Malware Analysis Report

2024-11-13 18:33

Sample ID 231016-ddrkhsdd72
Target https://filebin.ca/7djc5uU10NKk
Tags
strrat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://filebin.ca/7djc5uU10NKk was found to be: Known bad.

Malicious Activity Summary

strrat stealer trojan

STRRAT

Drops file in Program Files directory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Modifies registry class

Opens file in notepad (likely ransom note)

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-16 02:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-16 02:53

Reported

2023-10-16 02:57

Platform

win10v2004-20230915-en

Max time kernel

185s

Max time network

207s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filebin.ca/7djc5uU10NKk

Signatures

STRRAT

trojan stealer strrat

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
File opened for modification C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2852 wrote to memory of 3884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 3884 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 4592 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2852 wrote to memory of 956 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filebin.ca/7djc5uU10NKk

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d72046f8,0x7ff9d7204708,0x7ff9d7204718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\SHIPPINGDOCS775674.PDF.jar"

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\SHIPPINGDOCS775674.PDF.jar

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\SHIPPINGDOCS775674.PDF.jar"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\hs_err_pid920.log

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\hs_err_pid920.log

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,4496258396966407161,715370631312822058,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5564 /prefetch:2

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\SHIPPINGDOCS775674.PDF.jar"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\hs_err_pid2844.log

Network

Country Destination Domain Proto
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 filebin.ca udp
US 172.67.170.98:443 filebin.ca tcp
US 172.67.170.98:443 filebin.ca tcp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 88.221.25.169:80 apps.identrust.com tcp
US 8.8.8.8:53 challenges.cloudflare.com udp
US 8.8.8.8:53 98.170.67.172.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 169.25.221.88.in-addr.arpa udp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 104.17.3.184:443 challenges.cloudflare.com tcp
US 8.8.8.8:53 184.3.17.104.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 repo1.maven.org udp
US 8.8.8.8:53 github.com udp
US 199.232.192.209:443 repo1.maven.org tcp
US 199.232.192.209:443 repo1.maven.org tcp
US 140.82.113.3:443 github.com tcp
US 199.232.192.209:443 repo1.maven.org tcp
US 8.8.8.8:53 209.192.232.199.in-addr.arpa udp
US 8.8.8.8:53 3.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 repo1.maven.org udp
US 199.232.192.209:443 repo1.maven.org tcp
US 199.232.192.209:443 repo1.maven.org tcp
US 8.8.8.8:53 github.com udp
US 199.232.192.209:443 repo1.maven.org tcp
US 140.82.113.4:443 github.com tcp
US 8.8.8.8:53 4.113.82.140.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bf009481892dd0d1c49db97428428ede
SHA1 aee4e7e213f6332c1629a701b42335eb1a035c66
SHA256 18236c88bc4fe576f82223cca595133aa3b4e5fd24ebac9fd515b70e6f403ab4
SHA512 d05515ff319b0b82030bc9d4a27f0432b613488f945d1dae8b8dfe73c64e651eb39f4141a5d2e157e2afb43dd1dd95b6611c1003ac4e2e80511e6c5cd7cfdf11

\??\pipe\LOCAL\crashpad_2852_WKIBGCKPYEFORCMY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a4af1aae49264d56df02b3ba7a6c0015
SHA1 1e061a1fe65b66a40d25aacac98129a331214074
SHA256 bb13d37325fec1bf489dde8b4aa894e33ed73e4999da7d102ddf2523e0b9ce53
SHA512 1d182b98f660f48bdfb5457f673ebbcfefc84d7ae3adf6d5a4ef2c94f068de71a1955b80ec130d997828cb591b05f70383b4d006dd46791308bf5e147199e858

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6a790f499536f7aaf5a93e67d2b26d1a
SHA1 6ea0c0208d00f4d8132e6463c9b32580fab4e635
SHA256 1a2be257082852e5567946856273649960278465e0d19268f62c450d9924c019
SHA512 d0e43909b12d6322583a99994c14c28dce8efde1c843b34edb42300f7c5a7d2e5c93fe6255e8e300f4f34532a83a2cafd6fe0c1feab02b2a959e31924804a123

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f6e62b0c-d391-49da-a4c7-afdbec79a91c.tmp

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5d8ac9b61bc4512960cc7e63d5f36280
SHA1 10a299f8b9b41be2123ed86e59fa9c397b6b9005
SHA256 fe5ea4c263777cbe30f5993c87b5a0fa81e1eeac4344b20e1d4d92e6b36ee32c
SHA512 e1510fed7c5b88281f4095e5ea07762b3b52991c0e42ad58d9667dae29d94ce51a64a1a085f06a00e1c5833a5e31f5584214c7249059c554747545d38cf12177

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 25ac77f8c7c7b76b93c8346e41b89a95
SHA1 5a8f769162bab0a75b1014fb8b94f9bb1fb7970a
SHA256 8ad26364375358eac8238a730ef826749677c62d709003d84e758f0e7478cc4b
SHA512 df64a3593882972f3b10c997b118087c97a7fa684cd722624d7f5fb41d645c605d59a89eccf7518570ff9e73b4310432c4bb5864ee58e78c0743c0c1606853a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 868dac041f63829c2499ac332e5ca8f2
SHA1 4432871bd1552c8c2faea1a1bf2ff8590cb7f912
SHA256 73189abd232894ccee75a4422903d6223f81e754e491783df062622f797e1a46
SHA512 38120e904f5a8e962df59e68425be79e02deb4079cc2c8e3a4231599c62986fc0f00bdbdc96dd07d8bef0a4bf0b75bb0708389569fa37b1a8e4c9b32bcdff26b

C:\Users\Admin\Downloads\SHIPPINGDOCS775674.PDF.jar

MD5 2867995420fa528e036e135bbe9ca3b5
SHA1 3ce3a3f5f980739d970db7bff5efa564fc93571f
SHA256 2f1ae19f5a471ed865f9045872b8c7e22c31287562fad799fab090b6adced0bf
SHA512 c20eb06c2fef55448b0c1bf9391556a4bd16e6e101ac0657ac31e11f1d52d3233d98e36576d314c2fe8c68b7f4fd1ead5589f8f61552f2fc8c30c0f5ee9bdcef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9594789c568eddb5069d7f3e2b3897fe
SHA1 6e26c2d6dc4e88aa34b011dfe2244bcc00d84888
SHA256 c041e2eb7095086c97d79b7283f27ffdeaa604c0dd27e48b89317152dbc48238
SHA512 98f92dff8cb7b5484c68de262b92b0f9f138b99f858f5708740108a9cd7d106d2a933aded6b40cd05641a929dfdfcb338ef36a21fa64d651e6d60adc6ec4eae3

C:\Users\Admin\Downloads\SHIPPINGDOCS775674.PDF.jar

MD5 2867995420fa528e036e135bbe9ca3b5
SHA1 3ce3a3f5f980739d970db7bff5efa564fc93571f
SHA256 2f1ae19f5a471ed865f9045872b8c7e22c31287562fad799fab090b6adced0bf
SHA512 c20eb06c2fef55448b0c1bf9391556a4bd16e6e101ac0657ac31e11f1d52d3233d98e36576d314c2fe8c68b7f4fd1ead5589f8f61552f2fc8c30c0f5ee9bdcef

memory/920-126-0x00000000026C0000-0x00000000036C0000-memory.dmp

memory/920-137-0x00000000007E0000-0x00000000007E1000-memory.dmp

memory/920-145-0x00000000026C0000-0x00000000036C0000-memory.dmp

memory/920-147-0x00000000007E0000-0x00000000007E1000-memory.dmp

memory/920-164-0x00000000026C0000-0x00000000036C0000-memory.dmp

memory/920-180-0x00000000026C0000-0x00000000036C0000-memory.dmp

memory/920-183-0x00000000029A0000-0x00000000029B0000-memory.dmp

memory/920-182-0x0000000002940000-0x0000000002950000-memory.dmp

memory/920-184-0x00000000029E0000-0x00000000029F0000-memory.dmp

memory/920-186-0x0000000002980000-0x0000000002990000-memory.dmp

memory/920-187-0x0000000002990000-0x00000000029A0000-memory.dmp

memory/920-188-0x00000000029B0000-0x00000000029C0000-memory.dmp

memory/920-189-0x00000000029C0000-0x00000000029D0000-memory.dmp

memory/920-190-0x00000000026C0000-0x00000000036C0000-memory.dmp

memory/920-191-0x00000000029D0000-0x00000000029E0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6ef3a98cbed09a79e067c1c6e0918f9c
SHA1 bbd370143695c09c17f108c8673f0127c757b81b
SHA256 291808f9cb3ffaffae39a7b4b78353227a3c49cca987963d239193ef099b94c0
SHA512 4e43dc367cb8faced1f983af9b52847023bf065dbf9c8322d54f54b32948c41caf8497e8d46adbe54d5beb4257e89e39caa31894b03afe1e8ce6b266aa7c296c

memory/920-226-0x00000000026C0000-0x00000000036C0000-memory.dmp

memory/2844-232-0x0000000002C20000-0x0000000003C20000-memory.dmp

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

MD5 12a3d2b572b7ed1ee9bac7ff79e58d1f
SHA1 c6361fd7246d8c2b3411da9c16f3551772afa4f4
SHA256 025d8a71ff56d62a2686153299097147e53da62b043869b4f05ef5f5bc4dfa97
SHA512 e8640f6c32d5dd4986aef6e894be566f5c5a043acaa042e4b48a11eb0e70be30c8e51210988c74128ada353d90989b4e9be4411249c023a98dfcc770700a373b

memory/2844-239-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

memory/2844-241-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

memory/2844-248-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

memory/2844-251-0x0000000002C20000-0x0000000003C20000-memory.dmp

memory/2844-249-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

memory/2844-259-0x0000000002C20000-0x0000000003C20000-memory.dmp

memory/2844-260-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3027552071-446050021-1254071215-1000\83aa4cc77f591dfc2374580bbd95f6ba_87d750a5-3031-4fa3-b099-3164d7f4f528

MD5 c8366ae350e7019aefc9d1e6e6a498c6
SHA1 5731d8a3e6568a5f2dfbbc87e3db9637df280b61
SHA256 11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238
SHA512 33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

memory/2844-267-0x0000000002EA0000-0x0000000002EB0000-memory.dmp

C:\Users\Admin\Downloads\hs_err_pid920.log

MD5 0ce3ea12c8cb10b5d0b66b1065c3bf2e
SHA1 3b90e0454c1c011b7be332ad1f5e58efce569182
SHA256 434bece03cfabb66fd36407988cdb51e68050772a1bb4ede8c773201b4c61cab
SHA512 6ac1247cb90fd08cd73998f3222bdd9da6953e13c01722d0d7b6727f1ccca544881df358cff5d7344016a22494c0e03a46240d5aaac01da440b02e56fa6601fd

memory/2844-269-0x0000000002EC0000-0x0000000002ED0000-memory.dmp

memory/2844-270-0x0000000002ED0000-0x0000000002EE0000-memory.dmp

memory/2844-271-0x0000000002EF0000-0x0000000002F00000-memory.dmp

memory/2844-272-0x0000000002C20000-0x0000000003C20000-memory.dmp

memory/2844-275-0x0000000002C20000-0x0000000003C20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 52a2cb8471f055178b8844eb299c19b5
SHA1 e3e404f43f9c04c116093aa2ce9b75ce0b222af4
SHA256 368fd6ed58a78726709ee0f39423434ec4d4986a03f2b6b0ea1ff215fb5eae66
SHA512 b853160b98de2837a660aabdbe746243ce8124500327fc5dc16f5f77c8eef00fc98476266ae4f36e258e2008fdd8293e04b591c5ee7b814bf33970f72d73fead

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

MD5 c65e1f65dde7d73de8ffc3617027604f
SHA1 cf53966e092bb3051f68b503d48e867b9cc07180
SHA256 42719a4e5faf4a4a060521a8b691fb5a5ec64b2cb60fee0360369a6f22703a74
SHA512 7b64a1da2fb8bbe33298e0971f7494bdefcf8bcaae8d9f0a73de66aa02ed42174047d50c39182cd93a31415cbf2271f47563ea52caeafbdbb62a0c15e1301604

memory/4536-307-0x0000000003100000-0x0000000004100000-memory.dmp

C:\Users\Admin\Downloads\hs_err_pid2844.log

MD5 d7c0ab47e1dc98460868cecccef00fea
SHA1 17e83779f53ff98b258610f5d703efc67ede7ea6
SHA256 18b54de8dbf7700a09ecaad5e5ac7ca1abf4f7bb58c6d08f73db72e0ce91671f
SHA512 8dda253ae59d72adafa684fb060c17eecbd04d2b6a0f926d8d43b18d25c1d27e09443b60d0a402dfd7f8e40afdaa4606d0a927e5ff1a1917bb059b916ec1fb53

memory/4536-309-0x00000000013A0000-0x00000000013A1000-memory.dmp

memory/4536-310-0x00000000013A0000-0x00000000013A1000-memory.dmp

memory/4536-320-0x0000000003100000-0x0000000004100000-memory.dmp

memory/4536-324-0x0000000003100000-0x0000000004100000-memory.dmp

memory/4536-323-0x00000000013A0000-0x00000000013A1000-memory.dmp

memory/4536-325-0x0000000003100000-0x0000000004100000-memory.dmp

memory/4536-332-0x0000000003100000-0x0000000004100000-memory.dmp

memory/4536-339-0x00000000013A0000-0x00000000013A1000-memory.dmp