a4be6fb577700498400f05f7a7b82a9f59e56dfdead09ce8a096f4f15216500a

Analysis

max time kernel
152s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4be6fb577700498400f05f7a7b82a9f59e56dfdead09ce8a096f4f15216500a.exe
Size

15KB
MD5

a2b842c5c6d1ab23be81e1bc8de29432
SHA1

7f96001f7f438dedc6bc35080e05b357b021ed00
SHA256

a4be6fb577700498400f05f7a7b82a9f59e56dfdead09ce8a096f4f15216500a
SHA512

0ebd977425508de92015c6661610799abb53d771c3e152940ea1db43c51d8089a445f29e76d1da502665dc79821cf5ee4101a5ce219c2d7114282c8122ed7316
SSDEEP

384:P+ix5OlEI4aAGodgXpvVtaNJawcudoD7UkJ6gWmE1qb:Wix5zaAGoduGnbcuyD7UmV9

Score

8^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2252	AF50.tmp

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4768-132-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral2/memory/4768-137-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	AF50.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 19 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	notepad.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1276	msedge.exe
1276	msedge.exe
1456	msedge.exe
1456	msedge.exe
3976	msedge.exe
3976	msedge.exe
4632	msedge.exe
4632	msedge.exe
1292	msedge.exe
1292	msedge.exe
2208	msedge.exe
2208	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe
3384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe
2208	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3944	shutdown.exe
Token: SeRemoteShutdownPrivilege	3944	shutdown.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
216	notepad.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4768 wrote to memory of 2252	4768	a4be6fb577700498400f05f7a7b82a9f59e56dfdead09ce8a096f4f15216500a.exe	78
PID 4768 wrote to memory of 2252	4768	a4be6fb577700498400f05f7a7b82a9f59e56dfdead09ce8a096f4f15216500a.exe	78
PID 4768 wrote to memory of 2252	4768	a4be6fb577700498400f05f7a7b82a9f59e56dfdead09ce8a096f4f15216500a.exe	78
PID 2252 wrote to memory of 5060	2252	AF50.tmp	79
PID 2252 wrote to memory of 5060	2252	AF50.tmp	79
PID 2252 wrote to memory of 5060	2252	AF50.tmp	79
PID 5060 wrote to memory of 4604	5060	cmd.exe	81
PID 5060 wrote to memory of 4604	5060	cmd.exe	81
PID 5060 wrote to memory of 4604	5060	cmd.exe	81
PID 5060 wrote to memory of 3344	5060	cmd.exe	82
PID 5060 wrote to memory of 3344	5060	cmd.exe	82
PID 5060 wrote to memory of 3944	5060	cmd.exe	84
PID 5060 wrote to memory of 3944	5060	cmd.exe	84
PID 5060 wrote to memory of 3944	5060	cmd.exe	84
PID 3344 wrote to memory of 4688	3344	msedge.exe	85
PID 3344 wrote to memory of 4688	3344	msedge.exe	85
PID 5060 wrote to memory of 2208	5060	cmd.exe	87
PID 5060 wrote to memory of 2208	5060	cmd.exe	87
PID 2208 wrote to memory of 1696	2208	msedge.exe	88
PID 2208 wrote to memory of 1696	2208	msedge.exe	88
PID 5060 wrote to memory of 4336	5060	cmd.exe	89
PID 5060 wrote to memory of 4336	5060	cmd.exe	89
PID 4336 wrote to memory of 1320	4336	msedge.exe	90
PID 4336 wrote to memory of 1320	4336	msedge.exe	90
PID 5060 wrote to memory of 4640	5060	cmd.exe	91
PID 5060 wrote to memory of 4640	5060	cmd.exe	91
PID 4640 wrote to memory of 3520	4640	msedge.exe	92
PID 4640 wrote to memory of 3520	4640	msedge.exe	92
PID 5060 wrote to memory of 740	5060	cmd.exe	93
PID 5060 wrote to memory of 740	5060	cmd.exe	93
PID 740 wrote to memory of 5064	740	msedge.exe	94
PID 740 wrote to memory of 5064	740	msedge.exe	94
PID 5060 wrote to memory of 4796	5060	cmd.exe	95
PID 5060 wrote to memory of 4796	5060	cmd.exe	95
PID 4796 wrote to memory of 1876	4796	msedge.exe	96
PID 4796 wrote to memory of 1876	4796	msedge.exe	96
PID 5060 wrote to memory of 216	5060	cmd.exe	97
PID 5060 wrote to memory of 216	5060	cmd.exe	97
PID 5060 wrote to memory of 216	5060	cmd.exe	97
PID 216 wrote to memory of 4144	216	notepad.exe	101
PID 216 wrote to memory of 4144	216	notepad.exe	101
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107
PID 3344 wrote to memory of 2716	3344	msedge.exe	107

C:\Users\Admin\AppData\Local\Temp\a4be6fb577700498400f05f7a7b82a9f59e56dfdead09ce8a096f4f15216500a.exe
"C:\Users\Admin\AppData\Local\Temp\a4be6fb577700498400f05f7a7b82a9f59e56dfdead09ce8a096f4f15216500a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Users\Admin\AppData\Local\Temp\AF50.tmp
  C:\Users\Admin\AppData\Local\Temp\AF50.tmp C:\Users\Admin\AppData\Local\Temp
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Suspicious use of WriteProcessMemory
  PID:2252
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpfile0.bat" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:5060
  - - C:\Windows\SysWOW64\rundll32.exe
      Rundll32 user32,SwapMouseButton
      4⤵
      PID:4604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://meatspin.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffe03b46f8,0x7fffe03b4708,0x7fffe03b4718
        5⤵
        
        PID:4688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5547615302145834446,18019772164123329606,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
        5⤵
        
        PID:2716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,5547615302145834446,18019772164123329606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1456
  - - C:\Windows\SysWOW64\shutdown.exe
      shutdown -s -t 110 -c "HAHAHAHAHAHA!! Admin your computer has been fucked by killerkyle113"
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://meatspin.com/
      4⤵
      Enumerates system info in registry
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:2208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffe03b46f8,0x7fffe03b4708,0x7fffe03b4718
        5⤵
        
        PID:1696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        5⤵
        
        PID:1900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1292
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
        5⤵
        
        PID:4788
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
        5⤵
        
        PID:3400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
        5⤵
        
        PID:5824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
        5⤵
        
        PID:5236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
        5⤵
        
        PID:1156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
        5⤵
        
        PID:5384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
        5⤵
        
        PID:5388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
        5⤵
        
        PID:5500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6012 /prefetch:8
        5⤵
        
        PID:5352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
        5⤵
        
        PID:6080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
        5⤵
        
        PID:6116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5848 /prefetch:8
        5⤵
        
        PID:1484
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
        5⤵
        
        PID:4632
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
        5⤵
        
        PID:5956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
        5⤵
        
        PID:3488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
        5⤵
        
        PID:3540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
        5⤵
        
        PID:4316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
        5⤵
        
        PID:636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
        5⤵
        
        PID:5560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8472 /prefetch:1
        5⤵
        
        PID:4944
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
        5⤵
        
        PID:2288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10108020335973306352,9683713946711053613,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9856 /prefetch:2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://meatspin.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe03b46f8,0x7fffe03b4708,0x7fffe03b4718
        5⤵
        
        PID:1320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15045689646559028388,14678411527420351991,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        5⤵
        
        PID:4600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15045689646559028388,14678411527420351991,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://meatspin.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd4,0xfc,0x100,0xf8,0x104,0x7fffe03b46f8,0x7fffe03b4708,0x7fffe03b4718
        5⤵
        
        PID:3520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6582512591567500517,4399281536907523430,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
        5⤵
        
        PID:2308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,6582512591567500517,4399281536907523430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://meatspin.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffe03b46f8,0x7fffe03b4708,0x7fffe03b4718
        5⤵
        
        PID:5064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,941661909383367470,403374148068697859,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        5⤵
        
        PID:636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,941661909383367470,403374148068697859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://meatspin.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffe03b46f8,0x7fffe03b4708,0x7fffe03b4718
        5⤵
        
        PID:1876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1947629626988631955,3889479104958399327,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        5⤵
        
        PID:3892
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,1947629626988631955,3889479104958399327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
        5⤵
        
        PID:4216
  - - C:\Windows\SysWOW64\notepad.exe
      NOTEPAD /P ok.txt
      4⤵
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:216
    - - C:\Windows\splwow64.exe
        
        C:\Windows\splwow64.exe 12288
        5⤵
        
        PID:4144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:5264

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3980855 /state1:0x41c64e6d
1⤵
PID:2024

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
c756e30b0066f716909ec27312b9e757

SHA1
7c15569ad439c13d4b374062cbe220b30b161de5

SHA256
074a6d5b2b595902dda38502fc1d045644bcb5f01d026d1e4ee93e5897d4a05c

SHA512
ab6e122179f5183ca4d08c905644fef7d43886bd38c6ef2d6792f5d2a4eb1e473bec6d1a2ce8c493ff7c1cdff24019dec09537aad34a77fa7514eb0ecb32a808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
c756e30b0066f716909ec27312b9e757

SHA1
7c15569ad439c13d4b374062cbe220b30b161de5

SHA256
074a6d5b2b595902dda38502fc1d045644bcb5f01d026d1e4ee93e5897d4a05c

SHA512
ab6e122179f5183ca4d08c905644fef7d43886bd38c6ef2d6792f5d2a4eb1e473bec6d1a2ce8c493ff7c1cdff24019dec09537aad34a77fa7514eb0ecb32a808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
c756e30b0066f716909ec27312b9e757

SHA1
7c15569ad439c13d4b374062cbe220b30b161de5

SHA256
074a6d5b2b595902dda38502fc1d045644bcb5f01d026d1e4ee93e5897d4a05c

SHA512
ab6e122179f5183ca4d08c905644fef7d43886bd38c6ef2d6792f5d2a4eb1e473bec6d1a2ce8c493ff7c1cdff24019dec09537aad34a77fa7514eb0ecb32a808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
c756e30b0066f716909ec27312b9e757

SHA1
7c15569ad439c13d4b374062cbe220b30b161de5

SHA256
074a6d5b2b595902dda38502fc1d045644bcb5f01d026d1e4ee93e5897d4a05c

SHA512
ab6e122179f5183ca4d08c905644fef7d43886bd38c6ef2d6792f5d2a4eb1e473bec6d1a2ce8c493ff7c1cdff24019dec09537aad34a77fa7514eb0ecb32a808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
c756e30b0066f716909ec27312b9e757

SHA1
7c15569ad439c13d4b374062cbe220b30b161de5

SHA256
074a6d5b2b595902dda38502fc1d045644bcb5f01d026d1e4ee93e5897d4a05c

SHA512
ab6e122179f5183ca4d08c905644fef7d43886bd38c6ef2d6792f5d2a4eb1e473bec6d1a2ce8c493ff7c1cdff24019dec09537aad34a77fa7514eb0ecb32a808

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
442B

MD5
c05c55c6ba64a2c2da21bd816df563c7

SHA1
197c70fe778cf5b148bc81567fe10f4318409422

SHA256
c412f5280b71d8bef14260190be4891bdc7b7ca6df6afc18f7ba6bf30dd469f3

SHA512
6ae94a339c9a676b64e4d48dddb579d948ae0925bfde5bb6d4cea503962b20d3b06ca28d1a01064b102e585968385285601095171b7e0b574b990da4e10b88d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
442B

MD5
c05c55c6ba64a2c2da21bd816df563c7

SHA1
197c70fe778cf5b148bc81567fe10f4318409422

SHA256
c412f5280b71d8bef14260190be4891bdc7b7ca6df6afc18f7ba6bf30dd469f3

SHA512
6ae94a339c9a676b64e4d48dddb579d948ae0925bfde5bb6d4cea503962b20d3b06ca28d1a01064b102e585968385285601095171b7e0b574b990da4e10b88d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
442B

MD5
c05c55c6ba64a2c2da21bd816df563c7

SHA1
197c70fe778cf5b148bc81567fe10f4318409422

SHA256
c412f5280b71d8bef14260190be4891bdc7b7ca6df6afc18f7ba6bf30dd469f3

SHA512
6ae94a339c9a676b64e4d48dddb579d948ae0925bfde5bb6d4cea503962b20d3b06ca28d1a01064b102e585968385285601095171b7e0b574b990da4e10b88d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
442B

MD5
c05c55c6ba64a2c2da21bd816df563c7

SHA1
197c70fe778cf5b148bc81567fe10f4318409422

SHA256
c412f5280b71d8bef14260190be4891bdc7b7ca6df6afc18f7ba6bf30dd469f3

SHA512
6ae94a339c9a676b64e4d48dddb579d948ae0925bfde5bb6d4cea503962b20d3b06ca28d1a01064b102e585968385285601095171b7e0b574b990da4e10b88d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
442B

MD5
c05c55c6ba64a2c2da21bd816df563c7

SHA1
197c70fe778cf5b148bc81567fe10f4318409422

SHA256
c412f5280b71d8bef14260190be4891bdc7b7ca6df6afc18f7ba6bf30dd469f3

SHA512
6ae94a339c9a676b64e4d48dddb579d948ae0925bfde5bb6d4cea503962b20d3b06ca28d1a01064b102e585968385285601095171b7e0b574b990da4e10b88d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
442B

MD5
c05c55c6ba64a2c2da21bd816df563c7

SHA1
197c70fe778cf5b148bc81567fe10f4318409422

SHA256
c412f5280b71d8bef14260190be4891bdc7b7ca6df6afc18f7ba6bf30dd469f3

SHA512
6ae94a339c9a676b64e4d48dddb579d948ae0925bfde5bb6d4cea503962b20d3b06ca28d1a01064b102e585968385285601095171b7e0b574b990da4e10b88d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
442B

MD5
c05c55c6ba64a2c2da21bd816df563c7

SHA1
197c70fe778cf5b148bc81567fe10f4318409422

SHA256
c412f5280b71d8bef14260190be4891bdc7b7ca6df6afc18f7ba6bf30dd469f3

SHA512
6ae94a339c9a676b64e4d48dddb579d948ae0925bfde5bb6d4cea503962b20d3b06ca28d1a01064b102e585968385285601095171b7e0b574b990da4e10b88d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
589a44733ba22c3b8c8b34a999344579

SHA1
6f9df3ef040c1af1bef43a7946b52a38f313f2df

SHA256
1b30f972af4744d266e002c9c215c3b862a91580c5ee1bf7b6dcb90712053911

SHA512
444a175a82b22299f01939c6b503da78232c022f78748ca2b2fa509d596ad0e8701cdf5304f094e6fdc11ab1cdf9977a279f7f20bf3b8dcec58e62f565f44850

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
412B

MD5
3c658ded7d184d23b52638eeb8640b11

SHA1
494f9e628dd1885afbc2c13a8148ff0c0e02616b

SHA256
be2d73f9f4486acca15f0bc5b48ee6a94fce837a2be147d10f6af2e22b8e6718

SHA512
6eacdb6ed8219a9089416514058aa22d43b9aec69429095e53ccad224ceb24324d8227b9a16e82caf4d96251a43f63ad4c414e674bcc8902bce7736eac621187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
8ff59034b74ef0b2121655d8540e70d8

SHA1
db682088e2761aa8e58fa80b88fa1424428396c2

SHA256
44bf3d7b711e47cf9c1d6965bd361cd9dede5c0d6bf7c21827864dce6d1138eb

SHA512
1dcb4537504bdfe5a87bbca86e0e47be7e69ca2cb4fcb62d755baf46e006dff6af97ef9dc0e88f56b24f63cd139959c806205b11e7f47ab05db80736ed4efa21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
95c1e1e4122ff5b1a1d161826e889798

SHA1
08a95f179bc72b08d24712b8ce6b44f8f5666a2a

SHA256
1d00e18a97b31ed51f83a590740f3cc082632124a7950aa9393c6a6c11d781ef

SHA512
c675bae3e3fdbe6861351c7de7aa866922746c3e19a291b3e16544524eff9f906cb7ae563f2fc0e20065d0984c4a86125a098abcb08426f725e8c9b76e7353ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
509e7c92966832190991f3debb80d279

SHA1
cbf24a57b592c4aad91780ba7cd92dd67a64cd24

SHA256
7f83d501239d9ae9ed612cef5f77459a3ec231da90a1a114baa1719c4378636d

SHA512
285b6f2a0018b550e920f10c91c09f003b10aa37294bdf11a0cd73d6d24b2bb72103f8d5334fb50b7d3fa1041a53a66b26140c62654b4894fb9a3de16a141be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9569e69f74316afbd46915f42b06a0f2

SHA1
9a8bc4ecce38f51f16f3af3185442071aff1e29e

SHA256
060f9c74ebae1c41207e023089007af3e8fe2ebccfc1d9bb16fc572afa7cc27b

SHA512
1ffd7a28a1a5f4214f0ba5d27defd0c96759aa45114d481aa9da11649c35b4950b40bd967b0b5d3f2b3010feaebe99201f6f232e0cf23e06158ca1ce23ac64af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
509e7c92966832190991f3debb80d279

SHA1
cbf24a57b592c4aad91780ba7cd92dd67a64cd24

SHA256
7f83d501239d9ae9ed612cef5f77459a3ec231da90a1a114baa1719c4378636d

SHA512
285b6f2a0018b550e920f10c91c09f003b10aa37294bdf11a0cd73d6d24b2bb72103f8d5334fb50b7d3fa1041a53a66b26140c62654b4894fb9a3de16a141be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
12ddee01784d42f9e08cb01fbe598bad

SHA1
1b0ff0808ba373c3ce1546e50ea440d964460fba

SHA256
5d6a54a26379384be3601d11485bfa49ddc4a433fcecc5aee13499f8c7fe1228

SHA512
16b32f41c0c5e84d7dbeb1531d836ba05bf7f289b94834ce9bf0643c007d12417bbc754d1ec75e8cf36f207d387be400690ba2fe55c9135ae5978f70953bcf26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
95c1e1e4122ff5b1a1d161826e889798

SHA1
08a95f179bc72b08d24712b8ce6b44f8f5666a2a

SHA256
1d00e18a97b31ed51f83a590740f3cc082632124a7950aa9393c6a6c11d781ef

SHA512
c675bae3e3fdbe6861351c7de7aa866922746c3e19a291b3e16544524eff9f906cb7ae563f2fc0e20065d0984c4a86125a098abcb08426f725e8c9b76e7353ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
8ff59034b74ef0b2121655d8540e70d8

SHA1
db682088e2761aa8e58fa80b88fa1424428396c2

SHA256
44bf3d7b711e47cf9c1d6965bd361cd9dede5c0d6bf7c21827864dce6d1138eb

SHA512
1dcb4537504bdfe5a87bbca86e0e47be7e69ca2cb4fcb62d755baf46e006dff6af97ef9dc0e88f56b24f63cd139959c806205b11e7f47ab05db80736ed4efa21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
12ddee01784d42f9e08cb01fbe598bad

SHA1
1b0ff0808ba373c3ce1546e50ea440d964460fba

SHA256
5d6a54a26379384be3601d11485bfa49ddc4a433fcecc5aee13499f8c7fe1228

SHA512
16b32f41c0c5e84d7dbeb1531d836ba05bf7f289b94834ce9bf0643c007d12417bbc754d1ec75e8cf36f207d387be400690ba2fe55c9135ae5978f70953bcf26

Download Submit
C:\Users\Admin\AppData\Local\Temp\AF50.tmp

Filesize
14KB

MD5
4c4eb3ad01b11f9c8166ee2c9d29a23b

SHA1
b6f14c13390330987e8aee39fc90429e63da7e0c

SHA256
f868364345b9aec4354372951e088e02d77c64ce4adbf2ecfc283ca1cb7db06a

SHA512
e93aa24d81e67b905de64c5a72469168a9fedc9daf68bfe30b59b6b2e4efdc5375feaf386e82a54742adf50086565784403a7e4a4de18618ed5f2dbe561eab9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\AF50.tmp

Filesize
14KB

MD5
4c4eb3ad01b11f9c8166ee2c9d29a23b

SHA1
b6f14c13390330987e8aee39fc90429e63da7e0c

SHA256
f868364345b9aec4354372951e088e02d77c64ce4adbf2ecfc283ca1cb7db06a

SHA512
e93aa24d81e67b905de64c5a72469168a9fedc9daf68bfe30b59b6b2e4efdc5375feaf386e82a54742adf50086565784403a7e4a4de18618ed5f2dbe561eab9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ok.txt

Filesize
27B

MD5
d79c6e3a98f838e2185ee3ac8ad80c58

SHA1
f333bac745a02d92f70974fe6edf9d47c5515e1a

SHA256
f673d8dee2cab664550a1f17cd6e97ecd41bac33f43068e413540570d954e4d3

SHA512
b8612a48081ba19bcc012f5017ff3f965eb4b98a64139f121bf6860eb874a48d6044d1ff04e2aa4dcb02c416d0e0ffabba23fdc754bbf7ea65e9af6255caf7f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpfile0.bat

Filesize
844B

MD5
aff7f927644576bf0801478f400902bd

SHA1
5f7b3e08ffecde0ad0977321c6c5b0d6926b1164

SHA256
f2a26da1f756c17c5cd3df70966a0ee1ce6b5b54d6584be92837eb7babb547ca

SHA512
4ab489834903f9bb4caee60ae097a77a7acbf2ac93eb1272e51eb3e2866ee1d290209a9d9d73c9ea0af0de51700c0496585c02c00b49538355e569c15d23a872

Download Submit
memory/216-159-0x0000000000000000-mapping.dmp

Download
memory/636-258-0x0000000000000000-mapping.dmp

Download
memory/636-180-0x0000000000000000-mapping.dmp

Download
memory/740-153-0x0000000000000000-mapping.dmp

Download
memory/1156-232-0x0000000000000000-mapping.dmp

Download
memory/1276-186-0x0000000000000000-mapping.dmp

Download
memory/1292-189-0x0000000000000000-mapping.dmp

Download
memory/1320-148-0x0000000000000000-mapping.dmp

Download
memory/1456-187-0x0000000000000000-mapping.dmp

Download
memory/1484-246-0x0000000000000000-mapping.dmp

Download
memory/1696-145-0x0000000000000000-mapping.dmp

Download
memory/1876-157-0x0000000000000000-mapping.dmp

Download
memory/1900-183-0x0000000000000000-mapping.dmp

Download
memory/2208-144-0x0000000000000000-mapping.dmp

Download
memory/2252-133-0x0000000000000000-mapping.dmp

Download
memory/2252-136-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2288-264-0x0000000000000000-mapping.dmp

Download
memory/2308-188-0x0000000000000000-mapping.dmp

Download
memory/2716-181-0x0000000000000000-mapping.dmp

Download
memory/3344-141-0x0000000000000000-mapping.dmp

Download
memory/3384-265-0x0000000000000000-mapping.dmp

Download
memory/3400-223-0x0000000000000000-mapping.dmp

Download
memory/3488-252-0x0000000000000000-mapping.dmp

Download
memory/3520-151-0x0000000000000000-mapping.dmp

Download
memory/3540-254-0x0000000000000000-mapping.dmp

Download
memory/3892-184-0x0000000000000000-mapping.dmp

Download
memory/3944-142-0x0000000000000000-mapping.dmp

Download
memory/3976-192-0x0000000000000000-mapping.dmp

Download
memory/4144-166-0x0000000000000000-mapping.dmp

Download
memory/4216-190-0x0000000000000000-mapping.dmp

Download
memory/4316-256-0x0000000000000000-mapping.dmp

Download
memory/4336-147-0x0000000000000000-mapping.dmp

Download
memory/4600-185-0x0000000000000000-mapping.dmp

Download
memory/4604-140-0x0000000000000000-mapping.dmp

Download
memory/4632-197-0x0000000000000000-mapping.dmp

Download
memory/4632-248-0x0000000000000000-mapping.dmp

Download
memory/4640-149-0x0000000000000000-mapping.dmp

Download
memory/4688-143-0x0000000000000000-mapping.dmp

Download
memory/4768-132-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4768-137-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4788-200-0x0000000000000000-mapping.dmp

Download
memory/4796-156-0x0000000000000000-mapping.dmp

Download
memory/4944-262-0x0000000000000000-mapping.dmp

Download
memory/5060-138-0x0000000000000000-mapping.dmp

Download
memory/5064-154-0x0000000000000000-mapping.dmp

Download
memory/5236-229-0x0000000000000000-mapping.dmp

Download
memory/5352-240-0x0000000000000000-mapping.dmp

Download
memory/5384-234-0x0000000000000000-mapping.dmp

Download
memory/5388-236-0x0000000000000000-mapping.dmp

Download
memory/5500-238-0x0000000000000000-mapping.dmp

Download
memory/5560-260-0x0000000000000000-mapping.dmp

Download
memory/5824-227-0x0000000000000000-mapping.dmp

Download
memory/5956-250-0x0000000000000000-mapping.dmp

Download
memory/6080-242-0x0000000000000000-mapping.dmp

Download
memory/6116-244-0x0000000000000000-mapping.dmp

Download