mystic | 4ee62665bee26e893574dfaa20bf19b1f3673fb4d20c8a217a88ea21839f419a

Analysis

max time kernel
34s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
12-11-2023 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ee62665bee26e893574dfaa20bf19b1f3673fb4d20c8a217a88ea21839f419a.exe
Size

1.4MB
MD5

ebba8ba3fb8256db5d59de59b4501eb0
SHA1

98b7eede10a6aef536959903b8d5eb106f13db3d
SHA256

4ee62665bee26e893574dfaa20bf19b1f3673fb4d20c8a217a88ea21839f419a
SHA512

68f0b250514febe22f8dd5008c897f322f59c8f8e1983372e10c231059c5ffd58f53ebc70f8787390770ff0f485dabed119e9239696109dfe342e94d5b778034
SSDEEP

24576:Cyf+6gU2XBwtGbolis2reEIsuw3GYZsDM8cYSzIRNibajTZSN9vYDNe6Rwzk4ps:pfpj2xOwQDgejLkGBBcFHGHZSwRe6RwR

Score

10^/10

mystic redline smokeloader zgrat taiga backdoor paypal infostealer persistence phishing rat stealer themida trojan upx

Malware Config

Extracted

Family

smokeloader

Version

2022

http://5.42.92.190/fks/index.php

rc4.i32

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral1/memory/8140-407-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/8140-409-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/8140-408-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/8140-412-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Detect ZGRat V1 26 IoCs

resource	yara_rule
behavioral1/memory/264-846-0x000002204EC90000-0x000002204ED74000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-881-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-880-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-883-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-888-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-890-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-892-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-895-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-898-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-901-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-910-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-931-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-934-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-938-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-941-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-943-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-945-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-916-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-947-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-913-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-949-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-951-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-906-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-962-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-970-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1
behavioral1/memory/264-987-0x000002204EC90000-0x000002204ED70000-memory.dmp	family_zgrat_v1

Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 3 IoCs

resource	yara_rule
behavioral1/memory/7512-645-0x0000000000400000-0x000000000046F000-memory.dmp	family_redline
behavioral1/memory/7512-646-0x0000000000540000-0x000000000059A000-memory.dmp	family_redline
behavioral1/memory/6364-668-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
1368	qo8CU41.exe
2316	Ym3ld88.exe
4468	sy2Nd57.exe
2836	1yU41TX6.exe
5300	2SM8379.exe
8164	7Zv68Ud.exe

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x0006000000022e0b-1191.dat	themida

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000022de3-1084.dat	upx
behavioral1/memory/3616-1112-0x0000000000410000-0x0000000000939000-memory.dmp	upx
behavioral1/memory/5576-1145-0x0000000000410000-0x0000000000939000-memory.dmp	upx

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	Ym3ld88.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	sy2Nd57.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	4ee62665bee26e893574dfaa20bf19b1f3673fb4d20c8a217a88ea21839f419a.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	qo8CU41.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0007000000022ce7-26.dat	autoit_exe
behavioral1/files/0x0007000000022ce7-27.dat	autoit_exe

Detected potential entity reuse from brand paypal.
phishing paypal

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 5300 set thread context of 8140	5300	2SM8379.exe	172

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
7096	8140	WerFault.exe	172

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	7Zv68Ud.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	7Zv68Ud.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	7Zv68Ud.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
1464	msedge.exe
1464	msedge.exe
4360	msedge.exe
4360	msedge.exe
1440	msedge.exe
1440	msedge.exe
5540	msedge.exe
5540	msedge.exe
4080	msedge.exe
4080	msedge.exe
6404	msedge.exe
6404	msedge.exe
2236	msedge.exe
2236	msedge.exe
4284	msedge.exe
4284	msedge.exe
7124	msedge.exe
7124	msedge.exe
7828	msedge.exe
7828	msedge.exe
8384	identity_helper.exe
8384	identity_helper.exe
8164	7Zv68Ud.exe
8164	7Zv68Ud.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2836	1yU41TX6.exe
2836	1yU41TX6.exe
2836	1yU41TX6.exe
2836	1yU41TX6.exe
2836	1yU41TX6.exe
2836	1yU41TX6.exe
2836	1yU41TX6.exe
2836	1yU41TX6.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2836	1yU41TX6.exe
2836	1yU41TX6.exe
2836	1yU41TX6.exe
2836	1yU41TX6.exe
2836	1yU41TX6.exe
2836	1yU41TX6.exe
2836	1yU41TX6.exe
2836	1yU41TX6.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 1368	4528	4ee62665bee26e893574dfaa20bf19b1f3673fb4d20c8a217a88ea21839f419a.exe	89
PID 4528 wrote to memory of 1368	4528	4ee62665bee26e893574dfaa20bf19b1f3673fb4d20c8a217a88ea21839f419a.exe	89
PID 4528 wrote to memory of 1368	4528	4ee62665bee26e893574dfaa20bf19b1f3673fb4d20c8a217a88ea21839f419a.exe	89
PID 1368 wrote to memory of 2316	1368	qo8CU41.exe	92
PID 1368 wrote to memory of 2316	1368	qo8CU41.exe	92
PID 1368 wrote to memory of 2316	1368	qo8CU41.exe	92
PID 2316 wrote to memory of 4468	2316	Ym3ld88.exe	93
PID 2316 wrote to memory of 4468	2316	Ym3ld88.exe	93
PID 2316 wrote to memory of 4468	2316	Ym3ld88.exe	93
PID 4468 wrote to memory of 2836	4468	sy2Nd57.exe	94
PID 4468 wrote to memory of 2836	4468	sy2Nd57.exe	94
PID 4468 wrote to memory of 2836	4468	sy2Nd57.exe	94
PID 2836 wrote to memory of 4320	2836	1yU41TX6.exe	98
PID 2836 wrote to memory of 4320	2836	1yU41TX6.exe	98
PID 4320 wrote to memory of 3440	4320	msedge.exe	100
PID 4320 wrote to memory of 3440	4320	msedge.exe	100
PID 2836 wrote to memory of 3296	2836	1yU41TX6.exe	101
PID 2836 wrote to memory of 3296	2836	1yU41TX6.exe	101
PID 3296 wrote to memory of 1652	3296	msedge.exe	102
PID 3296 wrote to memory of 1652	3296	msedge.exe	102
PID 2836 wrote to memory of 4284	2836	1yU41TX6.exe	103
PID 2836 wrote to memory of 4284	2836	1yU41TX6.exe	103
PID 4284 wrote to memory of 1272	4284	msedge.exe	104
PID 4284 wrote to memory of 1272	4284	msedge.exe	104
PID 2836 wrote to memory of 3764	2836	1yU41TX6.exe	105
PID 2836 wrote to memory of 3764	2836	1yU41TX6.exe	105
PID 3764 wrote to memory of 4420	3764	msedge.exe	106
PID 3764 wrote to memory of 4420	3764	msedge.exe	106
PID 2836 wrote to memory of 2252	2836	1yU41TX6.exe	107
PID 2836 wrote to memory of 2252	2836	1yU41TX6.exe	107
PID 2252 wrote to memory of 448	2252	msedge.exe	108
PID 2252 wrote to memory of 448	2252	msedge.exe	108
PID 2836 wrote to memory of 4972	2836	1yU41TX6.exe	109
PID 2836 wrote to memory of 4972	2836	1yU41TX6.exe	109
PID 4972 wrote to memory of 1004	4972	msedge.exe	110
PID 4972 wrote to memory of 1004	4972	msedge.exe	110
PID 2836 wrote to memory of 3628	2836	1yU41TX6.exe	111
PID 2836 wrote to memory of 3628	2836	1yU41TX6.exe	111
PID 3628 wrote to memory of 4736	3628	msedge.exe	112
PID 3628 wrote to memory of 4736	3628	msedge.exe	112
PID 2836 wrote to memory of 752	2836	1yU41TX6.exe	113
PID 2836 wrote to memory of 752	2836	1yU41TX6.exe	113
PID 752 wrote to memory of 3840	752	msedge.exe	114
PID 752 wrote to memory of 3840	752	msedge.exe	114
PID 2836 wrote to memory of 1144	2836	1yU41TX6.exe	115
PID 2836 wrote to memory of 1144	2836	1yU41TX6.exe	115
PID 1144 wrote to memory of 3816	1144	msedge.exe	116
PID 1144 wrote to memory of 3816	1144	msedge.exe	116
PID 2836 wrote to memory of 5204	2836	1yU41TX6.exe	118
PID 2836 wrote to memory of 5204	2836	1yU41TX6.exe	118
PID 5204 wrote to memory of 5224	5204	msedge.exe	117
PID 5204 wrote to memory of 5224	5204	msedge.exe	117
PID 4468 wrote to memory of 5300	4468	sy2Nd57.exe	119
PID 4468 wrote to memory of 5300	4468	sy2Nd57.exe	119
PID 4468 wrote to memory of 5300	4468	sy2Nd57.exe	119
PID 4284 wrote to memory of 3852	4284	msedge.exe	122
PID 4284 wrote to memory of 3852	4284	msedge.exe	122
PID 4284 wrote to memory of 3852	4284	msedge.exe	122
PID 4284 wrote to memory of 3852	4284	msedge.exe	122
PID 4284 wrote to memory of 3852	4284	msedge.exe	122
PID 4284 wrote to memory of 3852	4284	msedge.exe	122
PID 4284 wrote to memory of 3852	4284	msedge.exe	122
PID 4284 wrote to memory of 3852	4284	msedge.exe	122
PID 4284 wrote to memory of 3852	4284	msedge.exe	122

C:\Users\Admin\AppData\Local\Temp\4ee62665bee26e893574dfaa20bf19b1f3673fb4d20c8a217a88ea21839f419a.exe
"C:\Users\Admin\AppData\Local\Temp\4ee62665bee26e893574dfaa20bf19b1f3673fb4d20c8a217a88ea21839f419a.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qo8CU41.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qo8CU41.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:1368
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ym3ld88.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ym3ld88.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\sy2Nd57.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\sy2Nd57.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1yU41TX6.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1yU41TX6.exe
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2836
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4320
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffbd5c746f8,0x7ffbd5c74708,0x7ffbd5c74718
        7⤵
        
        PID:3440
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,3049283277297443118,16998648245027059698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6404
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,3049283277297443118,16998648245027059698,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
        7⤵
        
        PID:6392
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbd5c746f8,0x7ffbd5c74708,0x7ffbd5c74718
        7⤵
        
        PID:1652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,1151205046861282780,12065346701477480882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5540
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,1151205046861282780,12065346701477480882,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
        7⤵
        
        PID:5524
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        6⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:4284
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbd5c746f8,0x7ffbd5c74708,0x7ffbd5c74718
        7⤵
        
        PID:1272
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2236
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
        7⤵
        
        PID:3852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
        7⤵
        
        PID:2368
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
        7⤵
        
        PID:6784
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
        7⤵
        
        PID:6776
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
        7⤵
        
        PID:7644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
        7⤵
        
        PID:8040
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
        7⤵
        
        PID:8180
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
        7⤵
        
        PID:7264
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
        7⤵
        
        PID:7528
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
        7⤵
        
        PID:7636
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
        7⤵
        
        PID:2036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
        7⤵
        
        PID:5472
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
        7⤵
        
        PID:6064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
        7⤵
        
        PID:8296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
        7⤵
        
        PID:8288
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
        7⤵
        
        PID:8728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
        7⤵
        
        PID:8736
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
        7⤵
        
        PID:8976
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
        7⤵
        
        PID:8984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8212 /prefetch:8
        7⤵
        
        PID:8276
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8212 /prefetch:8
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:8384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9128 /prefetch:1
        7⤵
        
        PID:3040
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
        7⤵
        
        PID:6044
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:1
        7⤵
        
        PID:4524
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8904 /prefetch:1
        7⤵
        
        PID:6336
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
        7⤵
        
        PID:8844
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
        7⤵
        
        PID:7060
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8816 /prefetch:1
        7⤵
        
        PID:5552
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,4622330187302145607,18000964015676857555,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5784 /prefetch:2
        7⤵
        
        PID:7860
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3764
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbd5c746f8,0x7ffbd5c74708,0x7ffbd5c74718
        7⤵
        
        PID:4420
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7553827626674964497,448561444497467454,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        7⤵
        
        PID:5100
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,7553827626674964497,448561444497467454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1440
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:2252
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbd5c746f8,0x7ffbd5c74708,0x7ffbd5c74718
        7⤵
        
        PID:448
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4733242145686989661,3978540934110024521,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4733242145686989661,3978540934110024521,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
        7⤵
        
        PID:4048
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4972
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbd5c746f8,0x7ffbd5c74708,0x7ffbd5c74718
        7⤵
        
        PID:1004
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,7342075823370837744,13934828871009691195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4080
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7342075823370837744,13934828871009691195,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
        7⤵
        
        PID:4980
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x80,0x16c,0x7ffbd5c746f8,0x7ffbd5c74708,0x7ffbd5c74718
        7⤵
        
        PID:4736
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,13280728570452666463,3363284049316817780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,13280728570452666463,3363284049316817780,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
        7⤵
        
        PID:3064
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffbd5c746f8,0x7ffbd5c74708,0x7ffbd5c74718
        7⤵
        
        PID:3840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,607224593427123252,357368236644035394,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4360
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,607224593427123252,357368236644035394,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 /prefetch:2
        7⤵
        
        PID:3588
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1144
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbd5c746f8,0x7ffbd5c74708,0x7ffbd5c74718
        7⤵
        
        PID:3816
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,2107157638967956196,9046828868442483164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:7124
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2107157638967956196,9046828868442483164,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        7⤵
        
        PID:7116
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:5204
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14228352755103296060,15669718891426491089,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:7828
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2SM8379.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2SM8379.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:5300
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        6⤵
        
        PID:8140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 540
        7⤵
        Program crash
        
        PID:7096
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Zv68Ud.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Zv68Ud.exe
      4⤵
      Executes dropped EXE
      Checks SCSI registry key(s)
      Suspicious behavior: EnumeratesProcesses
      PID:8164
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8Sy755GU.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8Sy755GU.exe
    3⤵
    PID:5956
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:6644
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:6364
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9QJ7AB3.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9QJ7AB3.exe
  2⤵
  PID:6280
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbd5c746f8,0x7ffbd5c74708,0x7ffbd5c74718
1⤵
PID:5224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 8140 -ip 8140
1⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\913F.exe
C:\Users\Admin\AppData\Local\Temp\913F.exe
1⤵
PID:7512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=913F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:7152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd4,0xfc,0x100,0xf8,0x104,0x7ffbd5c746f8,0x7ffbd5c74708,0x7ffbd5c74718
    3⤵
    PID:6180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=913F.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  PID:4680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbd5c746f8,0x7ffbd5c74708,0x7ffbd5c74718
    3⤵
    PID:5068

C:\Users\Admin\AppData\Local\Temp\E839.exe
C:\Users\Admin\AppData\Local\Temp\E839.exe
1⤵
PID:6536
- C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
  "C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"
  2⤵
  PID:4108
- - C:\Users\Admin\AppData\Local\Temp\Broom.exe
    C:\Users\Admin\AppData\Local\Temp\Broom.exe
    3⤵
    PID:3024
- C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
  "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
  2⤵
  PID:5416
- - C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
    "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
    3⤵
    PID:7144
- C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
  "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
  2⤵
  PID:1080
- C:\Users\Admin\AppData\Local\Temp\random.exe
  "C:\Users\Admin\AppData\Local\Temp\random.exe"
  2⤵
  PID:5832
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\random.exe" -Force
    3⤵
    PID:6552
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
    3⤵
    PID:5860
  - - C:\Users\Admin\Pictures\NIWJxzyrgtlHazxA6gOyUNZs.exe
      "C:\Users\Admin\Pictures\NIWJxzyrgtlHazxA6gOyUNZs.exe"
      4⤵
      PID:756
  - - C:\Users\Admin\Pictures\WZ19LgGeK3OVye5owOoEEmhE.exe
      "C:\Users\Admin\Pictures\WZ19LgGeK3OVye5owOoEEmhE.exe"
      4⤵
      PID:6112
  - - C:\Users\Admin\Pictures\KkDRTdUS5FuVar9KWNwYxx46.exe
      "C:\Users\Admin\Pictures\KkDRTdUS5FuVar9KWNwYxx46.exe"
      4⤵
      PID:5248
  - - C:\Users\Admin\Pictures\9UsyCy985IydHsDzGfyR5XUy.exe
      "C:\Users\Admin\Pictures\9UsyCy985IydHsDzGfyR5XUy.exe"
      4⤵
      PID:844
  - - C:\Users\Admin\Pictures\TpcK6lAGyorRnIUGlpqsowuc.exe
      "C:\Users\Admin\Pictures\TpcK6lAGyorRnIUGlpqsowuc.exe"
      4⤵
      PID:7516
  - - C:\Users\Admin\Pictures\K8JHeVwwFdU9eEdMhkgstK6P.exe
      "C:\Users\Admin\Pictures\K8JHeVwwFdU9eEdMhkgstK6P.exe" --silent --allusers=0
      4⤵
      PID:3616
    - - C:\Users\Admin\Pictures\K8JHeVwwFdU9eEdMhkgstK6P.exe
        
        C:\Users\Admin\Pictures\K8JHeVwwFdU9eEdMhkgstK6P.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=104.0.4944.54 --initial-client-data=0x2e0,0x2e4,0x2e8,0x2bc,0x2ec,0x6b765648,0x6b765658,0x6b765664
        5⤵
        
        PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\K8JHeVwwFdU9eEdMhkgstK6P.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\K8JHeVwwFdU9eEdMhkgstK6P.exe" --version
        5⤵
        
        PID:7144
    - - C:\Users\Admin\Pictures\K8JHeVwwFdU9eEdMhkgstK6P.exe
        
        "C:\Users\Admin\Pictures\K8JHeVwwFdU9eEdMhkgstK6P.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=3616 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20231112194658" --session-guid=0968a598-1e42-4ce0-8585-23514d6ffe58 --server-tracking-blob=NGYzYzI1NzQ4N2ZhOTk1YjUwNWRlMmVmOTYyZmY0NTdhNzI3YWVkMTE4YjE1NjUyZTI0NWFhZjNkZThlNDk0Mjp7ImNvdW50cnkiOiJOTCIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1ta3QmdXRtX2NhbXBhaWduPTc2NyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY5OTgxODQwNy4yODc5IiwidXRtIjp7ImNhbXBhaWduIjoiNzY3IiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoibWt0In0sInV1aWQiOiI0NTAzZTM4NC1mMzdjLTQ5NTQtYWFhZi1kZmZhYzY5MmNkMjgifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0005000000000000
        5⤵
        
        PID:2836
      - C:\Users\Admin\Pictures\K8JHeVwwFdU9eEdMhkgstK6P.exe
        
        C:\Users\Admin\Pictures\K8JHeVwwFdU9eEdMhkgstK6P.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=104.0.4944.54 --initial-client-data=0x2ec,0x2f0,0x2f4,0x2bc,0x2f8,0x6a825648,0x6a825658,0x6a825664
        6⤵
        
        PID:8840
  - - C:\Users\Admin\Pictures\c2lVFhrgehOgnANp1Krbpkgt.exe
      "C:\Users\Admin\Pictures\c2lVFhrgehOgnANp1Krbpkgt.exe"
      4⤵
      PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Broom.exe
        
        C:\Users\Admin\AppData\Local\Temp\Broom.exe
        5⤵
        
        PID:5888
  - - C:\Users\Admin\Pictures\jM1x5CU8lok6zxHhuYVv8JeL.exe
      "C:\Users\Admin\Pictures\jM1x5CU8lok6zxHhuYVv8JeL.exe"
      4⤵
      PID:5116
  - - C:\Users\Admin\Pictures\QNOPh6kiZUjn8CWSFjwBdux6.exe
      "C:\Users\Admin\Pictures\QNOPh6kiZUjn8CWSFjwBdux6.exe"
      4⤵
      PID:6544
- C:\Users\Admin\AppData\Local\Temp\latestX.exe
  "C:\Users\Admin\AppData\Local\Temp\latestX.exe"
  2⤵
  PID:5056

C:\Users\Admin\AppData\Local\Temp\F01A.exe
C:\Users\Admin\AppData\Local\Temp\F01A.exe
1⤵
PID:6652
- C:\Users\Admin\AppData\Local\Temp\F01A.exe
  C:\Users\Admin\AppData\Local\Temp\F01A.exe
  2⤵
  PID:264

C:\Users\Admin\AppData\Local\Temp\10D2.exe
C:\Users\Admin\AppData\Local\Temp\10D2.exe
1⤵
PID:6488
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  2⤵
  PID:6460

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
1⤵
PID:5608

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
1⤵
PID:8748

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
1⤵
PID:6480

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
1⤵
PID:5700

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
1⤵
PID:6304

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
1⤵
PID:8000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4b290530-fd4d-4261-8b71-1a6e09492f91.tmp

Filesize
2KB

MD5
37d9230484c1e3ec5edd51a9380321e4

SHA1
c59cbaa9497b60697fbace940bb11d2a16bb3378

SHA256
575db675e9172e48f140a78cbfee19d1bf8de182b84a9849791ba624587f047e

SHA512
f18f21a48d87913e78bdb4162751e571fa75a471d2e32e55d8dc69afb4d8f3b21b1eb011b40a66a3273b926e60fd88d46f8c048d96dd1361b7d8f97ec1ffd0d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4ec0643d-9020-4f0a-a0cc-9abe2c356b28.tmp

Filesize
2KB

MD5
2a36ace5d806b9396ee7112b041c5b38

SHA1
933927f31b9be29ec343a1f9d281ac929fc48cfa

SHA256
a6cd9d11cdffc05cc7f7c8c37ca7e407b8d2c53131b4f9c3b432c08198244762

SHA512
5fa62a7ffbefcdfc3736ac543683618d345b7f58697c49cad94a2fecc0833f0fd87f2e1f6c24d68407786442ca628251168f26b41e53e1b1113624a2f0f27afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7c42ab66-e517-4528-a074-783e22b34d0e.tmp

Filesize
2KB

MD5
661076b667aae0581928ea1c9d7ed0dc

SHA1
967f89d60d29b420c35a3bf4d0624078437dfef3

SHA256
8be495ef029b75eb2c409b745ab246e10143866ca92a133d56d0a9e81256debb

SHA512
9d2aa6ee9fb914d0ed116cd24c51a925a52f6875d7dd6da1ae2a8fd9fba4840865150eefb03b798ab0a7fe8153638a4c3b88eaffa76f2ecc56c4d57b0b52d685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
33KB

MD5
fdbf5bcfbb02e2894a519454c232d32f

SHA1
5e225710e9560458ac032ab80e24d0f3cb81b87a

SHA256
d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c

SHA512
9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
224KB

MD5
4e08109ee6888eeb2f5d6987513366bc

SHA1
86340f5fa46d1a73db2031d80699937878da635e

SHA256
bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339

SHA512
4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
186KB

MD5
740a924b01c31c08ad37fe04d22af7c5

SHA1
34feb0face110afc3a7673e36d27eee2d4edbbff

SHA256
f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0

SHA512
da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c9ea1aa0bdae2e403767e39985748ec0

SHA1
96fee5e0abaf0c5f2f7bfdd571447621a33e6a3b

SHA256
d0bee343d1039965d8ededb6529de6d29e4ad1dfb1ce3fcc1379b99b8fca5403

SHA512
abcefdc5abcb37085f20d263c6df50e4f5d069b2ab62b5abf709c248d91b0631a5958cbac3be0b5988c1f65e7aa7a3326dd9cc49657b23e4aebd1ca87b3826b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cd9316e39b6252af32c343e5dd504f61

SHA1
c907cb492fde53f747536e33526ccbc8429508b4

SHA256
5af034f7781de976b6c1127c1dc855c6ec2b99d32f03355f832a61de35684d34

SHA512
4700e68485064865d2a5abdbe0a05625a50266bf1295fd9ffec0d5d9f405a8936ab4ad7573dc044fac20191d5a2482da9a28646e445814ff3b35d8eed5150eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b199abf16aea32a9950b0c4fa21a6c5d

SHA1
36d86990e164da4af08bc3d67c645be9df52c119

SHA256
7b4dd893bad870bb2894722719080fa91a160789e7bcd5b69602b3909360f888

SHA512
de7df1ee8b07f629fe45f6612bfd7c626824275c19b89be318ce9ba8300461c816495c8477e0c0b8ad14a79fec628f07f8daef197c55fddea5cc6ff625d4ddba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
fb10cfa689df7cc86d1f1af2270556b3

SHA1
cd2903f76c2a20b5d259a9502c0de55d56e4d375

SHA256
b81676159f22016c08d6723781ed5ac9c1d9490c94be268590744672b4f7011e

SHA512
74433d150e6e1cccb9934a6903e1cf36d72c631b46c1aea580821414fe3333e2d85550a464e4d7109e96c9244695d1db35d67f5c7b27b4eede99e75a061d81c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
60f6809102e6b01327c14ab879456d98

SHA1
227c256321eda693fb17ef522ff2f7c3116ba201

SHA256
552e9a917c8713749ee1d8ed086a8bfeee9f05eb444ca7f72a8cbf68e2d32396

SHA512
4eaf61253fd4024e400cad10fee399af173f488c02ac4a7104acef8946942b21cc6304526234721768db45aa6715a7a621d604c8f098bc6b7ede763ff58c02eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5b04b3d562d1131dbbc29c1e7c00c68a

SHA1
18782796ebc947735327ed75a24fa326e5c0c89d

SHA256
09b3448f8e810eedbf89b24c6dd320f170fc66133180c9f470b484dda7d1bf41

SHA512
913b1d4a73b653c765543b4f4447162a610ac14118ea362874f653b55164b19027d0b49e6157097d2c869e760b4ad638d75f104358087f363470736648eec0e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2488275142a1bc20458f18465bb5d48c

SHA1
19b1ce070ad3cb1ede6edb2e26fcb474e10cdd19

SHA256
178a8e024f310927bb068ec83bc5c936ed10170831d2382fe595d5b95714a744

SHA512
1988217f8eddba35cb58a6b7eb7366f1de6f1506e1c32ae88ff1d4caf3653c806b551c946f489ffa6327fcf32edc97b56733c500a766f85b9ff53a673598c7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f34b8c5da48fcb47fe5ae6cfa1adaecd

SHA1
abcce89d9f8d91d508ba458fa7216c42646171c9

SHA256
9e2d34623d2b6cdf124f3597d596d6b0503e1e9bc4cc769e8185e752dee7b7dc

SHA512
b27a4dd74cfe4aa43326ea81d0484cdeb2ff75b49b2969fe322e025e0b241a97c44374497d3ce80519b1424e284b140dd3f1664439bdf24e29c3db4a865fd4db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0448199cfc770bab31e24672dc64fc47

SHA1
40b6f9f402a4484de52aee28b3308e2d2367576f

SHA256
6e62aff22f7ccc212bef35b3875430613de50d861eedbc40f9c35426b010c9cd

SHA512
9d8c2be7135c598eece073384f3f6dcc61a7ac7b72c70a93565ad32189ff5457c415f31051ffef80eeaa5f0a069a7da3f09939afc2d78e6d5f938009a811414a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4ad594ae7e5470107ae84f7f7c836015

SHA1
db97a06ddfe30fe8ad08e939ae635e52d9a3ea01

SHA256
f3bd62163295499f749acf560d0ae7406983d02dca4da775dad43a4313566962

SHA512
554bd0eff1d4ccf7a9dfae2d35c1b7ce3cb08313e4d3c0f85e501720d2132763e74974a9b664f12d62bccff7f8f68cec9bfaf62857eca405d4ffff5dc05c540b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e4dbadff0a8706da2e4afb4ab8d8b573

SHA1
5bb4a7000dbfa1fa9a7ca7d7c3689fe8a91a0b0a

SHA256
8e4fd8ec5105784b85a44f11008aa35e0b447ae3361a5af81e9c6f7baa9f1229

SHA512
a6ab0b68d130e98c4f02682425c48f4205991460b689bcf6273521bdc23f68cedf2e6cb019e31d079cf2a6171318b04f76468ea753c9422a37ad573381687fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fc2676993f7a23146d99121c87e38fda

SHA1
663ec3e7b96584ee579c1d9cff5697879d4cbf03

SHA256
d2dec5ec3b295c13ecedca3bbe2dc18429a7bd7462aba51e3493becc913ef08f

SHA512
6b8c75dde88967cdd7ffd7f51b3ab48726e6d430a8f18051cc37b99a4f91330e10dea81e71bef24ac3312188bbeddbc488f4ee0525fbc456979a55434ee40cd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c9054d7a098f7440235a88d34722f58b

SHA1
97502ed0a65d3f01577e028a6e3f86e5edcd79b5

SHA256
879f78782b6d3d0b1a26d1dfd8cb406387f856f0a82fc9221dbf1ac19bbc66ab

SHA512
43e76105c8fd39bd4fc08b010348ee88f0ceb35ca739e7d7edd9a810d6ef00d533ee3aaa586cbc530e9bca17fa6898f5da7783447e9d55b2e9d111fe815710eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
01015fa9eed61d53802f2a9365bed28e

SHA1
5649b55ef1fcc1e2d963619e805107a9621fd987

SHA256
9e52271c5b489405c5b6ef6ad940ab5004e7f1da7552dac11133d51cd4c96322

SHA512
4ebe23838ecf44f1d795d90ff566ab5d7a5336d8382252844832ad7640baa3b50273e53bc7d5c7bee28c7efee30e3a3a020e91ec94a8aae0064a222fcf5ba594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585dbb.TMP

Filesize
1KB

MD5
26d5585beecf6a70bf7dbfe955e2d14f

SHA1
2475a73c8113ec5cb1c3f7c1d3c04e363a17d9da

SHA256
9b2451673125e0fe2575d055f2c732d556ef390984a71e2b13a17a9395112959

SHA512
10772dc68189f3e2447526cc4c4a71cd74342b0f5c61c3532884215e5919991ef74602355bebcd4407a26055363a682b981872121abeb7e733999a73cd3846ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
37d9230484c1e3ec5edd51a9380321e4

SHA1
c59cbaa9497b60697fbace940bb11d2a16bb3378

SHA256
575db675e9172e48f140a78cbfee19d1bf8de182b84a9849791ba624587f047e

SHA512
f18f21a48d87913e78bdb4162751e571fa75a471d2e32e55d8dc69afb4d8f3b21b1eb011b40a66a3273b926e60fd88d46f8c048d96dd1361b7d8f97ec1ffd0d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ab056a253e6aaeb1d86f473f6c3ed9c9

SHA1
0145ca0589e097595cffa8e38f45b5ddcd11677b

SHA256
89cc4bc84cccd72814161fea1298d06fce12af85dfa27c5a3c593db7ee60bbf1

SHA512
20e7f0514c57121246e5fefb4167816e21844508471434eda92b1dccaf78877ff3ba6d4b4513a55630c04835e0835f4b98a9b5d93fff94881982a7e132a038cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
54d6e0792624d369e526ea40b27f392b

SHA1
e672e99090796629b3a5f26a4b0f2d8d455cedac

SHA256
84bf096ff29e1bdc80af7bb3a75a886b28ec530dc1aa7ba2ac50d2b87f41e6f7

SHA512
54eae63d6b03e4393837564e958288b0084cc3aaa8983efe1e3165eecc0eed04e0e4dc33fa0594cfa4ac3420011f2e13d983f36241fe3ad8a343d0d115971cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
54d6e0792624d369e526ea40b27f392b

SHA1
e672e99090796629b3a5f26a4b0f2d8d455cedac

SHA256
84bf096ff29e1bdc80af7bb3a75a886b28ec530dc1aa7ba2ac50d2b87f41e6f7

SHA512
54eae63d6b03e4393837564e958288b0084cc3aaa8983efe1e3165eecc0eed04e0e4dc33fa0594cfa4ac3420011f2e13d983f36241fe3ad8a343d0d115971cc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
661076b667aae0581928ea1c9d7ed0dc

SHA1
967f89d60d29b420c35a3bf4d0624078437dfef3

SHA256
8be495ef029b75eb2c409b745ab246e10143866ca92a133d56d0a9e81256debb

SHA512
9d2aa6ee9fb914d0ed116cd24c51a925a52f6875d7dd6da1ae2a8fd9fba4840865150eefb03b798ab0a7fe8153638a4c3b88eaffa76f2ecc56c4d57b0b52d685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9ff30681a04b7f77ea4c6e4baf421763

SHA1
f4d92732fb4538bc2fd5e7a5f6c095d3244bd74a

SHA256
20c8deefc3826a33671c244ec9e695a13e98333075f782debfa8b57dc8ec50de

SHA512
508b6702aaf1006d87441604665c31a15f3c2d26d9b1f671d66dd0694e37295d542b3e3d7b158efa3d2204ccbc87a2543c9ad2d0b98b6c4b1804cff6b936b5e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9ff30681a04b7f77ea4c6e4baf421763

SHA1
f4d92732fb4538bc2fd5e7a5f6c095d3244bd74a

SHA256
20c8deefc3826a33671c244ec9e695a13e98333075f782debfa8b57dc8ec50de

SHA512
508b6702aaf1006d87441604665c31a15f3c2d26d9b1f671d66dd0694e37295d542b3e3d7b158efa3d2204ccbc87a2543c9ad2d0b98b6c4b1804cff6b936b5e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0940f1f0143be6974cc2821e8e9be2bd

SHA1
57d77d11df54611385627d5b3964f2be8912889f

SHA256
d7899c06b6c5082ff901e3c309c38e250d1d17663b922ea77f6263b9b91fa325

SHA512
3a61171d765d2c7b9f501fc3117e5f8bb276923c7a6667760158cde48dc7627d71a14e75ec8e6b4dbe58f5fdf49262f0965bda811d040918de71605519f211cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
2a36ace5d806b9396ee7112b041c5b38

SHA1
933927f31b9be29ec343a1f9d281ac929fc48cfa

SHA256
a6cd9d11cdffc05cc7f7c8c37ca7e407b8d2c53131b4f9c3b432c08198244762

SHA512
5fa62a7ffbefcdfc3736ac543683618d345b7f58697c49cad94a2fecc0833f0fd87f2e1f6c24d68407786442ca628251168f26b41e53e1b1113624a2f0f27afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e774d7ac231ed7861a6276143458789d

SHA1
e2e0db402ef2d5f1546309cf74412f71eca17d47

SHA256
76e5abdaf858fe3bc32ece23cc7b1fa7a3260a30b2be85b2b0c7bd842533ae91

SHA512
ff92a0059cf0e2f1f1a660e024eaee47ab62ddf170c9a0ca97516451bdc6363af3711371e1b9b8a65ee2b6ec998c7be73698098e3e95a71232464022b10b28c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e774d7ac231ed7861a6276143458789d

SHA1
e2e0db402ef2d5f1546309cf74412f71eca17d47

SHA256
76e5abdaf858fe3bc32ece23cc7b1fa7a3260a30b2be85b2b0c7bd842533ae91

SHA512
ff92a0059cf0e2f1f1a660e024eaee47ab62ddf170c9a0ca97516451bdc6363af3711371e1b9b8a65ee2b6ec998c7be73698098e3e95a71232464022b10b28c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9181330a1bcdc1ef1ff16848a04968a0

SHA1
cff43ec51a931c67a9b31d993be68254a3d77117

SHA256
c73d9509590fa38d2dc8037401526306815c1cbfe1c4b5f6542fb43e1584cc1c

SHA512
5d89392a2842a02c640b3e4ff8ca9488fa7a7f31d57ff30a6eec0ea890a56da00a43dd54892a68c702312ed134347f4ef6755f2012b8a3345dffbd7f936746db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9181330a1bcdc1ef1ff16848a04968a0

SHA1
cff43ec51a931c67a9b31d993be68254a3d77117

SHA256
c73d9509590fa38d2dc8037401526306815c1cbfe1c4b5f6542fb43e1584cc1c

SHA512
5d89392a2842a02c640b3e4ff8ca9488fa7a7f31d57ff30a6eec0ea890a56da00a43dd54892a68c702312ed134347f4ef6755f2012b8a3345dffbd7f936746db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f67681689c309a3cff911efe38191aac

SHA1
dee566b16800abded78a07c7ad9f874a1d026ebb

SHA256
11cda38ee347c04e941fa452644a764ca4f2e3c7c2b97a5b0fa6bd6e90d7f2db

SHA512
484975564172bff7d19e0c1006b6f21992028b234d5360c40dce9975018a62c39416416877283f834fa76cfcfdd689165100b00a4acd958eaca69cf160ff52f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
f67681689c309a3cff911efe38191aac

SHA1
dee566b16800abded78a07c7ad9f874a1d026ebb

SHA256
11cda38ee347c04e941fa452644a764ca4f2e3c7c2b97a5b0fa6bd6e90d7f2db

SHA512
484975564172bff7d19e0c1006b6f21992028b234d5360c40dce9975018a62c39416416877283f834fa76cfcfdd689165100b00a4acd958eaca69cf160ff52f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7f17dabfb2877ac877c34ffdeea684a0

SHA1
13dbd2f71a2d8d9fe19c3ace148c0a752aee59d4

SHA256
ad78d4ab38d8a6d3fced27ad47d7a5bb778924365abada817726a4c3958fb491

SHA512
8ab6b43cb04c252c23884bae034d0dab27d351c8065f8c67181cfba8c524dfbaf3575f92f7f607eb29d7ff9e01331604f6f31ac2f96e5332c6c4aa96297ccc21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bd385400-f4ba-481e-b608-24da83669e00.tmp

Filesize
2KB

MD5
0940f1f0143be6974cc2821e8e9be2bd

SHA1
57d77d11df54611385627d5b3964f2be8912889f

SHA256
d7899c06b6c5082ff901e3c309c38e250d1d17663b922ea77f6263b9b91fa325

SHA512
3a61171d765d2c7b9f501fc3117e5f8bb276923c7a6667760158cde48dc7627d71a14e75ec8e6b4dbe58f5fdf49262f0965bda811d040918de71605519f211cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Filesize
4.1MB

MD5
df8a130ef93c8922c459371bcd31d9c7

SHA1
7b4bdfdabb5ff08de0f83ed6858c57ba18f0d393

SHA256
0a394d266e36ef9b75ae2c390a7b68fa50e5188b8338217cf68deda683c84d40

SHA512
364f4c1cb242115266eea05a05bdc1068a6ce7778ae01f84dc3e570acbf5cda134f15e0addd2c7818fba326708b30362f29279e0ce96db51a8db73729f4af99a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qo8CU41.exe

Filesize
1006KB

MD5
3e1634d7124b44ebd6d2bdde52bce6fa

SHA1
fb8b4c48afe13790961500da9093ca39642a8e03

SHA256
fc5d5366cb27e2a3bb23cc989581f468c96862c4d1eb8ff139df71cfc7b6b7f2

SHA512
02a18335b61ed52d8fe2d2b0f394e5bcb0ff89c95e58f4df00c55f2d74a1c5100118ea90640972fbe624b85a7c24b5aa5233ef127c8f6a2d94b7d9da7c5d6d4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qo8CU41.exe

Filesize
1006KB

MD5
3e1634d7124b44ebd6d2bdde52bce6fa

SHA1
fb8b4c48afe13790961500da9093ca39642a8e03

SHA256
fc5d5366cb27e2a3bb23cc989581f468c96862c4d1eb8ff139df71cfc7b6b7f2

SHA512
02a18335b61ed52d8fe2d2b0f394e5bcb0ff89c95e58f4df00c55f2d74a1c5100118ea90640972fbe624b85a7c24b5aa5233ef127c8f6a2d94b7d9da7c5d6d4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ym3ld88.exe

Filesize
783KB

MD5
37870832033404e7328c45ec3df0bc50

SHA1
d7d49d0251a0c6aae9346c54f2db50c5e2e27919

SHA256
1afcc9934e962157210aef77f66411ccddfe4b0e8c9ef6b7e1fa3b125758eee7

SHA512
01a283ea2dbe36c7a7a2d65515f384fe017058708a6d244a4bf02b6b30fc004fa42c337d73df53d64b4ed34b2a4d2bd18fa66b6629abe56b26b8b6e06e9caeed

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ym3ld88.exe

Filesize
783KB

MD5
37870832033404e7328c45ec3df0bc50

SHA1
d7d49d0251a0c6aae9346c54f2db50c5e2e27919

SHA256
1afcc9934e962157210aef77f66411ccddfe4b0e8c9ef6b7e1fa3b125758eee7

SHA512
01a283ea2dbe36c7a7a2d65515f384fe017058708a6d244a4bf02b6b30fc004fa42c337d73df53d64b4ed34b2a4d2bd18fa66b6629abe56b26b8b6e06e9caeed

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\sy2Nd57.exe

Filesize
658KB

MD5
59c3235f25cd22db8f20e6f116bf14d5

SHA1
a8b041db8c280261d1246016211e43e2e360c48a

SHA256
3012f4738a9831de629c8e96baaf9c900962de4881c3107f520f8d2eb48e5085

SHA512
47f6e76f730f19ac05ea86a9a3a7839de795d8f5469476e96fbfb21951f75a24a2c77fa86adf904fb41c2f03c6f6a9478b918edc8e992c0693f226b0eceb9a71

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\sy2Nd57.exe

Filesize
658KB

MD5
59c3235f25cd22db8f20e6f116bf14d5

SHA1
a8b041db8c280261d1246016211e43e2e360c48a

SHA256
3012f4738a9831de629c8e96baaf9c900962de4881c3107f520f8d2eb48e5085

SHA512
47f6e76f730f19ac05ea86a9a3a7839de795d8f5469476e96fbfb21951f75a24a2c77fa86adf904fb41c2f03c6f6a9478b918edc8e992c0693f226b0eceb9a71

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1yU41TX6.exe

Filesize
895KB

MD5
d1d7c851dd539900af145bf795f148f6

SHA1
e7df57f256e1bfaaf9edd836278cec0500d856b6

SHA256
0ae248b8879e0da16102082b0c488136f5ee4b590cdfab63a469ea9ab774b068

SHA512
77d79ebfb0587df7bb3082465342bbd70b4fb0c66b7fae924fb2d851089245f66f35a7a71196a606742d5c7027a62b911f2f8e7e3fe6bffa22c78deb0f1b48bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1yU41TX6.exe

Filesize
895KB

MD5
d1d7c851dd539900af145bf795f148f6

SHA1
e7df57f256e1bfaaf9edd836278cec0500d856b6

SHA256
0ae248b8879e0da16102082b0c488136f5ee4b590cdfab63a469ea9ab774b068

SHA512
77d79ebfb0587df7bb3082465342bbd70b4fb0c66b7fae924fb2d851089245f66f35a7a71196a606742d5c7027a62b911f2f8e7e3fe6bffa22c78deb0f1b48bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2SM8379.exe

Filesize
283KB

MD5
65fb35d2d3b863723e67c6f747b044f6

SHA1
b0bc0af17348c989b240e77ebfa86dc19efc83a9

SHA256
52c76ae286d4f1c4d0f55e8e6d2bac79c59306fac380804fbd65f9117f5e911c

SHA512
e2a6f116b538d301f540e399411f1a68d9854de62122ce442347fa7b90bd6e7408b99498bc043c7c5f23910d831c12e145736fa72daf266c8b5282ea9d4a23b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2SM8379.exe

Filesize
283KB

MD5
65fb35d2d3b863723e67c6f747b044f6

SHA1
b0bc0af17348c989b240e77ebfa86dc19efc83a9

SHA256
52c76ae286d4f1c4d0f55e8e6d2bac79c59306fac380804fbd65f9117f5e911c

SHA512
e2a6f116b538d301f540e399411f1a68d9854de62122ce442347fa7b90bd6e7408b99498bc043c7c5f23910d831c12e145736fa72daf266c8b5282ea9d4a23b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

Filesize
2.5MB

MD5
f13cf6c130d41595bc96be10a737cb18

SHA1
6b14ea97930141aa5caaeeeb13dd4c6dad55d102

SHA256
dd7aaf7ef0e5b3797eaf5182e7b192fa014b735e129e00e0c662829ce0c2515f

SHA512
ccd4f57b1af1f348fcf9f519a4789c04b499ac5e02ccb7333d0a42fa1cb1fdf9f969103b3a5467e278cd5c6cbbbbebaac4577d0c220e13335575a13408c79b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2311121946558627144.dll

Filesize
4.6MB

MD5
0d2cf5e6c13d156467618f37174dd4b5

SHA1
a324c41cbbf96e458072f337a2ef2a61db463d60

SHA256
1845335f4172bd93f2011ff12da6f3d2f99d33740cc1f3ab2201b8205cb773b6

SHA512
f2af281d0702aab8984de88376986f09efc1f4c891353bc6bd4f2c40576ae33858912261502c78b5e0fa92f255a992d4532cf9a9e76a53b46ea263a6b60e2cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_c3j3zm4x.2n0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\latestX.exe

Filesize
5.6MB

MD5
bae29e49e8190bfbbf0d77ffab8de59d

SHA1
4a6352bb47c7e1666a60c76f9b17ca4707872bd9

SHA256
f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87

SHA512
9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\random.exe

Filesize
141KB

MD5
326781a332c7040492dc96b13fb126e5

SHA1
d03d8e89a6c75a14f512eeabf180a2f69d30e884

SHA256
0f09f8f60741e8b3c28dc927ff1b3318d8faa623d641704b605bc38142f54f28

SHA512
e701babafad09f1115511949f3061275bc6fbc54756d40f038aa9be708ff06736413367395bff7e157035aa9260ada439ad9a8d4c2c48c14de94c42f6ec0c2bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

Filesize
221KB

MD5
82cd8d85dc427bfd991758f573525d23

SHA1
8a9f53dced366c5afb0e2a26186059fc34f9423d

SHA256
728a6f117ca91dfa121d74832b9eac2b995ec9887700c7832603730e0300bf4b

SHA512
422ecd38f2d744138dbc9994756407c4bccb9d539cda18bcf873824d1658c9fd264f31af356e171ff728e98d1a90e88af776b238b8fb7d4b4102ff9a8cc10e8a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
750ba44d26d502742d0e62727d029e69

SHA1
d8dd40b24fe2ab14f4cd4d8db2e24d432777d88a

SHA256
1f81a5721939d80faa41dfffb48b6b174029e1f1a50104ef53b146e0276be9c0

SHA512
0bc0a41f9fc9035c103d362ef432209a28d62c4c8457a439dc7162b3d5d74a2f03958bb9fc41d4ce9ab3841bb9da590c4d9c3d2f01c672bfceea4a2394c18116

Download Submit
C:\Users\Admin\Pictures\K8JHeVwwFdU9eEdMhkgstK6P.exe

Filesize
2.8MB

MD5
73ac7b5a209e46f949297c8e66282e70

SHA1
6e9964d39fc641da1dbd24ebb2fde6686526de98

SHA256
da4bcacfaeaa1dcb01ca65803ebb5433ab135f075b1ea846154e097ae46ebf8d

SHA512
1dc8c0126ade2d1d1a971e7f408172e2d4d0886120787190b70672f46f6feff9d5325ff932204ba12ba75bbc33be5bf1c79eb34fc9e619114a82da509b079441

Download Submit
C:\Users\Admin\Pictures\KkDRTdUS5FuVar9KWNwYxx46.exe

Filesize
5.2MB

MD5
9873907d252dcecd6baea9a11ac4b0da

SHA1
102562c75d3dbb2c9b2922674f83c5f0f36e3d0c

SHA256
a5c68511132b9590f0d60bc6fa5f43999c25d636d0b29aae1ff3787688907fe7

SHA512
2054607e09f31d65060a8b8205755f785b5ea0be9b248977b00fa95ed2938313309876d91b7fef5d33866024cf52cf0dd7a73336e703e035770e24b506db19c8

Download Submit
C:\Users\Admin\Pictures\NIWJxzyrgtlHazxA6gOyUNZs.exe

Filesize
221KB

MD5
4ea71b88c6102990496206084fe59321

SHA1
32e2ccdb47350a561353fe2393f34839e3eef887

SHA256
f3a9883557b07a8bbe3ad42bf14420eb6a719c7e331c5611fe532edee2642cb6

SHA512
b7eb56da2f7ccbd70c7ec1064530e61419bb7b33eae1a74ae620caa4f58be562ee9f8edf07248d45165234fd42dba63d9b6d5d616b3815db7ef170c5b466cf39

Download Submit
C:\Users\Admin\Pictures\QNOPh6kiZUjn8CWSFjwBdux6.exe

Filesize
4.8MB

MD5
ff6c6212c086b2ea7bb1537a6e9b0abb

SHA1
f058d292f83c16450af74d870056cb742d23b3a3

SHA256
1abe626a7cbd4639f1ba56a6c4dab7f2dd9ad08396eb80ee4a21b0f7ef69d875

SHA512
3b495b12a67cc1cfb73a195ffe62bcccd3d8cf7a8abe556f493d74c835e453b8ad80529b4a24150b25c0eee2807d5fc9e0d43f572869a926435017311cdd97d5

Download Submit
C:\Users\Admin\Pictures\TpcK6lAGyorRnIUGlpqsowuc.exe

Filesize
3.1MB

MD5
823b5fcdef282c5318b670008b9e6922

SHA1
d20cd5321d8a3d423af4c6dabc0ac905796bdc6d

SHA256
712f5bb403ca4ade2d3fa47b050aac51a9f573142fd8ba8bf18f5f8144214d8d

SHA512
4377d06a71291be3e52c28a2ada0b89ff185a8887c4a75972cdc5e85d95da6538d1776bc49fb190c67b8e6497225f1d63b86793f4095c8fb990a5f6659216472

Download Submit
C:\Users\Admin\Pictures\WZ19LgGeK3OVye5owOoEEmhE.exe

Filesize
145KB

MD5
90dd1720cb5f0a539358d8895d3fd27a

SHA1
c1375d0b31adc36f91feb45df705c7e662c95d7d

SHA256
e69a88b0f9ec61f4acf22f9a3d96f60eb3a04db58a74eb4315700ac465de9e01

SHA512
c6e3f1e03f93f6aaa1b93bca21f3a93d6539ede45b06869d3a1daf983d5f1c68bc7e8895126b3d02d4b85854ac3991ecada77ddff2cbdc81c1e93f1f12c4ada1

Download Submit
C:\Users\Admin\Pictures\ZLfWNymYPT3lCSjub8ibMNIp.exe

Filesize
7KB

MD5
fcad815e470706329e4e327194acc07c

SHA1
c4edd81d00318734028d73be94bc3904373018a9

SHA256
280d939a66a0107297091b3b6f86d6529ef6fac222a85dbc82822c3d5dc372b8

SHA512
f4031b49946da7c6c270e0354ac845b5c77b9dfcd267442e0571dd33ccd5146bc352ed42b59800c9d166c8c1ede61469a00a4e8d3738d937502584e8a1b72485

Download Submit
C:\Users\Admin\Pictures\jM1x5CU8lok6zxHhuYVv8JeL.exe

Filesize
4.1MB

MD5
33e2408ab2f3f47b3ad395d65edba49e

SHA1
b86af85e8e438c12c7abd1b047edd229cf67219b

SHA256
2652450865e1ce350dd9674cb08100d68e4018bf5b6f74720c57e03f5ad98c23

SHA512
d7e4fc31361b2933a0ad1aa3a4020452b7d84232eb5ecba411edaf68c6041242d6b3677bf25393965a5b54b555cf4307d2984aa1423afcbebff9833bdd5905fc

Download Submit
C:\Windows\System32\GroupPolicy\gpt.ini

Filesize
127B

MD5
8ef9853d1881c5fe4d681bfb31282a01

SHA1
a05609065520e4b4e553784c566430ad9736f19f

SHA256
9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2

SHA512
5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005

Download Submit
memory/264-943-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-916-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-987-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-970-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-962-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-906-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-951-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-949-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-913-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-947-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-945-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-941-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-938-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-843-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/264-934-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-846-0x000002204EC90000-0x000002204ED74000-memory.dmp

Filesize
912KB

Download
memory/264-931-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-874-0x0000022067730000-0x0000022067740000-memory.dmp

Filesize
64KB

Download
memory/264-910-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-901-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-859-0x00007FFBD2560000-0x00007FFBD3021000-memory.dmp

Filesize
10.8MB

Download
memory/264-898-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-881-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-880-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-883-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-888-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-890-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-892-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/264-895-0x000002204EC90000-0x000002204ED70000-memory.dmp

Filesize
896KB

Download
memory/3024-1138-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/3024-831-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/3364-504-0x0000000002D00000-0x0000000002D16000-memory.dmp

Filesize
88KB

Download
memory/3616-1112-0x0000000000410000-0x0000000000939000-memory.dmp

Filesize
5.2MB

Download
memory/5576-1145-0x0000000000410000-0x0000000000939000-memory.dmp

Filesize
5.2MB

Download
memory/5832-908-0x0000000073170000-0x0000000073920000-memory.dmp

Filesize
7.7MB

Download
memory/5832-873-0x00000000027B0000-0x00000000027CC000-memory.dmp

Filesize
112KB

Download
memory/5832-842-0x00000000051C0000-0x00000000051D0000-memory.dmp

Filesize
64KB

Download
memory/5832-875-0x0000000004FF0000-0x000000000500A000-memory.dmp

Filesize
104KB

Download
memory/5832-834-0x00000000006E0000-0x000000000070A000-memory.dmp

Filesize
168KB

Download
memory/5832-839-0x0000000005010000-0x00000000050AC000-memory.dmp

Filesize
624KB

Download
memory/5832-833-0x0000000073170000-0x0000000073920000-memory.dmp

Filesize
7.7MB

Download
memory/5860-905-0x0000000005280000-0x0000000005290000-memory.dmp

Filesize
64KB

Download
memory/5860-900-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/5860-928-0x0000000073170000-0x0000000073920000-memory.dmp

Filesize
7.7MB

Download
memory/6112-1038-0x0000000000B40000-0x0000000000D78000-memory.dmp

Filesize
2.2MB

Download
memory/6364-671-0x0000000073170000-0x0000000073920000-memory.dmp

Filesize
7.7MB

Download
memory/6364-762-0x00000000077B0000-0x00000000077FC000-memory.dmp

Filesize
304KB

Download
memory/6364-668-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/6364-689-0x0000000007A00000-0x0000000007FA4000-memory.dmp

Filesize
5.6MB

Download
memory/6364-692-0x0000000007450000-0x00000000074E2000-memory.dmp

Filesize
584KB

Download
memory/6364-711-0x00000000075D0000-0x00000000075E0000-memory.dmp

Filesize
64KB

Download
memory/6364-726-0x0000000007530000-0x000000000753A000-memory.dmp

Filesize
40KB

Download
memory/6364-932-0x00000000075D0000-0x00000000075E0000-memory.dmp

Filesize
64KB

Download
memory/6364-755-0x00000000085D0000-0x0000000008BE8000-memory.dmp

Filesize
6.1MB

Download
memory/6364-911-0x0000000073170000-0x0000000073920000-memory.dmp

Filesize
7.7MB

Download
memory/6364-758-0x0000000007880000-0x000000000798A000-memory.dmp

Filesize
1.0MB

Download
memory/6364-759-0x0000000007700000-0x0000000007712000-memory.dmp

Filesize
72KB

Download
memory/6364-761-0x0000000007770000-0x00000000077AC000-memory.dmp

Filesize
240KB

Download
memory/6488-1156-0x0000000005ED0000-0x0000000005EE0000-memory.dmp

Filesize
64KB

Download
memory/6488-1159-0x0000000005ED0000-0x0000000005EE0000-memory.dmp

Filesize
64KB

Download
memory/6488-902-0x0000000073170000-0x0000000073920000-memory.dmp

Filesize
7.7MB

Download
memory/6488-907-0x0000000000FA0000-0x0000000001398000-memory.dmp

Filesize
4.0MB

Download
memory/6488-1102-0x00000000066E0000-0x000000000688A000-memory.dmp

Filesize
1.7MB

Download
memory/6488-1110-0x0000000006890000-0x0000000006A22000-memory.dmp

Filesize
1.6MB

Download
memory/6488-939-0x0000000005ED0000-0x0000000005EE0000-memory.dmp

Filesize
64KB

Download
memory/6488-1136-0x0000000006EA0000-0x0000000006EB0000-memory.dmp

Filesize
64KB

Download
memory/6488-1151-0x0000000005ED0000-0x0000000005EE0000-memory.dmp

Filesize
64KB

Download
memory/6536-780-0x0000000073170000-0x0000000073920000-memory.dmp

Filesize
7.7MB

Download
memory/6536-844-0x0000000073170000-0x0000000073920000-memory.dmp

Filesize
7.7MB

Download
memory/6536-781-0x0000000000860000-0x0000000001508000-memory.dmp

Filesize
12.7MB

Download
memory/6552-969-0x0000000005570000-0x0000000005592000-memory.dmp

Filesize
136KB

Download
memory/6552-937-0x0000000073170000-0x0000000073920000-memory.dmp

Filesize
7.7MB

Download
memory/6552-935-0x0000000004F00000-0x0000000005528000-memory.dmp

Filesize
6.2MB

Download
memory/6552-1010-0x0000000005890000-0x0000000005BE4000-memory.dmp

Filesize
3.3MB

Download
memory/6552-998-0x0000000005820000-0x0000000005886000-memory.dmp

Filesize
408KB

Download
memory/6552-996-0x0000000005740000-0x00000000057A6000-memory.dmp

Filesize
408KB

Download
memory/6552-914-0x0000000004740000-0x0000000004776000-memory.dmp

Filesize
216KB

Download
memory/6552-930-0x00000000048C0000-0x00000000048D0000-memory.dmp

Filesize
64KB

Download
memory/6652-799-0x00007FFBD2560000-0x00007FFBD3021000-memory.dmp

Filesize
10.8MB

Download
memory/6652-801-0x000001748FF60000-0x000001748FF70000-memory.dmp

Filesize
64KB

Download
memory/6652-790-0x000001748E1F0000-0x000001748E350000-memory.dmp

Filesize
1.4MB

Download
memory/6652-810-0x00000174A8BA0000-0x00000174A8C68000-memory.dmp

Filesize
800KB

Download
memory/6652-808-0x00000174A89D0000-0x00000174A8A98000-memory.dmp

Filesize
800KB

Download
memory/6652-793-0x00000174A8790000-0x00000174A8876000-memory.dmp

Filesize
920KB

Download
memory/6652-800-0x00000174A88F0000-0x00000174A89D0000-memory.dmp

Filesize
896KB

Download
memory/6652-849-0x00007FFBD2560000-0x00007FFBD3021000-memory.dmp

Filesize
10.8MB

Download
memory/6652-829-0x000001748FF00000-0x000001748FF4C000-memory.dmp

Filesize
304KB

Download
memory/7512-646-0x0000000000540000-0x000000000059A000-memory.dmp

Filesize
360KB

Download
memory/7512-645-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/7516-1105-0x0000000073170000-0x0000000073920000-memory.dmp

Filesize
7.7MB

Download
memory/7516-1103-0x0000000000F20000-0x000000000123C000-memory.dmp

Filesize
3.1MB

Download
memory/7516-1131-0x0000000005D70000-0x0000000005F32000-memory.dmp

Filesize
1.8MB

Download
memory/8140-412-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/8140-408-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/8140-409-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/8140-407-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/8164-506-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/8164-413-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download