Analysis
-
max time kernel
432s -
max time network
514s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
-
submitted
30-06-2024 20:46
General
-
Target
Sapphire-Plugin-11-14.html
-
Size
7KB
-
MD5
c0b066adb78b2da46011ecd2da460d1c
-
SHA1
6c85ac5a9b875c150adc781c5b2d193a92f06427
-
SHA256
e08231f0ba793bc9446a90a21981cf311796a7f5191517ecccbb71a8c747a6b7
-
SHA512
046df8d9876b7c9e3183fd8acd35f3c2b6efa8b0b08c7dc7f4610b4ee39a818bcc7de82dbb9562a8bb7aa5bb60f0e4a5cc8bc4c22242585eb83cd7bea8a3fd84
-
SSDEEP
96:zsuWzrmrcZWZRfjmZ/LBbPJjeIJumKF95RZjieojwXZkKZnqPbAZ5:aqbZR7m5L1Jjeeu1hkrKZVZ5
Malware Config
Extracted
redline
build_6.18m
31.177.108.40:9564
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Sapphire-Plugin-11-14.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8b5903cb8,0x7ff8b5903cc8,0x7ff8b5903cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8812 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9008 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9700 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9764 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8904 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9980 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9896 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10200 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9952 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9988 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10320 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4900 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1724,1540865426469759846,6447853323805009221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8380 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Boris Fx Sapphire Plug-ins 11.02 x64 OFX RePack by pooshock\" -spe -an -ai#7zMap29911:180:7zEvent48891⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\Boris Fx Sapphire Plug-ins 11.02 x64 OFX RePack by pooshock\Setup.exe"C:\Users\Admin\Downloads\Boris Fx Sapphire Plug-ins 11.02 x64 OFX RePack by pooshock\Setup.exe"1⤵
-
C:\Users\Admin\AppData\Local\Temp\Installer-Install_v9.8\Installer-Install_v9.8.exe"C:\Users\Admin\AppData\Local\Temp\Installer-Install_v9.8\Installer-Install_v9.8.exe" -pCUx6n0IOa8k2⤵
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Installer_2023_Easy_v0.3v.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Installer_2023_Easy_v0.3v.exe"3⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"4⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe5⤵
-
C:\Users\Admin\Downloads\Boris Fx Sapphire Plug-ins 11.02 x64 OFX RePack by pooshock\Setup.exe"C:\Users\Admin\Downloads\Boris Fx Sapphire Plug-ins 11.02 x64 OFX RePack by pooshock\Setup.exe"1⤵
-
C:\Users\Admin\AppData\Local\Temp\Installer-Install_v9.8\Installer-Install_v9.8.exe"C:\Users\Admin\AppData\Local\Temp\Installer-Install_v9.8\Installer-Install_v9.8.exe" -pCUx6n0IOa8k2⤵
-
C:\Users\Admin\AppData\Local\Temp\RarSFX1\Installer_2023_Easy_v0.3v.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX1\Installer_2023_Easy_v0.3v.exe"3⤵
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"4⤵
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeC:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe5⤵
-
C:\Users\Admin\Downloads\Boris Fx Sapphire Plug-ins 11.02 x64 OFX RePack by pooshock\Setup.exe"C:\Users\Admin\Downloads\Boris Fx Sapphire Plug-ins 11.02 x64 OFX RePack by pooshock\Setup.exe"1⤵
-
C:\Users\Admin\AppData\Local\Temp\Installer-Install_v9.8\Installer-Install_v9.8.exe"C:\Users\Admin\AppData\Local\Temp\Installer-Install_v9.8\Installer-Install_v9.8.exe" -pCUx6n0IOa8k2⤵
-
C:\Users\Admin\AppData\Local\Temp\RarSFX2\Installer_2023_Easy_v0.3v.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX2\Installer_2023_Easy_v0.3v.exe"3⤵
-
C:\Users\Admin\Downloads\Boris Fx Sapphire Plug-ins 11.02 x64 OFX RePack by pooshock\Setup.exe"C:\Users\Admin\Downloads\Boris Fx Sapphire Plug-ins 11.02 x64 OFX RePack by pooshock\Setup.exe"1⤵
-
C:\Users\Admin\AppData\Local\Temp\Installer-Install_v9.8\Installer-Install_v9.8.exe"C:\Users\Admin\AppData\Local\Temp\Installer-Install_v9.8\Installer-Install_v9.8.exe" -pCUx6n0IOa8k2⤵
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Installer_2023_Easy_v0.3v.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Installer_2023_Easy_v0.3v.exe"3⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Installer-Install_v9.8.exeFilesize
5.2MB
MD59fcc0f75136f0e87923bda9312066598
SHA1bafc9e955def6b8d77bffdce7050db5392b140cd
SHA2563e03276de8aad55ab485c57cee87ac1634f9c744bbf06acfe28ab11d80e0af43
SHA512e5b727658853be57c85136f0c3ced7c26db1479b3482363d024c466090619a1101f54e6af67df92cf08db85051887a2389bcaca75e367faf40419d2d8a641877
-
C:\Installer-Install_v9.8.exeFilesize
2.6MB
MD57fb8ee33045bd73407af9e64d4581ae7
SHA1826257de272acb17a6c3440e81d578d382445014
SHA25684769daa75e9e33420adfa8b633087ff9f5298736609cd1e96dd0b72f77177df
SHA51201822e150fde7364133d271530fbe9c54760f8927e0ebc76f2785ebf06e79af20e573537c98ceb0f0f0dc9b1dcad5451616e292b8874b2f014e935d0d0801295
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ade01a8cdbbf61f66497f88012a684d1
SHA19ff2e8985d9a101a77c85b37c4ac9d4df2525a1f
SHA256f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5
SHA512fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5d0f84c55517d34a91f12cccf1d3af583
SHA152bd01e6ab1037d31106f8bf6e2552617c201cea
SHA2569a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c
SHA51294764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5636c707db92c092252de82a9f29366ae
SHA10c44e67cba493e59d30e4f578d02f58dc17d4df6
SHA256dc0c7426583e66983e4b23c4ecadc02965f22e6c6a342cb152b508f0ec728cd9
SHA5123c772652f88c1ded8ece19bf78d55848f8c48b6fe54fad0ea57324fe00b6948d4c5d04a98b0cb786119cbd1957b2dc0f147c4a2bd714b39d591ed5200b155e02
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
13KB
MD574a42b1979c87564b7a6d1a3d4a59638
SHA165d99df95fef602e48261870f95eb74cf6c6de40
SHA256624fb91bb484d5e4835b5a6971326ae3202e096921308ef495b2d546943b49b3
SHA512c685485ad2ab7abd3e1a7aa37a9919e236b19d26a86631b1922d667c6115839d5796f6f5ba19870b43fd6edadb5b1d22a30e6e26a2aed35f43311854123de9e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
13KB
MD57ce887e36038958becf36e53875a77ea
SHA133c6f9dacc8160202d7b82b3ffe3ec5bc982aacb
SHA2565e4f5c6cd761311df34483c9b7c462937332465a662edbc7a887a9a8a76473d3
SHA51269c1c908c786233dea5fd23dcc55435cc814593607e9eb6a4329d2891cabbd3461969b17a6739e1b79cf9d7ccf6bca0322a4ca95f63398181cda93b9ed452825
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
13KB
MD5a17b90627144579801a09083fd2195d5
SHA1ba89849c344c8a5fa6b0c8b74a6f21d83499aba9
SHA256b3831b6a287ca6df8d43b002f13961d02909fac67f52041feec6cf4d7a5e783c
SHA512399ac78b553e0546cf5f685b7981123d1597246c2dc32327a7d6ffa4f83ea6b69934b1db14009313dfeb1d96befabad828425d5ceaa559e33d163c7bbb5d12ff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
16KB
MD5b1f29a3b64e2621e36ea3809e5a75612
SHA1c932e4bf25260bee5ebd997036a256c16190f623
SHA256b27f6e06ec1edb8e0e6e89b775327c9b62c1f65b1dd7950c0958d575b6f57dc0
SHA512c2eca7203c0b32b11274825329ce70c2727f104b4ae8b3d13cd006b50ef29cee31a23180e14ab2f778e4d206515d3a93053ff73359d888aaac6879aafad532c6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5e51e11df049b0b3192e82d7004ccdd25
SHA178f5efc89530066f6f804c2b12cea6c2062a11cc
SHA25693aa591d2e16faf6e92e62cf860c35497d0eb1b1f0f20cf8e7fc3514c81fa3d4
SHA512fcdc96940714eb9dd602e21464acefbe2a72f0c25b20975cc03a582e6476d32fbbb7f7482784f0734d6ec21c2823dda42caa910529186f3cca26b7a46b0ef84b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59efbf4c7ae8a6d6b718c4f91de4be158
SHA11251e1effd4bc91958c30fd55a982a643ef8388d
SHA256b913d4f507ceb63ee6e65d25669e4d48040e35af3cf138747fdbd3c791798da2
SHA512da53a4252da05e72168b992b2743118b213c2a62cf911e1771f25ae42fe26d4904ffdfbf3b8af21dc5eaad640090d6e0c7d5e72ddf4f571ede8040420353ff56
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
15KB
MD5a49231ae1d095e3a1d6dc63a2b209ea5
SHA1bd9913a0a37124efc5f625b029ad131493a245b5
SHA25623ab3bef39da587c466fca696a552246f0198a1f775a6973590a93bfa7dd7d38
SHA5121fb4525ab00d49025c0fac6cda81588dd006600120c0d6566b93c6fd7c4c202890011c5c68aa5574ef4a6dafe015028f27d18c9f126e43c02aa63222d2cbab61
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
14KB
MD56579d0d7715fed93dd6837b655921c23
SHA11838da72cf3ae3433e59393f38bddbe50fd8a16e
SHA2563931d811955db3119e7033bdfd3c062244c950eeb28a43b4bf60ee935d0674aa
SHA512eb711d40d8735a1ee8258ef56b4bf563d598d231477ae8bf8d9d088127887c9540f8cdc41fa8dff6289d8e8be381b5a97b792dcb8cd04326e07053a89e1539ba
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD590c8cd520810e02b1eaa619ec266ed71
SHA19cea3e16ee0122e5306288a169dbed7239c25bdd
SHA2569c4912c7a2823460c889df387ca348a89c0c93f9d9fa8d5b264edb53aa49090a
SHA5124e8041085399fed33c24f3fd4377be01912083e1602a64fd4e21f3c56150a17898802a67a0b5b5553e96d753ba3e3cc1e10a01e467281d77ae08c437110dfb2d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD530db52bb26cf6dd3cc08fc62e1ca5323
SHA1de176d18a343b208e8a2be756169d521715665ff
SHA256767d5014b9a93d5755ffd80830a2d682036e0b6f2526322bfb7c5aaa2ad0f4fe
SHA5129000240f7ae0306dec5cdd8931d56198e50d87d9f1bcc9567ebf6f10d0d5ec2d8a79a95cf5a18cc41e3b23dc0da99cdd222303daeaef0bf59a5129cae29ec1af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
5KB
MD56711f004be3637910a73b48c44e40233
SHA1f7c145845d5ff36ba0147b6164345c6ea9936de6
SHA2567726e9436abf3e1b49b5baba642fc49481beeb229f8e49ccddaeaed61003b326
SHA51295461f4a8ae7eeaf9804d216a01d98fae31dffb8404773630ef7f09f36bb9f8a245dae2df0b4891650134f5f2414b4f9ac707aa00bc3129d64516f65f6e711ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
4KB
MD58f697f78eee2e6e1eac15333946e422c
SHA12ca2a7a27ba20d24192a11d537aa0d46ae5cfc59
SHA256f492cf5962a628ec492a014af597bf4bf1951752e0cd73e5cf93dfd843bf1af6
SHA51242dcb7ccfe24b38692c13a20062ed1eb5c974ab679b6ade77590f9dd01c8225cf5333919f8a730bcc71dbd94973d40b5ea201b7fc1d8ed4585b69d14dd24cd68
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a0f3.TMPFilesize
1KB
MD5766fce2f5b55fdacc5d9b1a8b69a1945
SHA1efe49e102e4d7fa53a3d3b36797bfcb69cd22a7b
SHA256de62b52953871f32790d7464930b7a1edc3899b1ad8118f44de6b69179c83313
SHA512b53b61f8f094140f5a3c410a9ff944e37773b80440c5f67625a9591e1be957673d7e75a81fa8949d839861f8a5c14b415adbc47761e357b8febd4f1972580698
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD541c712f6d044669fe7827c2966e63b5a
SHA1b4b718352310212b6069ab935eaa4cfd147790ab
SHA256151ffbd3f5f2203531bbb456d1faf0aa1fe79489c3bb1e595889e36dc2b5cf84
SHA512bb8def074c638a169a250c7a509250057bf1bd451bc595078cf5fc8b1783a9b37a3d239e7fb12263befc4277f7e9993353e982a9a08c711a13c66fd78e640875
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD593408e735728db90325a812b1f59d82a
SHA1c555b65bf424359231f52b11c58f60ace47b2b8f
SHA2567ef2b1f668c8576273db34f95bc8c8607eee0fe5e60105ab9c5598d661589720
SHA51271a352325c0827fafd77c8d34fbfbe17258a149f87894a5b06d7e0f02c20e8f38079ff02f432a3fd508b6a1638dd6dff7ed9c6d02fc7c95e52ceb74d60f00079
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD582e8c7c503cc1e6a2e855995eeada520
SHA1cbdc3cc55ca5795fbfa05098bb50f152da8077c8
SHA256290ee69baaa32cf169fd304377d83a22fb8cf2e3830e46bd9b845175146ccc76
SHA51254e0f72af6100aff6f216d0267149a1432f101c62a3861952a4defbe6fc0e85392188f8abe69ee48af2506027358a0876120a33e52d521be0448305e261a753c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD56f65b8cde54e682814545a5a72054494
SHA1e1dafab8fec899e2d7f5eff83d1ccae5a6d41f59
SHA256aed3c5d5edb09e89bc4108280aba663a79062c79300a0d21bd51bdc71a55b685
SHA512bb79b2f376af3bf885d9e90f85d0b4c03031dc8c81e0c2c851be8056e6a913d072745aace54466ba6ffd7324c476560f2bdd330f77ebe7521ce03187f12d2f7b
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
10KB
MD5ee87a5df2cec41353233851e9956d539
SHA1cdd287b4be58f5ee3464c31c9f073daad13f2eb7
SHA2562c25ce8141d1e6e601907a4d54f367ba7f6032c9596d24b30a245d94b719c880
SHA5123afe8451239bbfa4c7cd6ad4e123d8558aba43a570998ef76834dd12b8b0266a4c9dc7bf57dd9a903208a029f3a0ae54822f1ba1d29414615bdcea963b062379
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
10KB
MD518951ad4190ed728ba23e932e0c6e0db
SHA1fa2d16fcbc3defd07cb8f21d8ea4793a21f261f0
SHA25666607b009c345a8e70fc1e58ab8a13bbea0e370c8d75f16d2cce5b876a748915
SHA512a67237089efa8615747bdc6cfe0afc977dc54cfd624a8d2e5124a441c204f1ec58ee7cfbbc105ddc2c18d4f254b9e124d71630bcdba0253d41a96890104f2fff
-
C:\Users\Admin\AppData\Local\Temp\Installer-Install_v9.8\MicrosoftDeploymentWindowsInstaller.dllFilesize
179KB
MD51a5caea6734fdd07caa514c3f3fb75da
SHA1f070ac0d91bd337d7952abd1ddf19a737b94510c
SHA256cf06d4ed4a8baf88c82d6c9ae0efc81c469de6da8788ab35f373b350a4b4cdca
SHA512a22dd3b7cf1c2edcf5b540f3daa482268d8038d468b8f00ca623d1c254affbbc1446e5bd42adc3d8e274be3ba776b0034e179faccd9ac8612ccd75186d1e3bf1
-
C:\Users\Admin\AppData\Local\Temp\Installer-Install_v9.8\MicrosoftVisualStudioDebuggerParallelresources.dllFilesize
127KB
MD550f9f4f6e39003c629dad488895bbbb2
SHA1ab13d5c4f6363feb18bacccb30d08481446e21be
SHA2560a2e73233da59f66f519ea0a4b432d9b49f2e8260e772c2cbbecb3267e4fac9b
SHA5126eb38e533e817532c56da0e4e0e020d18edf20f856c169afa880e6909296fdc624f602b2af65e8915667fc70fe1da7588570255dc523213067934c5d3865f587
-
C:\Users\Admin\AppData\Local\Temp\Installer-Install_v9.8\MicrosoftVisualStudioPlatformVSEditorresources.dllFilesize
122KB
MD55d9a7a1896919ba4154a2236032d1f3f
SHA1a01994a2e66a04d9dff9f8e62b21e28877b5fe63
SHA25630acea13c69627abb68e6a67a25527edfb3ebc7e0df543b31ad97d439c525767
SHA5127cd4da3d1b75a28d33944e5b319139f60828aed2ba8d0e76954ac39533546391fce7975b770e412f8fad4a1fe5b8a93085ada9e0e48308011bb97ab6a0a6eae0
-
C:\Users\Admin\AppData\Local\Temp\Installer-Install_v9.8\MicrosoftVisualStudioShellConnectedresources.dllFilesize
175KB
MD5ecc5822f9b273d8e51a6f659e610ea97
SHA1a1ac2b7c709f1d2f38abe627f736aebeb71f3732
SHA2567efa34499e571d52470ee4481c4714d34e27887c5f3934cab8059f1db8b6956d
SHA512e98b1be93ff6d3c1fbd587a26a373e0d5863f9c21dbf1317f64d77397e99e9a276e34cd19446fd894ee9ca63de306713ed5cdd74ce6ddc5a8c9e9eb1782371cc
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5btfu3re.4m5.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\Downloads\Boris Fx Sapphire Plug-ins 11.02 x64 OFX RePack by pooshock.rar:Zone.IdentifierFilesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
\??\pipe\LOCAL\crashpad_2440_QFQIHZWPBTOPSWTNMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1592-2790-0x00000000142F0000-0x000000001481C000-memory.dmpFilesize
5.2MB
-
memory/1592-2789-0x0000000013BF0000-0x0000000013DB2000-memory.dmpFilesize
1.8MB
-
memory/3056-2788-0x000000001A340000-0x000000001A390000-memory.dmpFilesize
320KB
-
memory/3056-2751-0x0000000019210000-0x0000000019260000-memory.dmpFilesize
320KB
-
memory/3056-2755-0x00000000195E0000-0x00000000195F2000-memory.dmpFilesize
72KB
-
memory/3056-2754-0x00000000196C0000-0x00000000197CA000-memory.dmpFilesize
1.0MB
-
memory/3056-2756-0x0000000019640000-0x000000001967C000-memory.dmpFilesize
240KB
-
memory/3056-2753-0x000000001A3E0000-0x000000001A9F8000-memory.dmpFilesize
6.1MB
-
memory/6948-2702-0x0000000005910000-0x0000000005976000-memory.dmpFilesize
408KB
-
memory/6948-2740-0x0000000019210000-0x0000000019232000-memory.dmpFilesize
136KB
-
memory/6948-2711-0x0000000007230000-0x000000000724A000-memory.dmpFilesize
104KB
-
memory/6948-2709-0x0000000007090000-0x00000000070D6000-memory.dmpFilesize
280KB
-
memory/6948-2708-0x0000000005F00000-0x0000000005F4C000-memory.dmpFilesize
304KB
-
memory/6948-2707-0x0000000005EA0000-0x0000000005EBE000-memory.dmpFilesize
120KB
-
memory/6948-2696-0x0000000005200000-0x0000000005222000-memory.dmpFilesize
136KB
-
memory/6948-2706-0x00000000059F0000-0x0000000005D47000-memory.dmpFilesize
3.3MB
-
memory/6948-2727-0x0000000018F00000-0x0000000019014000-memory.dmpFilesize
1.1MB
-
memory/6948-2710-0x0000000007880000-0x0000000007EFA000-memory.dmpFilesize
6.5MB
-
memory/6948-2694-0x00000000026C0000-0x00000000026F6000-memory.dmpFilesize
216KB
-
memory/6948-2695-0x00000000052E0000-0x000000000590A000-memory.dmpFilesize
6.2MB
-
memory/7148-2688-0x0000000000EE0000-0x0000000001EE0000-memory.dmpFilesize
16.0MB
-
memory/7148-2692-0x000000002F1F0000-0x000000002F28C000-memory.dmpFilesize
624KB
-
memory/7148-2693-0x000000002F0C0000-0x000000002F126000-memory.dmpFilesize
408KB
-
memory/7148-2691-0x000000002ED70000-0x000000002ED7A000-memory.dmpFilesize
40KB
-
memory/7148-2690-0x000000002ED80000-0x000000002EE12000-memory.dmpFilesize
584KB
-
memory/7148-2689-0x000000002F290000-0x000000002F836000-memory.dmpFilesize
5.6MB