976c8b
SHA51209af87898528eaa657d46c79b7c4ebc0e415478a421b0b97355294c059878178eb32e172979ee9b7c59126861d51a5831e337a96666c43c96cb1cf8f11bc0a0f
-
Filesize
1KB
MD58480579050970b0812cc3d9a1bce1340
SHA1edebebd090602f4eee375ad754c8566d4fda23cb
SHA25644098408ab9611dd99a38e140c7fb1ca5dce6eb2d5f0d5e500547ac1ba5d235b
SHA51246de9202c3cf0ddbf19f9e0e02ec17530f2722abfa08669fd30a6095ce2342fa89a2cc59c1d47afd82b48c915bb95f4c6d16e7c21129a9c8f09c2bf239566933
-
Filesize
7KB
MD56f5ffb58a9e406ab1643c890e2a198c6
SHA13ff1faba00ac18a93e88a6f2bbfa747c9fdc7e0c
SHA2561327ab3a8c50691f04bea8e2ca356c5b604092a719e219464f8cc4b42e192de9
SHA512af29bc13cc02238208c51e4e95dd0a4445a952755635a9eab38aa77a5c087cc8e2025af55d8f3a0e9f2430baa91534e7f892bb71aa0ef72bab4483211a845b4b
-
Filesize
11KB
MD571ecece58bb00bdc1e728ee28d7a5332
SHA14305889415cf95662a30d024f1138f1af224cf42
SHA256ee062e5ef2743ceab10c64830e4cefe52e35cc1ece85947ac4e61ddd1c0b05f7
SHA5129b23404d867fc4fd7c7beeba3768e8fed3113cc7430ec1bc9ca7faf6e6105388de7057b1402f9b4ba8fbc11e5fcd3afe14233721e8d15b6c0bed40f65aa5b58b
-
Filesize
40KB
MD51bb9772a05517e227d1dafd3936e8f66
SHA1d695ca5791a4b6a3509939aebdfaf5e229c6fbcf
SHA256581dcaace05d5c1ac9512457ff50565aca5d904d2c209bd3fc369ca4d4a0d2b1
SHA5123f1966038f91b887fe1a71474929bd87f3c75091846c6e9563f7424d3a7c19c908f1d874895341c61a868a616aba637e3d4188d4ebb7383087886a13a4dc0aa2
-
Filesize
24.6MB
MD5fa8a78e8594d6fb81b64b68041b6f697
SHA168aa051fa6b235f9e78f9fbe29659fce3ac1d742
SHA256148383693916b7fe9a8fb8f34549e5112133118efa8e6643348115c595237c7b
SHA5122f5bd29d6dc94f30a57760349333f692a973d6d316df074a77b4a938504b92c349f76da0adc5cc228fbfe419da7f95a8dff250446c7502dd369d50af1d836dcd
-
Filesize
6KB
MD5fe5c447320e744084ed4be0afedbc80d
SHA126d25da3aabdc220f0877c190b6158c7bcb9b6d9
SHA256584f7e08ea23105e2826a5d9b1b151ae499e2c9c922121e428bf0647b51072ee
SHA512fd77ca350cccc4853ea08bed32132aded4a18406081e328fa5cb370aec63e49d71b8e7c4f1adc1f6b9bbfc5a51aff810155b960ac726247803a48d886d6a14ff
-
Filesize
40KB
-
Filesize
16.0MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB