Analysis
-
max time kernel
114s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
06-07-2022 04:42
Static task
static1
Behavioral task
behavioral1
Sample
LogonFuck.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral2
Sample
LogonFuck.exe
Resource
win11-20220223-en
General
-
Target
LogonFuck.exe
-
Size
9.4MB
-
MD5
0a2b300c470403d18d20e3165e8d65b3
-
SHA1
8c11a3169e87c5d2299367efb2560100c44ddacb
-
SHA256
ed14a4d2759d943ecf24e78779da1211a9ba7a143b25f30fced6f58705a15635
-
SHA512
0a718f62cb3b4f3b656b7f831298e555c136c053ae0ffe697a7b60836c14411cead48f74aa5eb115aea09aedf5b23dfe353742bade5eb872144c5b54fc278d1b
Malware Config
Signatures
-
Disables RegEdit via registry modification 1 IoCs
Processes:
LogonFuck.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" LogonFuck.exe -
Disables Task Manager via registry modification
-
Executes dropped EXE 1 IoCs
Processes:
LogonUI.exepid process 5600 LogonUI.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
LogonFuck.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Control Panel\International\Geo\Nation LogonFuck.exe -
Modifies file permissions 1 TTPs 1 IoCs
-
Adds Run key to start application 2 TTPs 6 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe Key created \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe Key created \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe Key created \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe Key created \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe Key created \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe -
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 266 api.ipify.org 269 api.ipify.org -
Drops file in System32 directory 1 IoCs
Processes:
LogonFuck.exedescription ioc process File opened for modification C:\Windows\System32\LogonUI.exe LogonFuck.exe -
Drops file in Program Files directory 2 IoCs
Processes:
setup.exedescription ioc process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\65b9e47f-1cc3-4198-a288-530d74cad20a.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220706064249.pma setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 18 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 36 IoCs
Processes:
LogonFuck.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeLogonUI.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exepid process 832 LogonFuck.exe 3456 msedge.exe 3456 msedge.exe 3620 msedge.exe 3620 msedge.exe 1556 identity_helper.exe 1556 identity_helper.exe 4660 msedge.exe 4660 msedge.exe 4268 msedge.exe 4268 msedge.exe 1004 identity_helper.exe 1004 identity_helper.exe 4332 msedge.exe 4332 msedge.exe 3572 msedge.exe 3572 msedge.exe 380 msedge.exe 380 msedge.exe 4748 msedge.exe 4748 msedge.exe 5600 LogonUI.exe 5600 LogonUI.exe 5600 LogonUI.exe 5712 identity_helper.exe 5712 identity_helper.exe 4932 msedge.exe 4932 msedge.exe 5608 msedge.exe 5608 msedge.exe 2612 msedge.exe 2612 msedge.exe 3200 msedge.exe 3200 msedge.exe 5452 identity_helper.exe 5452 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exepid process 3620 msedge.exe 3620 msedge.exe 3620 msedge.exe 3620 msedge.exe 3620 msedge.exe 3620 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 5608 msedge.exe 5608 msedge.exe 3200 msedge.exe 3200 msedge.exe 3200 msedge.exe 3200 msedge.exe 3200 msedge.exe 3200 msedge.exe 3200 msedge.exe 3200 msedge.exe 3200 msedge.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes:
LogonFuck.exetakeown.exeAUDIODG.EXELogonUI.exedescription pid process Token: SeDebugPrivilege 832 LogonFuck.exe Token: SeDebugPrivilege 832 LogonFuck.exe Token: SeTakeOwnershipPrivilege 4500 takeown.exe Token: 33 4628 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4628 AUDIODG.EXE Token: SeDebugPrivilege 5600 LogonUI.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exepid process 3620 msedge.exe 3620 msedge.exe 3620 msedge.exe 3620 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exepid process 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 4268 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 3572 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 5608 msedge.exe 5608 msedge.exe 5608 msedge.exe 5608 msedge.exe 5608 msedge.exe 5608 msedge.exe 5608 msedge.exe 5608 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
LogonFuck.exemsedge.exedescription pid process target process PID 832 wrote to memory of 4500 832 LogonFuck.exe takeown.exe PID 832 wrote to memory of 4500 832 LogonFuck.exe takeown.exe PID 832 wrote to memory of 3620 832 LogonFuck.exe msedge.exe PID 832 wrote to memory of 3620 832 LogonFuck.exe msedge.exe PID 3620 wrote to memory of 3848 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3848 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3120 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3456 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 3456 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe PID 3620 wrote to memory of 5012 3620 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\LogonFuck.exe"C:\Users\Admin\AppData\Local\Temp\LogonFuck.exe"1⤵
- Disables RegEdit via registry modification
- Checks computer location settings
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\takeown.exe"C:\Windows\System32\takeown.exe" /f C:\Windows\System32\LogonUI.exe2⤵
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kaspersky.com/2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ff8650546f8,0x7ff865054708,0x7ff8650547183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5988 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff610c75460,0x7ff610c75470,0x7ff610c754804⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,13297384760638955420,6186883987605905427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.norton.com/2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650546f8,0x7ff865054708,0x7ff8650547183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3720 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5196 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11891565094269337929,7363114157966847141,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.avg.com/2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650546f8,0x7ff865054708,0x7ff8650547183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2484 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3884 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,17875333213445844681,15491265209809985404,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.malwarebytes.com/2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650546f8,0x7ff865054708,0x7ff8650547183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3976 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5900 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12304340261850534217,12968668543229754062,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.avira.com/2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650546f8,0x7ff865054708,0x7ff8650547183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mcafee.com/2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650546f8,0x7ff865054708,0x7ff8650547183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2228222613166814845,4385668800362440313,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2228222613166814845,4385668800362440313,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,2228222613166814845,4385668800362440313,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2228222613166814845,4385668800362440313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2228222613166814845,4385668800362440313,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2120,2228222613166814845,4385668800362440313,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4724 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bitdefender.com/2⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8650546f8,0x7ff865054708,0x7ff8650547183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6240 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,14240358553345250054,14956466765501652287,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:13⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4e0 0x4741⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3965055 /state1:0x41c64e6d1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f0e3ac67c976d7fac8c950488be02c3b
SHA1ba07b838c3298d77e077dbb37619611cd5e5a5e9
SHA25634ed3321d7819cf644722104ac595ad8b5d54c7d11989da017f4dec6b8efc4a1
SHA5126718c3465f79747fe7ab39cbb13bdea8a5fca830cf5a91893f0f5eff39f378e058f167a291b0fc26e75d35c6325d8fd4f0432aab78b3724435ba1f4f8f700100
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0Filesize
44KB
MD583b84853e00e88f71d3f54dc9b05f9cd
SHA1fcb845997eff58cbd6099a99c2cd86af32a12ae4
SHA256f94941d968a0af4a6e1c305859ac12000f710906010767be6603f176ade08838
SHA512b489af04c51b40c050ab3527112c376e53a73824560cadd052bc03d1fc2475991b309ea9cd91d317cc2369138d89d5a41f21044fa5a453c242c866b9134ac986
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1Filesize
264KB
MD5aac0caf278d2f8c8c494729c202387fa
SHA11c0c8ebe611a6b9541a15d7ad8581b02d44a9f07
SHA2568448392002ea576eb1cee0edd00a3054e10a7a8d50d1905cd82c90f87059c550
SHA512b0f1386b0b8bace08044a470cdbdbecc95f2a8aac691e0fd850344404b31579b587c54c1271019af8b47c35505b906eaece011ffdcd20794c461454a679ec1d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2Filesize
1.0MB
MD5b1c956844ab11eaa48908c90cba414ce
SHA1da16f91167ae25720a09566488bdfe019a612fa0
SHA256ef7162a46eea7305ca2f706a368f650e4e96a8db00980a86c3ee28519c8496df
SHA512e18531ea356db28f79b0c1ac9d9d65c73f7b600835cb67b9c3ab1456c6c8d437f26a8e71f48d1576934394d1fc8560fa2cac40f69e54780172d496f46f095872
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3Filesize
4.0MB
MD588227194cb3835a49a329585701cdc31
SHA15dcbf7fc0ed087eb6d455e66102cba1fb254ae40
SHA256cadad7f09242dc9d56a713cffbd229881ce6315d225a141c2c50406289a6d11e
SHA5123e0751aebb6861322e71af13ebb5291ac523b6ed4041231e2cdeb4380db632e23ca990d54bb45079314323ab1c0db437281838b883a6821856c58044b8fc3ce1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\indexFilesize
256KB
MD5b4cc0a3b88af0eeaffc7b6fb0f3fbeec
SHA1f68f7fddd62bd96a7a8d9ae2e3afb47be79a6f96
SHA256aebbb0c69c1f99e7e87368508cf5786211fddf5da974c74dd8bdf4de061d5d8e
SHA5127321a2149e425e3d32662b8c342fa69f21c8d2b06d49b23866548b164b393682c754eca21a92e1b86e8295423493fae04a994e61f2df871fd981b0a1ca24ae55
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
792B
MD5002f24d30e3bbce1e9659c9bc21e9973
SHA197fd48e39078f8ea16ca51bafd09cf33ef0072f5
SHA256887c2144b9fcb946f1886c813265f71f028e3fe7df804f63cad7fe96e395e558
SHA512e96c192023f1db6e3af112c9b1b8f0ef141173ed45169f5cb3aea1e751135291f0dc29701d4288f1c60384025e68b42594a66689af44143a7b370e96f88d62f7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-indexFilesize
48B
MD54129cb4251ed17ed2daaf7a2c92dc6b6
SHA1de58b81703c3afce96b8a13dcd76b4806a050e6d
SHA256585c016f92b890dabe73e77c00841bc46352e0c1f89d151a47502f69ee9697c9
SHA512fac10f96b90434a087c3f2c6b0eb53db9ce303d8d8866f130c0ec5fc971d9e904b6ab65fe36f153c8bf82d12a48259f956b2a31f384fd608bdc35a5d6ecf0cd0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\CookiesFilesize
20KB
MD58552bb74f9de6cf4358d9a7d626471d5
SHA1f987732a6ff6b13d5058a48bf70876496728f3f8
SHA2561b0f97768e886b5f7ad586d8c9e937565964592928da19bbe6866c481e5558bd
SHA5126f445ff1a7064fd566789fb400bcdb32114456c83aac6fa7faf13c0ef350485cfcb56dc31a3cbb98fa258fb8cf09a2f237316f0f30a0f09b92f27df9072b3561
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\FaviconsFilesize
20KB
MD5e991f1d0986559c11f082565921dc226
SHA1f2c5791a2250708187c2f7096125c9ebb013dd71
SHA256aeb613d7c8e10bd024f337034e83d7885797c860df7497a4db1af36e227ea5e5
SHA5128e99c252e1ba5599d82ea3a74ed946c9192c6e016646748005558166b22c7d17601867ee5ef2dd46687a0ea1eaf3ed2a163733b321801abf6d65e98d16b201fe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\indexFilesize
256KB
MD5ae6e0660dfafd15cb9dc0480fceddff3
SHA12d961c17d76f59b8a00dfb11badde7a24818c454
SHA256caf52013681663d770a92bc0a2f11be74b54dbc8d6c28cd662620604f050b35c
SHA512dea88ddce98aa6421031c0d23fa8cae179f5eae0cbfc9e6a040b198c032fd516873f0237ad85cb1e4a850b31e1ca83dcabbee7c629ee06d2b846711fcde36073
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HistoryFilesize
124KB
MD5be6080ca85e2e3af5a7871e706e2c031
SHA1dc5b45c515cb3dedc660ab738cde314270eb1843
SHA256750ced3a422bb60ff495a51acbd16e43920f39cdd9d216f755089b90f71e6506
SHA512b64363b13ea1c18632784fdfc630b0bb74943dcf498eb06494a83ef039b87b9c3c8e5ead02f287b1c75949b9e02146354a753ca218b94f78ceb1291a4dcc51ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider CacheFilesize
1KB
MD54f5b900f5aa2552c1117f9bc69f6f301
SHA16345c972c058bd8f1173551d7a5490250aca606b
SHA256a2fd80fd37bc1bf64db28160294360455342af9131630e5a02ae9932810deefb
SHA512553fb48b8af0699e37c8c5c774b37ac3e21f055731ae789657b2d75820e006c110fe1a99bfab6bd247d952d529b7b6b68081c73a386326c4698f0375e85dba4d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.logFilesize
836B
MD531947dde5ea933721850868a2d696c83
SHA12200667aa28c3156194f618ba27fa3a0a1f2de3c
SHA25656fa76a672e8663df81ac41df5c67f90e6854952430e8360652041e3f2db95ce
SHA512f959b8598d40040d751b5a7fcc406ba46cb84a2150300e1a5946ce879e23db832b41b90bfe2f3c0671af8c8be4b153d5881e76cadf22bb43f786a27f923311e8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOGFilesize
331B
MD558f812220540cb4d7a487cff092db9b9
SHA1ff7b9e19e05ffaa4e4314a12acf22f55745a97a0
SHA25659b894eab0bb7f04afe27704eae3cea28237dee408b146ddf9ea08b311e15beb
SHA512da2cfdc85f17e2072d868bfa2236373f48440b9f81bf6c7ccf02bf16340e2dda44047e5757c04462de52ae0b22b972775228b7d13192e24690c6a67d4d55f8ae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD528fc000ad8c11e5ca8639a6e349b807d
SHA1277cbc7a189034dc48ce12cdf554fef9ed759c6e
SHA256e704b4236aa169c5feb62ee16646fb7eeb04da7529f60ac5a12ffe943c2f937f
SHA512e0d01c2689d3cdf995f7524156e6096700f9538f5556e52c3cd0d68f4426098616e47e3386db33b5fd4afeb654d1cf2def2fd68ed9dd931ede84c374a33884b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD58741731c92531402bb0d53a1b718cf8a
SHA1620ae6811c5907cb494e79db2fd81c15aa2341e6
SHA256e188aed486801738c34cc8804b5a6c0a4b3176bb6a2407b68a8500e983533fea
SHA51288df8cc765e4ded89a64756148f4b60d32ba0ac430789598550d0e3625e1917d520f87459f3b14fe6ffa224ea8ec377991790bef3b1dac19e22053ba67d96f7e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.logFilesize
421B
MD5830fb774052064e9eb85cf68ca0de821
SHA167d3b683f729d5c45a2817ef37aded79ebce9ca4
SHA2561347f5b8d3b49fcaf46f8b8de24b7807950d6376b9030945e7ebb221470ee43f
SHA5123a7fdeba80cb1e7fa1de67d31ed9e46fbbb0ae6b4a145e6777402bb87aaa6baf9841ea185d5a5109429970e025a9bb5ce2623091d488899cf78978c805e09560
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOGFilesize
281B
MD5bc2d5c73fd20e4974ead7981298a33fa
SHA15bdca94cb80989f5b6b08ad3bbfd97cabb235e18
SHA256fc78436e18588e1b89becb8a33ba410097351233df4f8cbba357beb5f295cec5
SHA512ceaddf665eded9acbdbb47280edbebe3dc5c33e486da4a2f54497dd76fcfe76d5d7c369a6a2159aab8fc8828c2dd00d176baafeca15a17d4ec858d71a13c152b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13301563369853997Filesize
2KB
MD5fc8c29f297095a381108b1156334508d
SHA15163cc89721f2d3a96b236628e45bc58aa4341b5
SHA256ac3dbb630b090cc8a93094787761a47b0b8d307a0d20e493e226e3072d772494
SHA512e06173eabe8a4765c0712095f182b72b13a58eb56fe18e423b76ec845bb4d7d5587e5818ea8c942e74cf6bfe33fe91171e4a2713c406f0500629c951ccc0da8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.logFilesize
112B
MD5d6d3665711151bba623d55b9030fbe4c
SHA1bfd9d5b0934562731d8a76bc5558e532548835bf
SHA2567ce6ccccb720c1582828669fe97563117678a201822e1d5a2a8f37b20d4d1a81
SHA512e927754f5e3a0205d5c78c9b56c9a30658dd7351dfa7086468b96098e4691598b82605d170465de841b22bb4f26a30cd187faad7b90c3a47721251f4f5149ed2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGFilesize
347B
MD5018c17ae3bc76dc4fdc90bba9716f595
SHA187eb1f6dc2c029c4eda2911402e63e3397bfca16
SHA2567cd77b2c09efc0b731e28ca1a87191207aa13a0b1512fe8c94abb2ae3b0c413d
SHA512229326f05ef9c16fffd8c61a1ac34016170e36726af4300744304ad30dd924700f9cf2e0e35a150e6367bec105678938460cf0ed18b82240b4b875805f4dba76
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGFilesize
323B
MD5f7f187d530f28d21dc3eafb9031630d8
SHA160dde4496b5aade8252ee098c432c59396a2d22a
SHA256065805c45983629d5be0fecda20b6ebcf94a08f3e48282b3888cdae81664d10c
SHA5120de73e6fd4e362218c4784b4ef40bd6fbf98a58f042b0771aeccc47e4a6dfdfcd3c25255ff37e6e5fcae9035b47391dd647f9ac04a259514128d1ea9807557d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top SitesFilesize
20KB
MD5f44dc73f9788d3313e3e25140002587c
SHA15aec4edc356bc673cba64ff31148b934a41d44c4
SHA2562002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983
SHA512e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited LinksFilesize
128KB
MD5bda6d5792da43cf8296158eff644773f
SHA1c80ba75598bf0b557b2687964ba4e4ce8408e468
SHA256d05d67f11b8e95ffe5b5a00a33815f96fe2b1d3f17e6210cbb04d30c01068527
SHA512cafa687c7b66944786fe1116cf3a7acce78d62dcca444a8307712f47b9f30db278582d2acea199ea0c8091292dd70b090fb0a7a983f0c8111274e3696e1ccbfb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web DataFilesize
116KB
MD5f70aa3fa04f0536280f872ad17973c3d
SHA150a7b889329a92de1b272d0ecf5fce87395d3123
SHA2568d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA51230675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.dbFilesize
52KB
MD5827979276cb7ba1963834979a5675bf2
SHA1effe7a1e2aa5acf1b0dbf82ed54bf66ff25ec14e
SHA256529fc752d36d93f68098edb88e61919600681e1dda58c25a31d27e1c51099753
SHA512d3858c702fab10493a0d160c73eaf2084f114b2234c08afd4008c2b70210f2cb144cdf2d36abeee766dd21b5bd6fc9b077a47b91710cf44d583927f026d01da0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOGFilesize
281B
MD544871b13332ee63682fe8c8b1bae1501
SHA1369771181b933babfe43717e81beeebeb5639555
SHA25682e947ef0bcbdf002a2f58e89402b5945bcee4f466857db135f07cdbdb50b562
SHA5126a78ceb0a5e9f2257d55305209101624d44dbbe738326a759d3b11f8111e070965062b18c93bf0f1591aa25096278d7e83203362b550bbf1c1b8b7473be026ba
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.logFilesize
160B
MD52e19a9040ed4a0c3ed82996607736b8f
SHA15a78ac2b74f385a12b019c420a681fd13e7b6013
SHA2562eeb6d38d7aad1dc32e24d3ffd6438698c16a13efd1463d281c46b8af861a8ce
SHA51286669994386b800888d4e3acb28ab36296594803824d78e095eb0c79642224f24aca5d2892596ac33b7a01b857367ed3a5e2c2fb3405f69a64eb8bf52c26753f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOGFilesize
299B
MD5f80fe4a15e6d43c46cb0c1eba98f3abc
SHA106134d26c7f4fa7ccfb1f71d5f046456ec80d285
SHA2563b75acbb1d3fe64f6b13cb4fab06a94fedb1247c5c44a5bd1d1a53967aa0fe58
SHA512308892c66c53ae1d4c5db556664c835a9bedf97dcde17229235e7b123750b2fa773910f336fed6a6decc51ddae3e7fe8f0a14eb50b00e591eb56e39392e16ef9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionFilesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD5c9c5278bbf15f9d6a6e264af8f9540e5
SHA178aefd74681529c7ee4f10e29d95f0b5e4e1e871
SHA256e5460c6db6df1417d6d1afed8b83648f5ccff785ea21b80dc0c1fe5acf12f2f0
SHA512b571d08fcedb3c948c7888a9e8726aa37258c523bc1feb8546295f0466b2f338a26d656799808243a01fd18d7b75ada4aa863bcd8c69144ed7199df404a3f2ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettingsFilesize
81B
MD5f222079e71469c4d129b335b7c91355e
SHA10056c3003874efef229a5875742559c8c59887dc
SHA256e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00
SHA512e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1Filesize
126KB
MD56698422bea0359f6d385a4d059c47301
SHA1b1107d1f8cc1ef600531ed87cea1c41b7be474f6
SHA2562f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
SHA512d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUrisFilesize
40B
MD5bf67d81377514292e544064f4855dbf6
SHA11341767193b2201c8fdb39d55d7a013097017153
SHA2562fdbd0be0263e795b865437aba9d2053d01b97026e46e2ea4ab2fe94a928b134
SHA512e9b6626765006bbd1ffcd51f40f6be987bb9bab4feace949e5d54f9f870dc84123a4c58dd9c4cc8d8490365e1dd8fd874245c0c26024360d0e213d239fe036dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_637926750776941557Filesize
460B
MD53397a6b931ef8459d222b4c78d3c6d44
SHA1bd5493a620271795734e854912b38028a386aea6
SHA256acc641dbe6e66540d65c902564dac50942c3a5b202629738c94ec478914a541d
SHA5122935be1c7d94aabb40f447109fdd7fe5c4e18fe66bcb05b3259edc784ab57e33eaa260f156d915496381f367176476451194253e91d7020a8c57e3fb83e1c933
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTrafficFilesize
29B
MD5ce545b52b20b2f56ffb26d2ca2ed4491
SHA1ebe904c20bb43891db4560f458e66663826aa885
SHA256e9d5684e543b573010f8b55b11bf571caf0a225cdea03f520091525978023899
SHA5121ea06c8e3f03efdd67779969b4cdf7d8e08f8327298668a7cffd67d1753f33cf19e6995a3d83fe45185c55b950f41e48ac71b422b91e8d0180b5bdd07cfacfe9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_637811103879324684Filesize
450KB
MD5a7aab197b91381bcdec092e1910a3d62
SHA135794f2d2df163223391a2b21e1610f14f46a78f
SHA2566337fe4e6e7464e319dfcdadf472987592013cf80d44916f5151950b4a4ca14b
SHA512cffd7350d1e69ada5f64cafe42a9d77e3192927e129f2903088b66b6efc9626b5d525aedca08d473ad8fa415af1d816594b243609237dc23716d70a2ca0eb774
-
\??\pipe\LOCAL\crashpad_3620_JJNEFBAOYTLJJDUYMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_4268_LCTOTVXUIUQCQTEAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/380-253-0x0000000000000000-mapping.dmp
-
memory/696-197-0x0000000000000000-mapping.dmp
-
memory/756-257-0x0000000000000000-mapping.dmp
-
memory/832-130-0x00000227EE670000-0x00000227EEFE4000-memory.dmpFilesize
9.5MB
-
memory/832-131-0x00007FF86A310000-0x00007FF86ADD1000-memory.dmpFilesize
10.8MB
-
memory/832-141-0x00007FF86A310000-0x00007FF86ADD1000-memory.dmpFilesize
10.8MB
-
memory/1004-227-0x0000000000000000-mapping.dmp
-
memory/1500-162-0x0000000000000000-mapping.dmp
-
memory/1556-160-0x0000000000000000-mapping.dmp
-
memory/1652-259-0x0000000000000000-mapping.dmp
-
memory/1896-265-0x0000000000000000-mapping.dmp
-
memory/2092-226-0x0000000000000000-mapping.dmp
-
memory/2144-250-0x0000000000000000-mapping.dmp
-
memory/2216-155-0x0000000000000000-mapping.dmp
-
memory/2260-224-0x0000000000000000-mapping.dmp
-
memory/2344-261-0x0000000000000000-mapping.dmp
-
memory/2376-157-0x0000000000000000-mapping.dmp
-
memory/2740-143-0x0000000000000000-mapping.dmp
-
memory/3120-136-0x0000000000000000-mapping.dmp
-
memory/3160-255-0x0000000000000000-mapping.dmp
-
memory/3256-238-0x0000000000000000-mapping.dmp
-
memory/3320-235-0x0000000000000000-mapping.dmp
-
memory/3376-147-0x0000000000000000-mapping.dmp
-
memory/3456-137-0x0000000000000000-mapping.dmp
-
memory/3480-229-0x0000000000000000-mapping.dmp
-
memory/3572-232-0x0000000000000000-mapping.dmp
-
memory/3620-133-0x0000000000000000-mapping.dmp
-
memory/3680-240-0x0000000000000000-mapping.dmp
-
memory/3744-248-0x0000000000000000-mapping.dmp
-
memory/3848-134-0x0000000000000000-mapping.dmp
-
memory/3984-209-0x0000000000000000-mapping.dmp
-
memory/4156-244-0x0000000000000000-mapping.dmp
-
memory/4224-145-0x0000000000000000-mapping.dmp
-
memory/4268-161-0x0000000000000000-mapping.dmp
-
memory/4272-246-0x0000000000000000-mapping.dmp
-
memory/4288-263-0x0000000000000000-mapping.dmp
-
memory/4324-159-0x0000000000000000-mapping.dmp
-
memory/4332-236-0x0000000000000000-mapping.dmp
-
memory/4420-242-0x0000000000000000-mapping.dmp
-
memory/4500-132-0x0000000000000000-mapping.dmp
-
memory/4512-222-0x0000000000000000-mapping.dmp
-
memory/4552-153-0x0000000000000000-mapping.dmp
-
memory/4604-176-0x0000000000000000-mapping.dmp
-
memory/4608-149-0x0000000000000000-mapping.dmp
-
memory/4660-184-0x0000000000000000-mapping.dmp
-
memory/4748-249-0x0000000000000000-mapping.dmp
-
memory/4788-231-0x0000000000000000-mapping.dmp
-
memory/4812-252-0x0000000000000000-mapping.dmp
-
memory/4824-151-0x0000000000000000-mapping.dmp
-
memory/4920-158-0x0000000000000000-mapping.dmp
-
memory/4932-287-0x0000000000000000-mapping.dmp
-
memory/5012-139-0x0000000000000000-mapping.dmp
-
memory/5036-233-0x0000000000000000-mapping.dmp
-
memory/5340-267-0x0000000000000000-mapping.dmp
-
memory/5548-286-0x0000000000000000-mapping.dmp
-
memory/5600-268-0x000001C19FA60000-0x000001C19FA6A000-memory.dmpFilesize
40KB
-
memory/5600-271-0x00007FF86A310000-0x00007FF86ADD1000-memory.dmpFilesize
10.8MB
-
memory/5608-283-0x0000000000000000-mapping.dmp
-
memory/5644-270-0x0000000000000000-mapping.dmp
-
memory/5696-284-0x0000000000000000-mapping.dmp
-
memory/5712-272-0x0000000000000000-mapping.dmp
-
memory/5792-274-0x0000000000000000-mapping.dmp
-
memory/5808-276-0x0000000000000000-mapping.dmp
-
memory/6004-277-0x0000000000000000-mapping.dmp
-
memory/6024-289-0x0000000000000000-mapping.dmp
-
memory/6032-278-0x0000000000000000-mapping.dmp
-
memory/6092-280-0x0000000000000000-mapping.dmp
-
memory/6116-282-0x0000000000000000-mapping.dmp
-
memory/6136-291-0x0000000000000000-mapping.dmp