Analysis

  • max time kernel
    199s
  • max time network
    202s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-11-2023 02:21

General

  • Target

    8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b.exe

  • Size

    917KB

  • MD5

    cb6f1515180d582f7c521a7af859510d

  • SHA1

    3fb69cdb05e6559842a69bf977fe977537fcdc32

  • SHA256

    8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b

  • SHA512

    fb2caccef2c5d424ebbe8f42b8763de3ac3798c1b45d57a4c9cf9e120ad5490cb894c06648acafb44bc7d3144f5cf8e40cc66482c0b7f109dac83ae269cb56de

  • SSDEEP

    24576:fyvVKCoS54aeuIsSC/GzLYDZTLQ0d2rQb2pOdTB1q:qNKCZhetLEG4BLlbdN1

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Signatures

  • Detect Mystic stealer payload 4 IoCs
  • Mystic

    Mystic is an infostealer written in C++.

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 37 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b.exe
    "C:\Users\Admin\AppData\Local\Temp\8c6cf8cb2f04e577c2982c0a0690d340e689ebaf14b7f4a269a80dfb95986d3b.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:5032
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2184
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2056
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:3372
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718
            5⤵
              PID:4876
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,14413856281131104226,224962346440790426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
              5⤵
                PID:5512
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,14413856281131104226,224962346440790426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
                5⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:6304
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
              4⤵
              • Suspicious use of WriteProcessMemory
              PID:1516
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718
                5⤵
                  PID:2692
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,3328960251432911309,17226370569059211946,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
                  5⤵
                    PID:6080
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,3328960251432911309,17226370569059211946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
                    5⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4152
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                  4⤵
                  • Suspicious use of WriteProcessMemory
                  PID:1232
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718
                    5⤵
                      PID:4604
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,18018481781736533034,5458002315968924817,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
                      5⤵
                        PID:5840
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,18018481781736533034,5458002315968924817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
                        5⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:6264
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
                      4⤵
                      • Suspicious use of WriteProcessMemory
                      PID:4260
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718
                        5⤵
                          PID:664
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,8885517875737529602,4570816504638589251,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
                          5⤵
                            PID:2084
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,8885517875737529602,4570816504638589251,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:3
                            5⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:6244
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
                          4⤵
                          • Suspicious use of WriteProcessMemory
                          PID:4024
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718
                            5⤵
                              PID:3148
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,13104756846072646627,6522750811149198073,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
                              5⤵
                                PID:5780
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,13104756846072646627,6522750811149198073,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
                                5⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:6272
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
                              4⤵
                              • Suspicious use of WriteProcessMemory
                              PID:1412
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718
                                5⤵
                                  PID:3464
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8189772015992859287,16618023103039153671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:2
                                  5⤵
                                    PID:5576
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,8189772015992859287,16618023103039153671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
                                    5⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:6296
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
                                  4⤵
                                  • Suspicious use of WriteProcessMemory
                                  PID:4092
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718
                                    5⤵
                                      PID:4868
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9582348606883125775,7644132924658526709,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
                                      5⤵
                                        PID:5568
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9582348606883125775,7644132924658526709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
                                        5⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:6288
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
                                      4⤵
                                      • Suspicious use of WriteProcessMemory
                                      PID:4892
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718
                                        5⤵
                                          PID:4656
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1792,1309110048429547625,9383463848562010292,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
                                          5⤵
                                            PID:5740
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1792,1309110048429547625,9383463848562010292,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
                                            5⤵
                                            • Suspicious behavior: EnumeratesProcesses
                                            PID:6280
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
                                          4⤵
                                          • Suspicious use of FindShellTrayWindow
                                          • Suspicious use of SendNotifyMessage
                                          • Suspicious use of WriteProcessMemory
                                          PID:3836
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718
                                            5⤵
                                              PID:1560
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,17854648917854004303,1676894217722503669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
                                              5⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:2704
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,17854648917854004303,1676894217722503669,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
                                              5⤵
                                                PID:5960
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,17854648917854004303,1676894217722503669,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
                                                5⤵
                                                  PID:6912
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                                4⤵
                                                • Suspicious use of WriteProcessMemory
                                                PID:3828
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x13c,0x170,0x7ffac46346f8,0x7ffac4634708,0x7ffac4634718
                                                  5⤵
                                                    PID:2748
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,13218261192906753097,10451771638398150661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
                                                    5⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:5956
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,13218261192906753097,10451771638398150661,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
                                                    5⤵
                                                      PID:5844
                                                • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JK8173.exe
                                                  C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JK8173.exe
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of SetThreadContext
                                                  • Suspicious use of WriteProcessMemory
                                                  PID:4788
                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                                                    4⤵
                                                      PID:5484
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 540
                                                        5⤵
                                                        • Program crash
                                                        PID:4192
                                                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3lm94fi.exe
                                                  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3lm94fi.exe
                                                  2⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of SetThreadContext
                                                  PID:7020
                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                                                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                                                    3⤵
                                                      PID:4360
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5484 -ip 5484
                                                  1⤵
                                                    PID:7056

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4c3f3d4a-41d1-4d5e-bb55-7363985cdb86.tmp

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    d0a6a966d9ee932e984eb5b6c9ad8286

                                                    SHA1

                                                    002907aefa3c193d7ec7d4c7867f5e4599d28316

                                                    SHA256

                                                    50c9e64b2f9812dcdafa4c12c731d372e0bdcf93ce1585ed7c9e296ef946bf39

                                                    SHA512

                                                    bd5660bda8ffe473c1e975c6005cda7b68cc841e9d71705574882cfcc0979bc6ffbfc34806b4a279c6096a4df9616ea7d52752f53aceb1c79e570b3cf151cefe

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6849ee8f-af76-4076-9e77-47f1573fee51.tmp

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    b23be92a9cac27f3ab3e451c70be20f4

                                                    SHA1

                                                    351623845a8323d0280694583a88fef689684045

                                                    SHA256

                                                    096988f9cc20e2d991dce4fc1aa7d8c12d651ec56ceb5ba0f64a7e245ece9863

                                                    SHA512

                                                    84e2d09aa6948cde94c298262b0f2b77d19a2c25e59c4653f1313d64676c844d734e59f0081cb04e68ec9c334be8a1634a2de77b20dd01585fe5dfbd79ea88be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\75d6a0eb-1eec-4ff3-8bff-e9ab3c72b6eb.tmp

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    5f0129e26e1c24702f863eede1fa096b

                                                    SHA1

                                                    e3d491c8ff4816e91873caeb0c49585f931d8d91

                                                    SHA256

                                                    767890caca6e16c7ad24fabcba4da994d5dc1b82627ed50c8f53eae5b477566c

                                                    SHA512

                                                    080d58ed13b57c3ad5e6b0656973e2f47fb7eb4e5a99bf993263da68bf0e4e6df1f9123c4463d4b8c1585c7f5b66e90c79a0c2617a072fcfe045ba5f9a4dd934

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    ed1059501887ca58bf7183147bc7e9bd

                                                    SHA1

                                                    2f3fae395180943a637a4ae1d3a4b374b5a13a42

                                                    SHA256

                                                    1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89

                                                    SHA512

                                                    d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    ed1059501887ca58bf7183147bc7e9bd

                                                    SHA1

                                                    2f3fae395180943a637a4ae1d3a4b374b5a13a42

                                                    SHA256

                                                    1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89

                                                    SHA512

                                                    d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    ed1059501887ca58bf7183147bc7e9bd

                                                    SHA1

                                                    2f3fae395180943a637a4ae1d3a4b374b5a13a42

                                                    SHA256

                                                    1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89

                                                    SHA512

                                                    d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    ed1059501887ca58bf7183147bc7e9bd

                                                    SHA1

                                                    2f3fae395180943a637a4ae1d3a4b374b5a13a42

                                                    SHA256

                                                    1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89

                                                    SHA512

                                                    d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    ed1059501887ca58bf7183147bc7e9bd

                                                    SHA1

                                                    2f3fae395180943a637a4ae1d3a4b374b5a13a42

                                                    SHA256

                                                    1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89

                                                    SHA512

                                                    d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    ed1059501887ca58bf7183147bc7e9bd

                                                    SHA1

                                                    2f3fae395180943a637a4ae1d3a4b374b5a13a42

                                                    SHA256

                                                    1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89

                                                    SHA512

                                                    d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    ed1059501887ca58bf7183147bc7e9bd

                                                    SHA1

                                                    2f3fae395180943a637a4ae1d3a4b374b5a13a42

                                                    SHA256

                                                    1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89

                                                    SHA512

                                                    d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    ed1059501887ca58bf7183147bc7e9bd

                                                    SHA1

                                                    2f3fae395180943a637a4ae1d3a4b374b5a13a42

                                                    SHA256

                                                    1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89

                                                    SHA512

                                                    d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    ed1059501887ca58bf7183147bc7e9bd

                                                    SHA1

                                                    2f3fae395180943a637a4ae1d3a4b374b5a13a42

                                                    SHA256

                                                    1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89

                                                    SHA512

                                                    d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    ed1059501887ca58bf7183147bc7e9bd

                                                    SHA1

                                                    2f3fae395180943a637a4ae1d3a4b374b5a13a42

                                                    SHA256

                                                    1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89

                                                    SHA512

                                                    d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                    Filesize

                                                    152B

                                                    MD5

                                                    8f30b8232b170bdbc7d9c741c82c4a73

                                                    SHA1

                                                    9abfca17624e13728bd7fa6547e7e26e0695d411

                                                    SHA256

                                                    0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb

                                                    SHA512

                                                    587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                    Filesize

                                                    11B

                                                    MD5

                                                    838a7b32aefb618130392bc7d006aa2e

                                                    SHA1

                                                    5159e0f18c9e68f0e75e2239875aa994847b8290

                                                    SHA256

                                                    ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                                                    SHA512

                                                    9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                    Filesize

                                                    2KB

                                                    MD5

                                                    397dfff9c98afc8d3bdb336355076564

                                                    SHA1

                                                    cd2cecd2f50f9ea01821a49ac87b397a236aca70

                                                    SHA256

                                                    35b3b63072f8948d16db7fac676dfe90022268bf9e064894a0da11ff21e6124d

                                                    SHA512

                                                    cd0683b9d4fc2798917fa1cceaf612619b82e0862f26382f85cd244b16f68c6f213eb36342c46a334df17054d1de6017f2c9685ae0768c8748bceccc5ac4a8eb

                                                  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3lm94fi.exe

                                                    Filesize

                                                    349KB

                                                    MD5

                                                    dcca66c9de49d1b378eeaca6cd7f64f7

                                                    SHA1

                                                    268864a238705ec1bba90ef7380880818ab4bb73

                                                    SHA256

                                                    8f57ce9a4b5177f85ef2ea923dd92f519b5260b7a9f012c275e42ca5d42de5ae

                                                    SHA512

                                                    674caa90eb43f8f8843ce976a250a22ccc14b628854edb674cd28ec9cfd4a95760fcbbdb2e11bb41e21169fda49ab78398f8bab03bf1a67a2a1f615426048f17

                                                  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3lm94fi.exe

                                                    Filesize

                                                    349KB

                                                    MD5

                                                    dcca66c9de49d1b378eeaca6cd7f64f7

                                                    SHA1

                                                    268864a238705ec1bba90ef7380880818ab4bb73

                                                    SHA256

                                                    8f57ce9a4b5177f85ef2ea923dd92f519b5260b7a9f012c275e42ca5d42de5ae

                                                    SHA512

                                                    674caa90eb43f8f8843ce976a250a22ccc14b628854edb674cd28ec9cfd4a95760fcbbdb2e11bb41e21169fda49ab78398f8bab03bf1a67a2a1f615426048f17

                                                  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe

                                                    Filesize

                                                    674KB

                                                    MD5

                                                    ebd283624322ff81ec7fe3c2e6e0ba39

                                                    SHA1

                                                    0dc2b9bc52aafb942221408377e075feaaceabc3

                                                    SHA256

                                                    ea909b6754d5985029c59ab76157da77d0e1e8c7ca1663c26af8cc714df784c6

                                                    SHA512

                                                    fed1e6e7273ffb15010f2a3c80252298ce4c65f582090e5c59688005d7958deb592040fa62c33e6991d17e8e4e51f6399cb5b3a777cdc7ea136d9710753a921c

                                                  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\St3FX01.exe

                                                    Filesize

                                                    674KB

                                                    MD5

                                                    ebd283624322ff81ec7fe3c2e6e0ba39

                                                    SHA1

                                                    0dc2b9bc52aafb942221408377e075feaaceabc3

                                                    SHA256

                                                    ea909b6754d5985029c59ab76157da77d0e1e8c7ca1663c26af8cc714df784c6

                                                    SHA512

                                                    fed1e6e7273ffb15010f2a3c80252298ce4c65f582090e5c59688005d7958deb592040fa62c33e6991d17e8e4e51f6399cb5b3a777cdc7ea136d9710753a921c

                                                  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe

                                                    Filesize

                                                    895KB

                                                    MD5

                                                    7af3481fcaf913f1c7ca5be953777692

                                                    SHA1

                                                    7190fb8a7cc0a2fb557a61862527a0c6ef73601a

                                                    SHA256

                                                    8a76159e3f32a9ace8637bb1afe6cc286dd0480a6e8c483086c6400ac78b61ca

                                                    SHA512

                                                    5f570bb5f97e7bf857948082c58fc2a94fca7449483d90270f9df2b7bba1e6c121991bf124b6141f92b0e057e948b0803eae1fea86acb86ce165077aa4c4a56f

                                                  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1hz94Ty9.exe

                                                    Filesize

                                                    895KB

                                                    MD5

                                                    7af3481fcaf913f1c7ca5be953777692

                                                    SHA1

                                                    7190fb8a7cc0a2fb557a61862527a0c6ef73601a

                                                    SHA256

                                                    8a76159e3f32a9ace8637bb1afe6cc286dd0480a6e8c483086c6400ac78b61ca

                                                    SHA512

                                                    5f570bb5f97e7bf857948082c58fc2a94fca7449483d90270f9df2b7bba1e6c121991bf124b6141f92b0e057e948b0803eae1fea86acb86ce165077aa4c4a56f

                                                  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JK8173.exe

                                                    Filesize

                                                    310KB

                                                    MD5

                                                    add9c2ed18040005fc24ba1df3a65d50

                                                    SHA1

                                                    5bfc7bace88d3cb5fc38a8fbac602b502f4fb5c1

                                                    SHA256

                                                    b233c6c843df05010bbf39b2f1324bbece3156f501cb41eb8cec218cb3d37570

                                                    SHA512

                                                    377c7363a47795284c0e7ca9db0bba805fdbb02f847d61d66aa4269baee9d69031ad50c450fb46d9b8d4a79acb613ee271bf22f9c204d2d20cf3bc35163f730b

                                                  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2JK8173.exe

                                                    Filesize

                                                    310KB

                                                    MD5

                                                    add9c2ed18040005fc24ba1df3a65d50

                                                    SHA1

                                                    5bfc7bace88d3cb5fc38a8fbac602b502f4fb5c1

                                                    SHA256

                                                    b233c6c843df05010bbf39b2f1324bbece3156f501cb41eb8cec218cb3d37570

                                                    SHA512

                                                    377c7363a47795284c0e7ca9db0bba805fdbb02f847d61d66aa4269baee9d69031ad50c450fb46d9b8d4a79acb613ee271bf22f9c204d2d20cf3bc35163f730b

                                                  • memory/4360-176-0x0000000000400000-0x000000000043C000-memory.dmp

                                                    Filesize

                                                    240KB

                                                  • memory/5484-132-0x0000000000400000-0x0000000000433000-memory.dmp

                                                    Filesize

                                                    204KB

                                                  • memory/5484-126-0x0000000000400000-0x0000000000433000-memory.dmp

                                                    Filesize

                                                    204KB

                                                  • memory/5484-129-0x0000000000400000-0x0000000000433000-memory.dmp

                                                    Filesize

                                                    204KB

                                                  • memory/5484-122-0x0000000000400000-0x0000000000433000-memory.dmp

                                                    Filesize

                                                    204KB