glupteba | 3d994ba324809b17b23cff6cf56859d1f0957aea29abbf920c6478c7c61a42c9

Analysis

max time kernel
61s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
12-11-2023 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3d994ba324809b17b23cff6cf56859d1f0957aea29abbf920c6478c7c61a42c9.exe
Size

1.4MB
MD5

2d49e71b3b08270ab426597a32e9c004
SHA1

d0c77f42b3fc1c4160100a3632db4f87f660e8af
SHA256

3d994ba324809b17b23cff6cf56859d1f0957aea29abbf920c6478c7c61a42c9
SHA512

0850d7d898c2dc3b69e4990ec30be64ae85f1c1fe655e420371862135fa44f2c2559033fffc116501a9f84c303b508f60a6873d110609fb33b48444a82cc95cc
SSDEEP

24576:PyQ9Ifg/OMHQ8ZZjBbUGC+3je2IsJ5NGuxCDocoGF1LITFubyjVlHi8DvwzCRhjm:aQCG3bjVzzel4XGNvoALbejHHiWcwjU

Score

10^/10

glupteba mystic redline smokeloader zgrat taiga up3 backdoor dropper evasion infostealer loader persistence rat spyware stealer themida trojan upx

Malware Config

Extracted

Family

smokeloader

Version

2022

http://5.42.92.190/fks/index.php

rc4.i32

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Extracted

Family

smokeloader

Botnet

up3

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral1/memory/7388-382-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/7388-384-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/7388-383-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/7388-386-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Detect ZGRat V1 29 IoCs

resource	yara_rule
behavioral1/memory/1332-714-0x0000021B7BD80000-0x0000021B7BE64000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-726-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-727-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-742-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-761-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-757-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-750-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-733-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-765-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-769-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-771-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-773-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-775-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-777-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-779-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-781-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-783-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-785-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-787-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-789-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-791-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-793-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-795-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-797-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-799-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-803-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/1332-805-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp	family_zgrat_v1
behavioral1/memory/6352-827-0x0000000002A00000-0x0000000002DFC000-memory.dmp	family_zgrat_v1
behavioral1/memory/5580-922-0x0000000006A00000-0x0000000006B00000-memory.dmp	family_zgrat_v1

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 2 IoCs

resource	yara_rule
behavioral1/memory/6352-830-0x0000000002E00000-0x00000000036EB000-memory.dmp	family_glupteba
behavioral1/memory/6352-877-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba

Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 3 IoCs

resource	yara_rule
behavioral1/memory/5204-605-0x0000000000400000-0x000000000046F000-memory.dmp	family_redline
behavioral1/memory/5204-606-0x0000000000580000-0x00000000005DA000-memory.dmp	family_redline
behavioral1/memory/4436-663-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Downloads MZ/PE file
Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Executes dropped EXE 11 IoCs

pid	Process
2088	yX5rM37.exe
4636	Lv6Iu60.exe
732	pt4zE93.exe
1220	1pB00Qs1.exe
3296	2nw7616.exe
8180	7ir79Cd.exe
1548	8Jf669Hs.exe
5204	63C6.exe
2940	8C5E.exe
7484	9Eh1Pg8.exe
8100	9095.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x0006000000022f0a-1283.dat	themida

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000022ee4-1099.dat	upx

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	Lv6Iu60.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	pt4zE93.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	3d994ba324809b17b23cff6cf56859d1f0957aea29abbf920c6478c7c61a42c9.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	yX5rM37.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0007000000022e26-26.dat	autoit_exe
behavioral1/files/0x0007000000022e26-27.dat	autoit_exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3296 set thread context of 7388	3296	2nw7616.exe	151
PID 1548 set thread context of 4436	1548	8Jf669Hs.exe	178

Launches sc.exe 5 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5628	sc.exe
7192	sc.exe
8092	sc.exe
5340	sc.exe
2132	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2928	7388	WerFault.exe	151

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	7ir79Cd.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	7ir79Cd.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	7ir79Cd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
6072	msedge.exe
6072	msedge.exe
684	msedge.exe
684	msedge.exe
4496	msedge.exe
4496	msedge.exe
5180	msedge.exe
5180	msedge.exe
784	msedge.exe
784	msedge.exe
6088	msedge.exe
6088	msedge.exe
5632	msedge.exe
5632	msedge.exe
5876	msedge.exe
5876	msedge.exe
7420	msedge.exe
7420	msedge.exe
7428	msedge.exe
7428	msedge.exe
8180	7ir79Cd.exe
8180	7ir79Cd.exe
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found
3476	Process not Found

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
8180	7ir79Cd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe

Suspicious use of AdjustPrivilegeToken 29 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3476	Process not Found
Token: SeCreatePagefilePrivilege	3476	Process not Found
Token: SeShutdownPrivilege	3476	Process not Found
Token: SeCreatePagefilePrivilege	3476	Process not Found
Token: SeShutdownPrivilege	3476	Process not Found
Token: SeCreatePagefilePrivilege	3476	Process not Found
Token: SeShutdownPrivilege	3476	Process not Found
Token: SeCreatePagefilePrivilege	3476	Process not Found
Token: SeShutdownPrivilege	3476	Process not Found
Token: SeCreatePagefilePrivilege	3476	Process not Found
Token: SeShutdownPrivilege	3476	Process not Found
Token: SeCreatePagefilePrivilege	3476	Process not Found
Token: SeShutdownPrivilege	3476	Process not Found
Token: SeCreatePagefilePrivilege	3476	Process not Found
Token: SeDebugPrivilege	5204	63C6.exe
Token: SeShutdownPrivilege	3476	Process not Found
Token: SeCreatePagefilePrivilege	3476	Process not Found
Token: SeShutdownPrivilege	3476	Process not Found
Token: SeCreatePagefilePrivilege	3476	Process not Found
Token: SeShutdownPrivilege	3476	Process not Found
Token: SeCreatePagefilePrivilege	3476	Process not Found
Token: SeShutdownPrivilege	3476	Process not Found
Token: SeCreatePagefilePrivilege	3476	Process not Found
Token: SeShutdownPrivilege	3476	Process not Found
Token: SeCreatePagefilePrivilege	3476	Process not Found
Token: SeShutdownPrivilege	3476	Process not Found
Token: SeCreatePagefilePrivilege	3476	Process not Found
Token: SeShutdownPrivilege	3476	Process not Found
Token: SeCreatePagefilePrivilege	3476	Process not Found

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
1220	1pB00Qs1.exe
1220	1pB00Qs1.exe
1220	1pB00Qs1.exe
1220	1pB00Qs1.exe
1220	1pB00Qs1.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
1220	1pB00Qs1.exe
1220	1pB00Qs1.exe
1220	1pB00Qs1.exe
1220	1pB00Qs1.exe
1220	1pB00Qs1.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2088	2060	3d994ba324809b17b23cff6cf56859d1f0957aea29abbf920c6478c7c61a42c9.exe	89
PID 2060 wrote to memory of 2088	2060	3d994ba324809b17b23cff6cf56859d1f0957aea29abbf920c6478c7c61a42c9.exe	89
PID 2060 wrote to memory of 2088	2060	3d994ba324809b17b23cff6cf56859d1f0957aea29abbf920c6478c7c61a42c9.exe	89
PID 2088 wrote to memory of 4636	2088	yX5rM37.exe	90
PID 2088 wrote to memory of 4636	2088	yX5rM37.exe	90
PID 2088 wrote to memory of 4636	2088	yX5rM37.exe	90
PID 4636 wrote to memory of 732	4636	Lv6Iu60.exe	91
PID 4636 wrote to memory of 732	4636	Lv6Iu60.exe	91
PID 4636 wrote to memory of 732	4636	Lv6Iu60.exe	91
PID 732 wrote to memory of 1220	732	pt4zE93.exe	92
PID 732 wrote to memory of 1220	732	pt4zE93.exe	92
PID 732 wrote to memory of 1220	732	pt4zE93.exe	92
PID 1220 wrote to memory of 3044	1220	1pB00Qs1.exe	93
PID 1220 wrote to memory of 3044	1220	1pB00Qs1.exe	93
PID 1220 wrote to memory of 3704	1220	1pB00Qs1.exe	95
PID 1220 wrote to memory of 3704	1220	1pB00Qs1.exe	95
PID 1220 wrote to memory of 1824	1220	1pB00Qs1.exe	96
PID 1220 wrote to memory of 1824	1220	1pB00Qs1.exe	96
PID 1220 wrote to memory of 4304	1220	1pB00Qs1.exe	97
PID 1220 wrote to memory of 4304	1220	1pB00Qs1.exe	97
PID 1220 wrote to memory of 784	1220	1pB00Qs1.exe	98
PID 1220 wrote to memory of 784	1220	1pB00Qs1.exe	98
PID 1220 wrote to memory of 3304	1220	1pB00Qs1.exe	99
PID 1220 wrote to memory of 3304	1220	1pB00Qs1.exe	99
PID 1220 wrote to memory of 1564	1220	1pB00Qs1.exe	100
PID 1220 wrote to memory of 1564	1220	1pB00Qs1.exe	100
PID 1220 wrote to memory of 756	1220	1pB00Qs1.exe	101
PID 1220 wrote to memory of 756	1220	1pB00Qs1.exe	101
PID 4304 wrote to memory of 1620	4304	msedge.exe	102
PID 4304 wrote to memory of 1620	4304	msedge.exe	102
PID 1220 wrote to memory of 2064	1220	1pB00Qs1.exe	111
PID 1220 wrote to memory of 2064	1220	1pB00Qs1.exe	111
PID 1824 wrote to memory of 1420	1824	msedge.exe	110
PID 1824 wrote to memory of 1420	1824	msedge.exe	110
PID 3704 wrote to memory of 3292	3704	msedge.exe	109
PID 3704 wrote to memory of 3292	3704	msedge.exe	109
PID 3304 wrote to memory of 1120	3304	msedge.exe	108
PID 3304 wrote to memory of 1120	3304	msedge.exe	108
PID 756 wrote to memory of 1012	756	msedge.exe	107
PID 756 wrote to memory of 1012	756	msedge.exe	107
PID 1564 wrote to memory of 1304	1564	msedge.exe	103
PID 1564 wrote to memory of 1304	1564	msedge.exe	103
PID 2064 wrote to memory of 2304	2064	msedge.exe	106
PID 2064 wrote to memory of 2304	2064	msedge.exe	106
PID 3044 wrote to memory of 3060	3044	msedge.exe	105
PID 3044 wrote to memory of 3060	3044	msedge.exe	105
PID 784 wrote to memory of 4732	784	msedge.exe	104
PID 784 wrote to memory of 4732	784	msedge.exe	104
PID 1220 wrote to memory of 3240	1220	1pB00Qs1.exe	112
PID 1220 wrote to memory of 3240	1220	1pB00Qs1.exe	112
PID 3240 wrote to memory of 2820	3240	msedge.exe	113
PID 3240 wrote to memory of 2820	3240	msedge.exe	113
PID 732 wrote to memory of 3296	732	pt4zE93.exe	114
PID 732 wrote to memory of 3296	732	pt4zE93.exe	114
PID 732 wrote to memory of 3296	732	pt4zE93.exe	114
PID 784 wrote to memory of 5624	784	msedge.exe	123
PID 784 wrote to memory of 5624	784	msedge.exe	123
PID 784 wrote to memory of 5624	784	msedge.exe	123
PID 784 wrote to memory of 5624	784	msedge.exe	123
PID 784 wrote to memory of 5624	784	msedge.exe	123
PID 784 wrote to memory of 5624	784	msedge.exe	123
PID 784 wrote to memory of 5624	784	msedge.exe	123
PID 784 wrote to memory of 5624	784	msedge.exe	123
PID 784 wrote to memory of 5624	784	msedge.exe	123

C:\Users\Admin\AppData\Local\Temp\3d994ba324809b17b23cff6cf56859d1f0957aea29abbf920c6478c7c61a42c9.exe
"C:\Users\Admin\AppData\Local\Temp\3d994ba324809b17b23cff6cf56859d1f0957aea29abbf920c6478c7c61a42c9.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yX5rM37.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yX5rM37.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lv6Iu60.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lv6Iu60.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:4636
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pt4zE93.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pt4zE93.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:732
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pB00Qs1.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pB00Qs1.exe
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1220
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3044
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff88d7446f8,0x7ff88d744708,0x7ff88d744718
        7⤵
        
        PID:3060
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,527660424217051093,14460874065159382584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5180
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,527660424217051093,14460874065159382584,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
        7⤵
        
        PID:5168
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3704
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x8c,0x16c,0x7ff88d7446f8,0x7ff88d744708,0x7ff88d744718
        7⤵
        
        PID:3292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,5742109807920037900,7084082226651221886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6088
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,5742109807920037900,7084082226651221886,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
        7⤵
        
        PID:6080
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1824
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff88d7446f8,0x7ff88d744708,0x7ff88d744718
        7⤵
        
        PID:1420
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,7490753881115390689,3267915658994577268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5876
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,7490753881115390689,3267915658994577268,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
        7⤵
        
        PID:5864
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ff88d7446f8,0x7ff88d744708,0x7ff88d744718
        7⤵
        
        PID:1620
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,961760694821548353,1768393207147410279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6072
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,961760694821548353,1768393207147410279,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        7⤵
        
        PID:6064
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
        6⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff88d7446f8,0x7ff88d744708,0x7ff88d744718
        7⤵
        
        PID:4732
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
        7⤵
        
        PID:5912
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5632
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
        7⤵
        
        PID:5624
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
        7⤵
        
        PID:5432
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
        7⤵
        
        PID:5492
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
        7⤵
        
        PID:6720
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
        7⤵
        
        PID:7476
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
        7⤵
        
        PID:7776
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
        7⤵
        
        PID:7880
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
        7⤵
        
        PID:8160
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
        7⤵
        
        PID:7488
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
        7⤵
        
        PID:5880
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
        7⤵
        
        PID:1152
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
        7⤵
        
        PID:7252
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
        7⤵
        
        PID:7676
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
        7⤵
        
        PID:7756
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9688 /prefetch:1
        7⤵
        
        PID:7232
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9672 /prefetch:1
        7⤵
        
        PID:5968
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1
        7⤵
        
        PID:676
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9572 /prefetch:1
        7⤵
        
        PID:2864
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
        7⤵
        
        PID:5320
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
        7⤵
        
        PID:7020
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,13441845526711737087,876782036813039808,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9108 /prefetch:1
        7⤵
        
        PID:7804
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x110,0x16c,0x7ff88d7446f8,0x7ff88d744708,0x7ff88d744718
        7⤵
        
        PID:1120
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,4587288398154181373,9834345065870047451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4496
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,4587288398154181373,9834345065870047451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        7⤵
        
        PID:4416
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1564
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff88d7446f8,0x7ff88d744708,0x7ff88d744718
        7⤵
        
        PID:1304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,428892931628721064,17280441483683911295,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:7420
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:756
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff88d7446f8,0x7ff88d744708,0x7ff88d744718
        7⤵
        
        PID:1012
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,2335039461020509925,10441938784839423336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
        7⤵
        
        PID:6464
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:2064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,11725328214389522997,10023052652385478992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:684
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,11725328214389522997,10023052652385478992,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        7⤵
        
        PID:4892
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3240
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff88d7446f8,0x7ff88d744708,0x7ff88d744718
        7⤵
        
        PID:2820
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,6028944645072786758,17697992763497047924,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nw7616.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nw7616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:3296
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        6⤵
        
        PID:7388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 540
        7⤵
        Program crash
        
        PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ir79Cd.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ir79Cd.exe
      4⤵
      Executes dropped EXE
      Checks SCSI registry key(s)
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      PID:8180
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8Jf669Hs.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8Jf669Hs.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:1548
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:1612
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:4436
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Eh1Pg8.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Eh1Pg8.exe
  2⤵
  - Executes dropped EXE
  PID:7484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff88d7446f8,0x7ff88d744708,0x7ff88d744718
1⤵
PID:2304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 7388 -ip 7388
1⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\63C6.exe
C:\Users\Admin\AppData\Local\Temp\63C6.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:6232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff88d7446f8,0x7ff88d744708,0x7ff88d744718
    3⤵
    PID:2824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4698225157029073690,6965737620041672894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
    3⤵
    PID:6112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4698225157029073690,6965737620041672894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
    3⤵
    PID:6240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,4698225157029073690,6965737620041672894,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
    3⤵
    PID:5320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,4698225157029073690,6965737620041672894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
    3⤵
    PID:7724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4698225157029073690,6965737620041672894,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
    3⤵
    PID:6440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4698225157029073690,6965737620041672894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
    3⤵
    PID:5452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4698225157029073690,6965737620041672894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
    3⤵
    PID:4648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4698225157029073690,6965737620041672894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
    3⤵
    PID:1108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4698225157029073690,6965737620041672894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
    3⤵
    PID:2832
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4698225157029073690,6965737620041672894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:8
    3⤵
    PID:3692
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4698225157029073690,6965737620041672894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:8
    3⤵
    PID:6380

C:\Users\Admin\AppData\Local\Temp\8C5E.exe
C:\Users\Admin\AppData\Local\Temp\8C5E.exe
1⤵
- Executes dropped EXE
PID:2940
- C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
  "C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"
  2⤵
  PID:5468
- - C:\Users\Admin\AppData\Local\Temp\Broom.exe
    C:\Users\Admin\AppData\Local\Temp\Broom.exe
    3⤵
    PID:3644
- C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
  "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
  2⤵
  PID:3180
- - C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
    "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
    3⤵
    PID:5252
- C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
  "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
  2⤵
  PID:6352
- C:\Users\Admin\AppData\Local\Temp\random.exe
  "C:\Users\Admin\AppData\Local\Temp\random.exe"
  2⤵
  PID:5244
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\random.exe" -Force
    3⤵
    PID:2256
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
    3⤵
    PID:1756
  - - C:\Users\Admin\Pictures\jL8kQC9CBdReW4cSv9Uf5vUL.exe
      "C:\Users\Admin\Pictures\jL8kQC9CBdReW4cSv9Uf5vUL.exe"
      4⤵
      PID:3812
  - - C:\Users\Admin\Pictures\4DGYrF8NiNEx0l1xbrJ2OKju.exe
      "C:\Users\Admin\Pictures\4DGYrF8NiNEx0l1xbrJ2OKju.exe"
      4⤵
      PID:3564
  - - C:\Users\Admin\Pictures\lXFNyFKsX1KGEAhBgt5UQMaE.exe
      "C:\Users\Admin\Pictures\lXFNyFKsX1KGEAhBgt5UQMaE.exe"
      4⤵
      PID:8068
  - - C:\Users\Admin\Pictures\84JgDtMmjqo5wYV4D4y15XeB.exe
      "C:\Users\Admin\Pictures\84JgDtMmjqo5wYV4D4y15XeB.exe"
      4⤵
      PID:6284
  - - C:\Users\Admin\Pictures\xgISp5fGtfoDbXHOXr6onITX.exe
      "C:\Users\Admin\Pictures\xgISp5fGtfoDbXHOXr6onITX.exe"
      4⤵
      PID:6280
  - - C:\Users\Admin\Pictures\SVSgmnNaEITqDD7hJnXZvtY5.exe
      "C:\Users\Admin\Pictures\SVSgmnNaEITqDD7hJnXZvtY5.exe" --silent --allusers=0
      4⤵
      PID:7564
    - - C:\Users\Admin\Pictures\SVSgmnNaEITqDD7hJnXZvtY5.exe
        
        C:\Users\Admin\Pictures\SVSgmnNaEITqDD7hJnXZvtY5.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=104.0.4944.54 --initial-client-data=0x2d0,0x2f4,0x2f8,0x2b4,0x2fc,0x6af25648,0x6af25658,0x6af25664
        5⤵
        
        PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\SVSgmnNaEITqDD7hJnXZvtY5.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\SVSgmnNaEITqDD7hJnXZvtY5.exe" --version
        5⤵
        
        PID:5208
    - - C:\Users\Admin\Pictures\SVSgmnNaEITqDD7hJnXZvtY5.exe
        
        "C:\Users\Admin\Pictures\SVSgmnNaEITqDD7hJnXZvtY5.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=7564 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20231112170317" --session-guid=d1b959af-dbd4-415c-9e8f-ed18eab53192 --server-tracking-blob=MmFkMGJhMjk0ZDBiMGMzNmNhZTYwNGRiNjA3NDBhOTg3MDU2MmM5NGYwOGQyMzM1NmY0ODEzNTg2MWE0ODQ3ODp7ImNvdW50cnkiOiJOTCIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1ta3QmdXRtX2NhbXBhaWduPTc2NyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY5OTgwODU5MS42NDE0IiwidXRtIjp7ImNhbXBhaWduIjoiNzY3IiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoibWt0In0sInV1aWQiOiI2NjAyZWNkOC04ZDk1LTQ3MTktYmViNi02M2Q5MWU4MjRmYjUifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=3405000000000000
        5⤵
        
        PID:6220
      - C:\Users\Admin\Pictures\SVSgmnNaEITqDD7hJnXZvtY5.exe
        
        C:\Users\Admin\Pictures\SVSgmnNaEITqDD7hJnXZvtY5.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=104.0.4944.54 --initial-client-data=0x2fc,0x300,0x304,0x2cc,0x308,0x6a005648,0x6a005658,0x6a005664
        6⤵
        
        PID:6496
  - - C:\Users\Admin\Pictures\olfc4blPaYAn8yiM5AAEb4NI.exe
      "C:\Users\Admin\Pictures\olfc4blPaYAn8yiM5AAEb4NI.exe"
      4⤵
      PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\Broom.exe
        
        C:\Users\Admin\AppData\Local\Temp\Broom.exe
        5⤵
        
        PID:4124
  - - C:\Users\Admin\Pictures\WeTJREWijKs2axb8FJKFebM3.exe
      "C:\Users\Admin\Pictures\WeTJREWijKs2axb8FJKFebM3.exe"
      4⤵
      PID:7208
- C:\Users\Admin\AppData\Local\Temp\latestX.exe
  "C:\Users\Admin\AppData\Local\Temp\latestX.exe"
  2⤵
  PID:4164

C:\Users\Admin\AppData\Local\Temp\9095.exe
C:\Users\Admin\AppData\Local\Temp\9095.exe
1⤵
- Executes dropped EXE
PID:8100
- C:\Users\Admin\AppData\Local\Temp\9095.exe
  C:\Users\Admin\AppData\Local\Temp\9095.exe
  2⤵
  PID:1332

C:\Users\Admin\AppData\Local\Temp\971E.exe
C:\Users\Admin\AppData\Local\Temp\971E.exe
1⤵
PID:5580
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  2⤵
  PID:5936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\1AC6.exe
C:\Users\Admin\AppData\Local\Temp\1AC6.exe
1⤵
PID:3820

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
1⤵
PID:4156

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
1⤵
PID:2324
- C:\Windows\System32\sc.exe
  sc stop UsoSvc
  2⤵
  - Launches sc.exe
  PID:5628
- C:\Windows\System32\sc.exe
  sc stop WaaSMedicSvc
  2⤵
  - Launches sc.exe
  PID:7192
- C:\Windows\System32\sc.exe
  sc stop wuauserv
  2⤵
  - Launches sc.exe
  PID:8092
- C:\Windows\System32\sc.exe
  sc stop bits
  2⤵
  - Launches sc.exe
  PID:5340
- C:\Windows\System32\sc.exe
  sc stop dosvc
  2⤵
  - Launches sc.exe
  PID:2132

C:\Users\Admin\AppData\Local\Temp\ADDF.exe
C:\Users\Admin\AppData\Local\Temp\ADDF.exe
1⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\C06E.exe
C:\Users\Admin\AppData\Local\Temp\C06E.exe
1⤵
PID:6376

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
1⤵
PID:1648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
1⤵
PID:7120

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
1⤵
PID:6400

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
1⤵
PID:516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\CBFBKFID

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\ProgramData\HCBAKJEH

Filesize
92KB

MD5
4bd8313fab1caf1004295d44aab77860

SHA1
0b84978fd191001c7cf461063ac63b243ffb7283

SHA256
604e2ecd34c77664dae4ceb0dab0b3e4bb6afb2778d3ed21f8d8791edd1408d9

SHA512
ca96d92a8abbd3a762e19f8e77514ee0018b7e5dc21493c37e83e22047b3cc892eced2fc80b78e6861bb972e20b93007eb46bcb7b562965be2bfa98a24c2ed65

Download Submit
C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\99a8e5de-6140-497e-94cc-c55cf0080d02.tmp

Filesize
2KB

MD5
5c535c0d4b57cb6018b620b0efb0691f

SHA1
53af6e55313c545afc2c258b332f41c48752dc65

SHA256
c320f40c680552a603602fc9853e914e0f815c9c88f2e3e09d620b535e491e5e

SHA512
4d961f3eb8bb9cc9e89510adff6402f677f69024edac4b8be04afa238b46070ccbb80ba0454da20a76f6c2647ddbb9072710c7ef6cf8d84b1481fda6af83bc13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f9bc20747520b37b3f22c169195824e

SHA1
de0472972d51b2d9419ff0d714706bef0c6f81d8

SHA256
a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0

SHA512
179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
51c3743b948c0b72484e05a54c77f42c

SHA1
d7bd495de1be2f4fa5fedb7d01e3942803eb8389

SHA256
e95e64300e0d3a6145b818742c70d7198570aa1c3f64a70a67d1ee632656ae33

SHA512
c471f4dcd4399da2ec2da538dac8a8c7ac14aad8efa72b7505923f6f73c3c6f23f987a5cc2ccf8d232fecc3d38419d514679e22ca8ebb86017c2959aba882e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e1899ff3e5a7fe9c04f560c138ea5a4

SHA1
df193616767cb027d0cdf8271a0e4629d57fac29

SHA256
afcbecceec8e55661a7ed2feea52e6b6beb577f87754f7a3092eaffd3cc404a8

SHA512
d2211feccd3f2e0534db42cf57e6b47bbc3d9b1ba50136eb0092c872262e481936c470fc3be7b510d0c8babd61a3abe789e29507690c51b264b64cf816117a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
224KB

MD5
4e08109ee6888eeb2f5d6987513366bc

SHA1
86340f5fa46d1a73db2031d80699937878da635e

SHA256
bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339

SHA512
4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
33KB

MD5
fdbf5bcfbb02e2894a519454c232d32f

SHA1
5e225710e9560458ac032ab80e24d0f3cb81b87a

SHA256
d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c

SHA512
9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0f11ed0d284810ce9cb49a23e59b3213

SHA1
643ea06da69deefea859143c1f4a928e67ad22b8

SHA256
ed0ec2f79e74a1ab288e5070e29465c092fdf19f9ec7aa3c716426d4281dfae8

SHA512
c3fc1c6b5d28684e50acf4f2bab8fedfce81c874b0bb0eda895cd1503e05d01fa67545073f9ebf686c85d16b7ef3fc5358feec1d177f7ae188a5eaecac1c4758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c510ed351e738d78ab1ed6eecb26736a

SHA1
d9537c8f3df30bd814ddbe2268f072275d7704f3

SHA256
c1da401b874f6b0dec5f0a1db7bdc247ac3645e51ed718683054ca41d2022cd7

SHA512
5c137482962595e02a4cd6d99540c5ecaced2be1155cd8724e644fdd558290c1ccf07367a5123f3b8b5254f4c0b23f457ff9278e4d20f912c601a6bdb8d024bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3dfe42817ae0a72b388e475687dc2fd9

SHA1
c963f10fa35b9c0f1f5a836357cc2a36a1372ab9

SHA256
657e50c06a6d32fb2f959cb8e63481ec9a5454b9af4e1646790748786c429219

SHA512
ea12ff05a5a3681627a0a18bfbe47dd661912e21c42c81261aa587c3efb0e7e4a84e4ca560c7dfbcb07126cc2e317a1d765b3d376da001ab18109e4f05cb32d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ddb18b8966f53a438b465e1dca32c1a3

SHA1
58fdc836be3e6ef2a6844fa46842ccdc47ef7148

SHA256
c32e61f658ef66c4cf7d6c9c2653b2cacde35b8e4f786d94431c89c0c12f3b50

SHA512
0af51ee3a7286218221f2d49cda942b1eda3cc7d17d2438a38066d11782e73f97e92da2bddabb6ffc758685840360746d1a9bd4327be67f82e60a73fc42eccc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e4869fbc5e16bde50b9d45eda5f47d9b

SHA1
69b44f9134ba0367ce9ff83b9abcfe275a6f718b

SHA256
b1d9684fc2dbaa3b7f17af14f4600bc1d6fd933b6e16e03837c0ca9b39c632cc

SHA512
f37262f604643f69590abf74e06e08253453f09e53f5c0630d7272a05c15a9dc6e3d6ae14151885f780089ae793ec77b3fa58ecc5ab1e5fbaa1b5271cc2a1159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4fed2c5c924f49032f96385edda35ba2

SHA1
6b4c13bb6f534aef5a417ffe1d2a4425f5e340a8

SHA256
00ee9bb10f52e948f935cc2dd8af48276498db17e099495a10cd1f8a2eb95afd

SHA512
c02992645a3321e82f2f6913a383bae9b3786f3f15b235ad8246a9db52894c28162d2d8e3462ee2d422f743067720cf1a9728653a0b42b03fcdc942b675b196f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e05436aebb117e9919978ca32bbcefd9

SHA1
97b2af055317952ce42308ea69b82301320eb962

SHA256
cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f

SHA512
11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
35304f0261c13ee070721a9253d8643a

SHA1
0e4ae1204722d39acdc44c8a26efdae5a6bae318

SHA256
1529f205dfe0c833d89a951ec4929a571bd6c87daeaafdc3c44500027116558b

SHA512
f7990621b7dafbbaeebcc1e5498be3931113ce7a1c04bf1ffa95d4c1ed95dcecef9856b94134a89b87ae711a2867332572ed5cb5d43e86b4160e4ad448d7a958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9823868da060fa272f0aa3222e7e7c8c

SHA1
51a2f1c351c09b443027ce1dc317d5c4284ea6f3

SHA256
fa1eb96525c46ff14ed8c85cb0772af9702649cc0f1205954e89206da2b8178e

SHA512
49627fdd0b3e1927a68fd857213d6d8a8b1a268b82607c88272688c83080d1dd4f267d8a4c5bf07fb861bb45dcc8f35858414d63350d318c46af90c89b838b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5857a1.TMP

Filesize
1KB

MD5
4a6c535a4e25413d65297167ac06b005

SHA1
295ef2480042882b4c68b668a668e7f3330e8aa6

SHA256
04ffc277084fe5367af16131845c96a825e4f132ecad620882c23ea5e1f6f777

SHA512
682bb6cd5ac5cb5a57c6b625f0b0ff91ed8e202ba7d79551b9d30f5d97316194b0577d28e1cd1f97aa17e3b374b4b518d943377376984b96089b72d188602aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
5c535c0d4b57cb6018b620b0efb0691f

SHA1
53af6e55313c545afc2c258b332f41c48752dc65

SHA256
c320f40c680552a603602fc9853e914e0f815c9c88f2e3e09d620b535e491e5e

SHA512
4d961f3eb8bb9cc9e89510adff6402f677f69024edac4b8be04afa238b46070ccbb80ba0454da20a76f6c2647ddbb9072710c7ef6cf8d84b1481fda6af83bc13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f4ac1307ab5df2afe848632a433af59e

SHA1
faa43bc73f7ae224613d228711f0158b04292d8e

SHA256
a16710c27f1854448360cfa612fb55c171d7cdd29d63c02b4ad80f537c416b35

SHA512
c2adcb695a8b9e8cb142721b9681fe23f09f52b711c19b58557e96f06953d94cbc603486c7525936faaa1f198a1650979d48e288cf247743deb6e97952701e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f4ac1307ab5df2afe848632a433af59e

SHA1
faa43bc73f7ae224613d228711f0158b04292d8e

SHA256
a16710c27f1854448360cfa612fb55c171d7cdd29d63c02b4ad80f537c416b35

SHA512
c2adcb695a8b9e8cb142721b9681fe23f09f52b711c19b58557e96f06953d94cbc603486c7525936faaa1f198a1650979d48e288cf247743deb6e97952701e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
d63c1e241ac6a55333ffa9cc04d008ff

SHA1
23af387bff9f24c09c25e535f96d110d248f420d

SHA256
3bbca15f81a21a10b17e7f1ebc3c7168e782afb3e906a0c305ad8b88ceece81e

SHA512
57319b9a64183dd3866fdad1e2ea3f3860e48d190bcf3c74449672b56c9f4652b78682ee1bb787e3ef3357a2261675c41d61b03f39f30f54df863b09bcd650b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
d63c1e241ac6a55333ffa9cc04d008ff

SHA1
23af387bff9f24c09c25e535f96d110d248f420d

SHA256
3bbca15f81a21a10b17e7f1ebc3c7168e782afb3e906a0c305ad8b88ceece81e

SHA512
57319b9a64183dd3866fdad1e2ea3f3860e48d190bcf3c74449672b56c9f4652b78682ee1bb787e3ef3357a2261675c41d61b03f39f30f54df863b09bcd650b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0c63c1a87cb3346d4c09f59c214cf491

SHA1
5f7f8d85498bc4c9c5ab7efe1815e4deee78dc5a

SHA256
e575876b624fb96020e220ed955e17026aab64a93bd224201ca48c025704a9ad

SHA512
a75ee0b3f6345fb3f574a8ce6e239e48cf0463a3d273da088742a01c7f1cbc86b6e4e8a20b91c81ccba6c387577b64d9a99af5d8a4c7568f0d2f1666dff567a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0c63c1a87cb3346d4c09f59c214cf491

SHA1
5f7f8d85498bc4c9c5ab7efe1815e4deee78dc5a

SHA256
e575876b624fb96020e220ed955e17026aab64a93bd224201ca48c025704a9ad

SHA512
a75ee0b3f6345fb3f574a8ce6e239e48cf0463a3d273da088742a01c7f1cbc86b6e4e8a20b91c81ccba6c387577b64d9a99af5d8a4c7568f0d2f1666dff567a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
66b5db4b47c738d9ec8e8ceabe7c8de4

SHA1
69d4b1d91c128a24cad581a489cf889c615a844c

SHA256
bb5f07134c0a3dd0138ab908973db45076b35359a393fc5997b774c846173efa

SHA512
3fd7bdba7c676cbf7aaa8f12b93046083f6a530514ce13ed2047051addcbc69961cb03e33cff7d73add5de9148a9731a635c4b1c7d9c8f89b96144c75570babb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
66b5db4b47c738d9ec8e8ceabe7c8de4

SHA1
69d4b1d91c128a24cad581a489cf889c615a844c

SHA256
bb5f07134c0a3dd0138ab908973db45076b35359a393fc5997b774c846173efa

SHA512
3fd7bdba7c676cbf7aaa8f12b93046083f6a530514ce13ed2047051addcbc69961cb03e33cff7d73add5de9148a9731a635c4b1c7d9c8f89b96144c75570babb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
cd5d65de7247ce65bfe877751b68516e

SHA1
3d2994e4fa32d1509bff8c1ca0062f7691290488

SHA256
e5e0d781f6872ce01b71eea613cd7145355d9f14b21280845a52b703d9917a83

SHA512
79352a84b91ba5817957e55f816c19e06fbba98f23711745df1f1b7b6f074f3ddb4704902e166f90f9b62e61bb95a03f7f75cd79346fe947de23c13dc963a10f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
cd5d65de7247ce65bfe877751b68516e

SHA1
3d2994e4fa32d1509bff8c1ca0062f7691290488

SHA256
e5e0d781f6872ce01b71eea613cd7145355d9f14b21280845a52b703d9917a83

SHA512
79352a84b91ba5817957e55f816c19e06fbba98f23711745df1f1b7b6f074f3ddb4704902e166f90f9b62e61bb95a03f7f75cd79346fe947de23c13dc963a10f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0725217d9dc9dc383be1b50091197a52

SHA1
9c14513a3df0d00ef8ce79af0da25b4935ae311c

SHA256
eac9f4d3c4081c7d99233476d2081c89df4f4b38d5067dc62d5ca5a2fec66ce9

SHA512
7fc83dff1b329b53fd9b9b96e5a6a927c11b109b2a90b46c6d2a99bb935c141bd47c800cea7abaa5d9c51887449801fd601fbef9a8b6ea967fd2daa34ecb6bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0725217d9dc9dc383be1b50091197a52

SHA1
9c14513a3df0d00ef8ce79af0da25b4935ae311c

SHA256
eac9f4d3c4081c7d99233476d2081c89df4f4b38d5067dc62d5ca5a2fec66ce9

SHA512
7fc83dff1b329b53fd9b9b96e5a6a927c11b109b2a90b46c6d2a99bb935c141bd47c800cea7abaa5d9c51887449801fd601fbef9a8b6ea967fd2daa34ecb6bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
80063d0456c07308d7a8828d58f89fc3

SHA1
aea92181b07fb297bcf4ffdfe26ab8b5c91b249f

SHA256
c9d83eb62654589edcf9e6d17126de5d9bb95b5e275bf6b7bb1ce9d01e87ce69

SHA512
f3a310101fb6cbbe40a6d6308f64d69a0d18a5ff813cc260967e6defbf647812e40f4476b1b0f5b8b3da87ab0246400a6322a904c04c39456e24c4b214aa823a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5d0cee76f1b295142eee34149d7cd428

SHA1
cce6421b9606515cf330ce7916fc894632aa8d62

SHA256
1d440aa59a25e492c543ec3997f83e8b6b545cb2412fa589ce71a22d34ba55d2

SHA512
da826eac956307514f3ca28cbd4cdca0575590f92882d137ddc873347e9907fe2e13090b1ce755ef75f2876302ce3f1e4f9a85a77bdc05aa7c1372f9c32d35bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c9646be0cb22f0fd1d05c678618bf157

SHA1
c33e0fec83d0c8113af4c196abf3c6e1a9f8aece

SHA256
6ace6cfe0c268ee3152c5ce80c5902d5993debb9d5153aa210f9ed5ba9b5b705

SHA512
d68cb0c05cef72771c5af4542ab310b13f56c8a256e61a64f2c943733399cccd14671bfd001e1823a8d9d3f0910f487dc637f338bd62905c6928026889b26cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
4168f3f71411fac3a4c1dfed25f0eb65

SHA1
bbcc16903349d37873ed0ad14df7ca5801a0ee36

SHA256
a38c2c2796753925f11d1d61c59a0e2e3a271904a25796074dc5687cac27a309

SHA512
ed18e577482c3b5105112e25983bab6374afa5ca11b126e05d4a8ff2d7546442b24eada028429b701f9c75a8b54605c013e163f950522cc878dacbdd0dad16c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
4168f3f71411fac3a4c1dfed25f0eb65

SHA1
bbcc16903349d37873ed0ad14df7ca5801a0ee36

SHA256
a38c2c2796753925f11d1d61c59a0e2e3a271904a25796074dc5687cac27a309

SHA512
ed18e577482c3b5105112e25983bab6374afa5ca11b126e05d4a8ff2d7546442b24eada028429b701f9c75a8b54605c013e163f950522cc878dacbdd0dad16c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
cd5d65de7247ce65bfe877751b68516e

SHA1
3d2994e4fa32d1509bff8c1ca0062f7691290488

SHA256
e5e0d781f6872ce01b71eea613cd7145355d9f14b21280845a52b703d9917a83

SHA512
79352a84b91ba5817957e55f816c19e06fbba98f23711745df1f1b7b6f074f3ddb4704902e166f90f9b62e61bb95a03f7f75cd79346fe947de23c13dc963a10f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
1eaa168b3e00fcb82f66ce7653136b6c

SHA1
dc81ad121b6d9c11ff55f390d72367c84302b5f1

SHA256
769af11152d21c53346c3add0f4e9f32d3a54be493f1cdae571c16d02cb7b988

SHA512
51f0f6531b5179fc62437c53b42568efd25f409eeff33d34e90549f1697782f5826f9d46dea3103ecf41467a33cfe412c8b2672dbd5a966ae0eda487b302b391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
1eaa168b3e00fcb82f66ce7653136b6c

SHA1
dc81ad121b6d9c11ff55f390d72367c84302b5f1

SHA256
769af11152d21c53346c3add0f4e9f32d3a54be493f1cdae571c16d02cb7b988

SHA512
51f0f6531b5179fc62437c53b42568efd25f409eeff33d34e90549f1697782f5826f9d46dea3103ecf41467a33cfe412c8b2672dbd5a966ae0eda487b302b391

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311121703171\opera_package

Filesize
6.6MB

MD5
2bdc2c215e626d013c091d75ae2e8b8e

SHA1
d3ca5162dfc4b61157a560a71310c9bcd7d7c4fb

SHA256
14349b7b8041450632295f09f62b1917a00cc92c37d20f1fbd9afba984463643

SHA512
34deacfe5afa33a745be5559f7e7f5690402fdaa58b0de8f5a2f866aaa8b7dd60067a03a84e2426752f4c4164ddd6446c77c9ad981b33a38761d30821e721f11

Download Submit
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Filesize
4.1MB

MD5
df8a130ef93c8922c459371bcd31d9c7

SHA1
7b4bdfdabb5ff08de0f83ed6858c57ba18f0d393

SHA256
0a394d266e36ef9b75ae2c390a7b68fa50e5188b8338217cf68deda683c84d40

SHA512
364f4c1cb242115266eea05a05bdc1068a6ce7778ae01f84dc3e570acbf5cda134f15e0addd2c7818fba326708b30362f29279e0ce96db51a8db73729f4af99a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yX5rM37.exe

Filesize
1005KB

MD5
51c0a1422488def5b51332ef43135c8e

SHA1
e4c54085d9d25d4bd37a2cf84ec5dd3548575eb9

SHA256
764f044a169a1bd75cf4aa9c9deeaab9d050889d55b9dc023bbd57edc9a57979

SHA512
59ce6b5ac8b94a581ada459901aca75facdb1f397b6db9049d15a539b82b6f733261e82854e8654de03f3fd161129159deede503c23d738ecbc3f43e5d2ce60f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\yX5rM37.exe

Filesize
1005KB

MD5
51c0a1422488def5b51332ef43135c8e

SHA1
e4c54085d9d25d4bd37a2cf84ec5dd3548575eb9

SHA256
764f044a169a1bd75cf4aa9c9deeaab9d050889d55b9dc023bbd57edc9a57979

SHA512
59ce6b5ac8b94a581ada459901aca75facdb1f397b6db9049d15a539b82b6f733261e82854e8654de03f3fd161129159deede503c23d738ecbc3f43e5d2ce60f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lv6Iu60.exe

Filesize
783KB

MD5
0b01e05a9f754c82fae956bcb42c67c0

SHA1
1259e0722163785e40507cf2887ac374575d73ac

SHA256
0335e4c1fb9a9d179f9837a1b8c08758d2fde75b672613bae0da6f509d460cec

SHA512
e8f2f7b5617c97dee5e10d0ab3b31626d8b171b95e20463e10f5ded722ffd00fef20f987a492cebcda518297a36bfe5ca26e7301e4a1786b821ab11f524bca87

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Lv6Iu60.exe

Filesize
783KB

MD5
0b01e05a9f754c82fae956bcb42c67c0

SHA1
1259e0722163785e40507cf2887ac374575d73ac

SHA256
0335e4c1fb9a9d179f9837a1b8c08758d2fde75b672613bae0da6f509d460cec

SHA512
e8f2f7b5617c97dee5e10d0ab3b31626d8b171b95e20463e10f5ded722ffd00fef20f987a492cebcda518297a36bfe5ca26e7301e4a1786b821ab11f524bca87

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pt4zE93.exe

Filesize
658KB

MD5
196e538baa11bcd6a0b3d6ed87332cf1

SHA1
24c03f28637430cb4fc43ddba47db3615e943326

SHA256
5da5cad9a7899ec6a791aa3ea356831545c02d5eaa5bb1c18a4bab466018bf8b

SHA512
00cc3b336e84060580c1c290e614e107392f19790bb29734fd62f2bea472070f876e860c768c93d7aebc2ede79c8114545681550ff4b172e295cdd558e58b930

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pt4zE93.exe

Filesize
658KB

MD5
196e538baa11bcd6a0b3d6ed87332cf1

SHA1
24c03f28637430cb4fc43ddba47db3615e943326

SHA256
5da5cad9a7899ec6a791aa3ea356831545c02d5eaa5bb1c18a4bab466018bf8b

SHA512
00cc3b336e84060580c1c290e614e107392f19790bb29734fd62f2bea472070f876e860c768c93d7aebc2ede79c8114545681550ff4b172e295cdd558e58b930

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pB00Qs1.exe

Filesize
895KB

MD5
ef246533df713f6f19a385022c6c2fa9

SHA1
86d8298361b157ecbfdce4a9a502f7513c9312e7

SHA256
d7cd426627a96392049a29295d24013bed0c57647d30c865472a8c2f1da55b81

SHA512
1c2e47f6079a7af9efd4be90b9ebb8d1457072e8743212148443506e39dcf68428663b721c17e0c4795a10c7f0a8e03cb783f7bac28d77618e620fef285bc907

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1pB00Qs1.exe

Filesize
895KB

MD5
ef246533df713f6f19a385022c6c2fa9

SHA1
86d8298361b157ecbfdce4a9a502f7513c9312e7

SHA256
d7cd426627a96392049a29295d24013bed0c57647d30c865472a8c2f1da55b81

SHA512
1c2e47f6079a7af9efd4be90b9ebb8d1457072e8743212148443506e39dcf68428663b721c17e0c4795a10c7f0a8e03cb783f7bac28d77618e620fef285bc907

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nw7616.exe

Filesize
283KB

MD5
f00ddc3bd4ea0666be8f6ebeb41124c7

SHA1
8d2a6d7798414bf9fc54c297f043b62846f0fc55

SHA256
07942c9e5b4aeb39d2cd8c509a9845fe6c70b61d925fe99a84f6274a886b1c2b

SHA512
31837c79ce3e9544478393d966fdf6ed6842a37f2a9909ebe8843eb3d5ffa6a139955f3d3dbd8ae537b451b9df77a0de0954ff257b8bcc92dd0cfb172479ac88

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2nw7616.exe

Filesize
283KB

MD5
f00ddc3bd4ea0666be8f6ebeb41124c7

SHA1
8d2a6d7798414bf9fc54c297f043b62846f0fc55

SHA256
07942c9e5b4aeb39d2cd8c509a9845fe6c70b61d925fe99a84f6274a886b1c2b

SHA512
31837c79ce3e9544478393d966fdf6ed6842a37f2a9909ebe8843eb3d5ffa6a139955f3d3dbd8ae537b451b9df77a0de0954ff257b8bcc92dd0cfb172479ac88

Download Submit
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

Filesize
2.5MB

MD5
f13cf6c130d41595bc96be10a737cb18

SHA1
6b14ea97930141aa5caaeeeb13dd4c6dad55d102

SHA256
dd7aaf7ef0e5b3797eaf5182e7b192fa014b735e129e00e0c662829ce0c2515f

SHA512
ccd4f57b1af1f348fcf9f519a4789c04b499ac5e02ccb7333d0a42fa1cb1fdf9f969103b3a5467e278cd5c6cbbbbebaac4577d0c220e13335575a13408c79b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2311121703153705208.dll

Filesize
4.6MB

MD5
0d2cf5e6c13d156467618f37174dd4b5

SHA1
a324c41cbbf96e458072f337a2ef2a61db463d60

SHA256
1845335f4172bd93f2011ff12da6f3d2f99d33740cc1f3ab2201b8205cb773b6

SHA512
f2af281d0702aab8984de88376986f09efc1f4c891353bc6bd4f2c40576ae33858912261502c78b5e0fa92f255a992d4532cf9a9e76a53b46ea263a6b60e2cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3xinhrhd.w52.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\latestX.exe

Filesize
5.6MB

MD5
bae29e49e8190bfbbf0d77ffab8de59d

SHA1
4a6352bb47c7e1666a60c76f9b17ca4707872bd9

SHA256
f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87

SHA512
9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\random.exe

Filesize
141KB

MD5
326781a332c7040492dc96b13fb126e5

SHA1
d03d8e89a6c75a14f512eeabf180a2f69d30e884

SHA256
0f09f8f60741e8b3c28dc927ff1b3318d8faa623d641704b605bc38142f54f28

SHA512
e701babafad09f1115511949f3061275bc6fbc54756d40f038aa9be708ff06736413367395bff7e157035aa9260ada439ad9a8d4c2c48c14de94c42f6ec0c2bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

Filesize
221KB

MD5
82cd8d85dc427bfd991758f573525d23

SHA1
8a9f53dced366c5afb0e2a26186059fc34f9423d

SHA256
728a6f117ca91dfa121d74832b9eac2b995ec9887700c7832603730e0300bf4b

SHA512
422ecd38f2d744138dbc9994756407c4bccb9d539cda18bcf873824d1658c9fd264f31af356e171ff728e98d1a90e88af776b238b8fb7d4b4102ff9a8cc10e8a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
9708f6a282f1eb920de5388e9fed0ed2

SHA1
0017c5636472704e948ba4d66b3ab3a111611908

SHA256
87383ade74c969c066086572f15ef5aafb9bacd7580e9d524b7a64f50b829736

SHA512
6118b7bdda0287db26879b165d32e0c727b8ff7c69dd8ddea8b52838104a91ceac5537e56ca7ae2318645ed34f23f42127f86fb0c1ff998eca650b0808d880d7

Download Submit
C:\Users\Admin\Pictures\4DGYrF8NiNEx0l1xbrJ2OKju.exe

Filesize
145KB

MD5
90dd1720cb5f0a539358d8895d3fd27a

SHA1
c1375d0b31adc36f91feb45df705c7e662c95d7d

SHA256
e69a88b0f9ec61f4acf22f9a3d96f60eb3a04db58a74eb4315700ac465de9e01

SHA512
c6e3f1e03f93f6aaa1b93bca21f3a93d6539ede45b06869d3a1daf983d5f1c68bc7e8895126b3d02d4b85854ac3991ecada77ddff2cbdc81c1e93f1f12c4ada1

Download Submit
C:\Users\Admin\Pictures\Itdlhi3AkAZpetcMwaNokwZE.exe

Filesize
7KB

MD5
fcad815e470706329e4e327194acc07c

SHA1
c4edd81d00318734028d73be94bc3904373018a9

SHA256
280d939a66a0107297091b3b6f86d6529ef6fac222a85dbc82822c3d5dc372b8

SHA512
f4031b49946da7c6c270e0354ac845b5c77b9dfcd267442e0571dd33ccd5146bc352ed42b59800c9d166c8c1ede61469a00a4e8d3738d937502584e8a1b72485

Download Submit
C:\Users\Admin\Pictures\SVSgmnNaEITqDD7hJnXZvtY5.exe

Filesize
2.8MB

MD5
3997830dc4cd2857776a16874250a504

SHA1
c5d886cc04b9bdbbe90de73cd8570db4cc650cd9

SHA256
88ef0dda00136c2bca7b43899a6c4256a94d78cd6eeb1a9d2185ebf3cc6dbb5a

SHA512
55f4d4d872d78dde0587af5775c1a76c28babe4b355589e59d1d9d9e4120926d80e291a35802e449f5f64158e28a7a2b51ffb2ff4e5d50e8672ad78bc8f48a75

Download Submit
C:\Users\Admin\Pictures\WeTJREWijKs2axb8FJKFebM3.exe

Filesize
4.8MB

MD5
ff6c6212c086b2ea7bb1537a6e9b0abb

SHA1
f058d292f83c16450af74d870056cb742d23b3a3

SHA256
1abe626a7cbd4639f1ba56a6c4dab7f2dd9ad08396eb80ee4a21b0f7ef69d875

SHA512
3b495b12a67cc1cfb73a195ffe62bcccd3d8cf7a8abe556f493d74c835e453b8ad80529b4a24150b25c0eee2807d5fc9e0d43f572869a926435017311cdd97d5

Download Submit
C:\Users\Admin\Pictures\jL8kQC9CBdReW4cSv9Uf5vUL.exe

Filesize
221KB

MD5
4ea71b88c6102990496206084fe59321

SHA1
32e2ccdb47350a561353fe2393f34839e3eef887

SHA256
f3a9883557b07a8bbe3ad42bf14420eb6a719c7e331c5611fe532edee2642cb6

SHA512
b7eb56da2f7ccbd70c7ec1064530e61419bb7b33eae1a74ae620caa4f58be562ee9f8edf07248d45165234fd42dba63d9b6d5d616b3815db7ef170c5b466cf39

Download Submit
C:\Users\Admin\Pictures\lXFNyFKsX1KGEAhBgt5UQMaE.exe

Filesize
4.1MB

MD5
602e4bebe26d1b080df923f45f163ffe

SHA1
4fa08acb2989d15809b0fd190becc73de6e2de62

SHA256
4dba6922dc7add11d93906d82da4663e12768d40180383790fc0586ef3cc9528

SHA512
3b40cbb612f13d36f435f8280b03e4d8db75daec0838e5a5cdf8a944a59f0f4133efdf7da67ef0ae5c7091f19cc269a0d2b7cf978df1567670eac4840d5879c3

Download Submit
C:\Users\Admin\Pictures\xgISp5fGtfoDbXHOXr6onITX.exe

Filesize
3.1MB

MD5
823b5fcdef282c5318b670008b9e6922

SHA1
d20cd5321d8a3d423af4c6dabc0ac905796bdc6d

SHA256
712f5bb403ca4ade2d3fa47b050aac51a9f573142fd8ba8bf18f5f8144214d8d

SHA512
4377d06a71291be3e52c28a2ada0b89ff185a8887c4a75972cdc5e85d95da6538d1776bc49fb190c67b8e6497225f1d63b86793f4095c8fb990a5f6659216472

Download Submit
C:\Windows\System32\GroupPolicy\gpt.ini

Filesize
127B

MD5
8ef9853d1881c5fe4d681bfb31282a01

SHA1
a05609065520e4b4e553784c566430ad9736f19f

SHA256
9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2

SHA512
5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005

Download Submit
memory/1332-771-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-781-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-805-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-803-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-799-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-797-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-795-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-793-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-791-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-789-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-787-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-785-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-783-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-779-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-777-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-775-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-773-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-769-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-714-0x0000021B7BD80000-0x0000021B7BE64000-memory.dmp

Filesize
912KB

Download
memory/1332-765-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-733-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-726-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-727-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-750-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-725-0x00007FF889B00000-0x00007FF88A5C1000-memory.dmp

Filesize
10.8MB

Download
memory/1332-757-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-711-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/1332-761-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/1332-742-0x0000021B7BD80000-0x0000021B7BE60000-memory.dmp

Filesize
896KB

Download
memory/2940-758-0x0000000073DF0000-0x00000000745A0000-memory.dmp

Filesize
7.7MB

Download
memory/2940-665-0x0000000073DF0000-0x00000000745A0000-memory.dmp

Filesize
7.7MB

Download
memory/2940-667-0x0000000000BA0000-0x0000000001848000-memory.dmp

Filesize
12.7MB

Download
memory/3180-825-0x0000000000650000-0x0000000000659000-memory.dmp

Filesize
36KB

Download
memory/3180-823-0x00000000006B0000-0x00000000007B0000-memory.dmp

Filesize
1024KB

Download
memory/3476-389-0x0000000002B60000-0x0000000002B76000-memory.dmp

Filesize
88KB

Download
memory/3644-729-0x0000000000C40000-0x0000000000C41000-memory.dmp

Filesize
4KB

Download
memory/4436-663-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4436-871-0x0000000007E70000-0x0000000007E80000-memory.dmp

Filesize
64KB

Download
memory/4436-668-0x0000000073DF0000-0x00000000745A0000-memory.dmp

Filesize
7.7MB

Download
memory/4436-760-0x0000000073DF0000-0x00000000745A0000-memory.dmp

Filesize
7.7MB

Download
memory/4436-669-0x0000000007E70000-0x0000000007E80000-memory.dmp

Filesize
64KB

Download
memory/5204-627-0x0000000007760000-0x0000000007772000-memory.dmp

Filesize
72KB

Download
memory/5204-611-0x0000000006F70000-0x0000000007514000-memory.dmp

Filesize
5.6MB

Download
memory/5204-646-0x0000000009300000-0x000000000931E000-memory.dmp

Filesize
120KB

Download
memory/5204-633-0x0000000008100000-0x0000000008166000-memory.dmp

Filesize
408KB

Download
memory/5204-644-0x0000000008AF0000-0x0000000008CB2000-memory.dmp

Filesize
1.8MB

Download
memory/5204-610-0x0000000073DF0000-0x00000000745A0000-memory.dmp

Filesize
7.7MB

Download
memory/5204-656-0x00000000044E0000-0x0000000004530000-memory.dmp

Filesize
320KB

Download
memory/5204-645-0x0000000008CD0000-0x00000000091FC000-memory.dmp

Filesize
5.2MB

Download
memory/5204-606-0x0000000000580000-0x00000000005DA000-memory.dmp

Filesize
360KB

Download
memory/5204-643-0x0000000008A20000-0x0000000008A96000-memory.dmp

Filesize
472KB

Download
memory/5204-612-0x0000000004A40000-0x0000000004AD2000-memory.dmp

Filesize
584KB

Download
memory/5204-613-0x0000000007650000-0x0000000007660000-memory.dmp

Filesize
64KB

Download
memory/5204-614-0x0000000007590000-0x000000000759A000-memory.dmp

Filesize
40KB

Download
memory/5204-632-0x0000000007910000-0x000000000795C000-memory.dmp

Filesize
304KB

Download
memory/5204-626-0x0000000007AE0000-0x00000000080F8000-memory.dmp

Filesize
6.1MB

Download
memory/5204-743-0x0000000073DF0000-0x00000000745A0000-memory.dmp

Filesize
7.7MB

Download
memory/5204-628-0x0000000007780000-0x000000000788A000-memory.dmp

Filesize
1.0MB

Download
memory/5204-631-0x0000000007890000-0x00000000078CC000-memory.dmp

Filesize
240KB

Download
memory/5204-605-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/5204-756-0x0000000007650000-0x0000000007660000-memory.dmp

Filesize
64KB

Download
memory/5244-764-0x0000000005660000-0x000000000567C000-memory.dmp

Filesize
112KB

Download
memory/5244-745-0x0000000000E10000-0x0000000000E3A000-memory.dmp

Filesize
168KB

Download
memory/5244-854-0x00000000057C0000-0x00000000057DA000-memory.dmp

Filesize
104KB

Download
memory/5244-751-0x0000000073DF0000-0x00000000745A0000-memory.dmp

Filesize
7.7MB

Download
memory/5252-932-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/5252-833-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/5580-704-0x00000000008E0000-0x0000000000CD8000-memory.dmp

Filesize
4.0MB

Download
memory/5580-832-0x00000000060C0000-0x000000000626A000-memory.dmp

Filesize
1.7MB

Download
memory/5580-869-0x0000000006270000-0x0000000006402000-memory.dmp

Filesize
1.6MB

Download
memory/5580-713-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/5580-710-0x0000000005830000-0x00000000058CC000-memory.dmp

Filesize
624KB

Download
memory/5580-886-0x0000000005AA0000-0x0000000005AB0000-memory.dmp

Filesize
64KB

Download
memory/5580-889-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/5580-893-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/5580-895-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/5580-701-0x0000000073DF0000-0x00000000745A0000-memory.dmp

Filesize
7.7MB

Download
memory/5580-922-0x0000000006A00000-0x0000000006B00000-memory.dmp

Filesize
1024KB

Download
memory/5580-927-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/5580-934-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/6352-827-0x0000000002A00000-0x0000000002DFC000-memory.dmp

Filesize
4.0MB

Download
memory/6352-877-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/6352-830-0x0000000002E00000-0x00000000036EB000-memory.dmp

Filesize
8.9MB

Download
memory/7388-384-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7388-382-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7388-383-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7388-386-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/8100-676-0x000001FC5B460000-0x000001FC5B470000-memory.dmp

Filesize
64KB

Download
memory/8100-692-0x000001FC5B3D0000-0x000001FC5B41C000-memory.dmp

Filesize
304KB

Download
memory/8100-723-0x00007FF889B00000-0x00007FF88A5C1000-memory.dmp

Filesize
10.8MB

Download
memory/8100-686-0x000001FC5B720000-0x000001FC5B7E8000-memory.dmp

Filesize
800KB

Download
memory/8100-684-0x000001FC5B550000-0x000001FC5B618000-memory.dmp

Filesize
800KB

Download
memory/8100-681-0x000001FC5B470000-0x000001FC5B550000-memory.dmp

Filesize
896KB

Download
memory/8100-675-0x000001FC5B270000-0x000001FC5B356000-memory.dmp

Filesize
920KB

Download
memory/8100-674-0x00007FF889B00000-0x00007FF88A5C1000-memory.dmp

Filesize
10.8MB

Download
memory/8100-673-0x000001FC40D30000-0x000001FC40E90000-memory.dmp

Filesize
1.4MB

Download
memory/8180-424-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/8180-388-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download