mystic | d6aa1e5ac7278a8c9b114b93a299b4986e7746a52cd2cbba9737cd1019784520

Analysis

max time kernel
41s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
13-11-2023 01:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c948da84e336ddde18db89ad5bd132002e9393abb5c614d1d74c2005e358b36.exe
Size

1.4MB
MD5

47da995cd1ec9844afa37b1020042c24
SHA1

a52e4675ba91565e854d25c2953f3a22aadc03a1
SHA256

7c948da84e336ddde18db89ad5bd132002e9393abb5c614d1d74c2005e358b36
SHA512

b61c9e6107b1c67507a556b19da1f0d80c3800aebb8370d8abb36c301a700836a103c3be739da8a464d1a1a8000f349f7ad5e6227001c26a37d87c1394294dea
SSDEEP

24576:KyWGaUMSIAdBRN4FBuBeDIsRqNGGbSDTJDnX0PkVRE30sr/nwQqJVKTDBY9gzytI:RFaUMSD4bGesUKGZ3JDnXAXvTtY95

Score

10^/10

mystic redline smokeloader zgrat taiga backdoor infostealer persistence rat stealer themida trojan upx

Malware Config

Extracted

Family

smokeloader

Version

2022

http://5.42.92.190/fks/index.php

rc4.i32

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral1/memory/8960-358-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/8960-363-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/8960-364-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/8960-366-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Detect ZGRat V1 23 IoCs

resource	yara_rule
behavioral1/memory/4136-723-0x00000246EF410000-0x00000246EF4F4000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-736-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-737-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-748-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-750-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-752-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-754-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-756-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-758-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-764-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-775-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-771-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-761-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-784-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-788-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-790-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-792-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-794-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-799-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-805-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-812-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-808-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1
behavioral1/memory/4136-820-0x00000246EF410000-0x00000246EF4F0000-memory.dmp	family_zgrat_v1

Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 3 IoCs

resource	yara_rule
behavioral1/memory/6492-459-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline
behavioral1/memory/1712-547-0x00000000006C0000-0x000000000071A000-memory.dmp	family_redline
behavioral1/memory/1712-549-0x0000000000400000-0x0000000000467000-memory.dmp	family_redline

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
4376	xu2SR13.exe
2684	ce9oC33.exe
3040	yt9mu22.exe
2056	1qI47dy4.exe
4620	2Dk2204.exe
9184	7Db01uJ.exe

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x0006000000022df0-1094.dat	themida

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/7380-986-0x0000000000D40000-0x0000000001269000-memory.dmp	upx
behavioral1/files/0x0006000000022dc8-934.dat	upx

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	7c948da84e336ddde18db89ad5bd132002e9393abb5c614d1d74c2005e358b36.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	xu2SR13.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	ce9oC33.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	yt9mu22.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0007000000022cff-26.dat	autoit_exe
behavioral1/files/0x0007000000022cff-27.dat	autoit_exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4620 set thread context of 8960	4620	2Dk2204.exe	161

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
5624	8960	WerFault.exe	161
8156	1712	WerFault.exe	179

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	7Db01uJ.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	7Db01uJ.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	7Db01uJ.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
5900	msedge.exe
5900	msedge.exe
748	msedge.exe
748	msedge.exe
4100	msedge.exe
4100	msedge.exe
5332	msedge.exe
5332	msedge.exe
5212	msedge.exe
5212	msedge.exe
5828	msedge.exe
5828	msedge.exe
5264	msedge.exe
5264	msedge.exe
2840	msedge.exe
2840	msedge.exe
5612	msedge.exe
5612	msedge.exe
1292	msedge.exe
1292	msedge.exe
6776	msedge.exe
6776	msedge.exe
9184	7Db01uJ.exe
9184	7Db01uJ.exe
6280	identity_helper.exe
6280	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
2056	1qI47dy4.exe
2056	1qI47dy4.exe
2056	1qI47dy4.exe
2056	1qI47dy4.exe
2056	1qI47dy4.exe
2056	1qI47dy4.exe
2056	1qI47dy4.exe
2056	1qI47dy4.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2056	1qI47dy4.exe
2056	1qI47dy4.exe
2056	1qI47dy4.exe
2056	1qI47dy4.exe
2056	1qI47dy4.exe
2056	1qI47dy4.exe
2056	1qI47dy4.exe
2056	1qI47dy4.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe
1292	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 4376	2652	7c948da84e336ddde18db89ad5bd132002e9393abb5c614d1d74c2005e358b36.exe	91
PID 2652 wrote to memory of 4376	2652	7c948da84e336ddde18db89ad5bd132002e9393abb5c614d1d74c2005e358b36.exe	91
PID 2652 wrote to memory of 4376	2652	7c948da84e336ddde18db89ad5bd132002e9393abb5c614d1d74c2005e358b36.exe	91
PID 4376 wrote to memory of 2684	4376	xu2SR13.exe	92
PID 4376 wrote to memory of 2684	4376	xu2SR13.exe	92
PID 4376 wrote to memory of 2684	4376	xu2SR13.exe	92
PID 2684 wrote to memory of 3040	2684	ce9oC33.exe	93
PID 2684 wrote to memory of 3040	2684	ce9oC33.exe	93
PID 2684 wrote to memory of 3040	2684	ce9oC33.exe	93
PID 3040 wrote to memory of 2056	3040	yt9mu22.exe	94
PID 3040 wrote to memory of 2056	3040	yt9mu22.exe	94
PID 3040 wrote to memory of 2056	3040	yt9mu22.exe	94
PID 2056 wrote to memory of 2556	2056	1qI47dy4.exe	95
PID 2056 wrote to memory of 2556	2056	1qI47dy4.exe	95
PID 2056 wrote to memory of 4008	2056	1qI47dy4.exe	97
PID 2056 wrote to memory of 4008	2056	1qI47dy4.exe	97
PID 2056 wrote to memory of 4716	2056	1qI47dy4.exe	98
PID 2056 wrote to memory of 4716	2056	1qI47dy4.exe	98
PID 2056 wrote to memory of 3736	2056	1qI47dy4.exe	99
PID 2056 wrote to memory of 3736	2056	1qI47dy4.exe	99
PID 2056 wrote to memory of 412	2056	1qI47dy4.exe	100
PID 2056 wrote to memory of 412	2056	1qI47dy4.exe	100
PID 2056 wrote to memory of 1708	2056	1qI47dy4.exe	101
PID 2056 wrote to memory of 1708	2056	1qI47dy4.exe	101
PID 2056 wrote to memory of 1144	2056	1qI47dy4.exe	102
PID 2056 wrote to memory of 1144	2056	1qI47dy4.exe	102
PID 2056 wrote to memory of 1292	2056	1qI47dy4.exe	103
PID 2056 wrote to memory of 1292	2056	1qI47dy4.exe	103
PID 2056 wrote to memory of 1720	2056	1qI47dy4.exe	104
PID 2056 wrote to memory of 1720	2056	1qI47dy4.exe	104
PID 2056 wrote to memory of 3640	2056	1qI47dy4.exe	105
PID 2056 wrote to memory of 3640	2056	1qI47dy4.exe	105
PID 3640 wrote to memory of 764	3640	msedge.exe	117
PID 3640 wrote to memory of 764	3640	msedge.exe	117
PID 412 wrote to memory of 2088	412	msedge.exe	115
PID 412 wrote to memory of 2088	412	msedge.exe	115
PID 1720 wrote to memory of 1344	1720	msedge.exe	113
PID 1720 wrote to memory of 1344	1720	msedge.exe	113
PID 1144 wrote to memory of 3772	1144	msedge.exe	106
PID 1144 wrote to memory of 3772	1144	msedge.exe	106
PID 2556 wrote to memory of 4644	2556	msedge.exe	116
PID 2556 wrote to memory of 4644	2556	msedge.exe	116
PID 1708 wrote to memory of 4224	1708	msedge.exe	114
PID 1708 wrote to memory of 4224	1708	msedge.exe	114
PID 1292 wrote to memory of 3852	1292	msedge.exe	112
PID 1292 wrote to memory of 3852	1292	msedge.exe	112
PID 3736 wrote to memory of 2984	3736	msedge.exe	110
PID 3736 wrote to memory of 2984	3736	msedge.exe	110
PID 3040 wrote to memory of 4620	3040	yt9mu22.exe	108
PID 3040 wrote to memory of 4620	3040	yt9mu22.exe	108
PID 3040 wrote to memory of 4620	3040	yt9mu22.exe	108
PID 4716 wrote to memory of 2256	4716	msedge.exe	109
PID 4716 wrote to memory of 2256	4716	msedge.exe	109
PID 4008 wrote to memory of 2696	4008	msedge.exe	107
PID 4008 wrote to memory of 2696	4008	msedge.exe	107
PID 2556 wrote to memory of 5884	2556	msedge.exe	121
PID 2556 wrote to memory of 5884	2556	msedge.exe	121
PID 2556 wrote to memory of 5884	2556	msedge.exe	121
PID 2556 wrote to memory of 5884	2556	msedge.exe	121
PID 2556 wrote to memory of 5884	2556	msedge.exe	121
PID 2556 wrote to memory of 5884	2556	msedge.exe	121
PID 2556 wrote to memory of 5884	2556	msedge.exe	121
PID 2556 wrote to memory of 5884	2556	msedge.exe	121
PID 2556 wrote to memory of 5884	2556	msedge.exe	121

C:\Users\Admin\AppData\Local\Temp\7c948da84e336ddde18db89ad5bd132002e9393abb5c614d1d74c2005e358b36.exe
"C:\Users\Admin\AppData\Local\Temp\7c948da84e336ddde18db89ad5bd132002e9393abb5c614d1d74c2005e358b36.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\xu2SR13.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\xu2SR13.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4376
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ce9oC33.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ce9oC33.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\yt9mu22.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\yt9mu22.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1qI47dy4.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1qI47dy4.exe
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2056
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:2556
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe1de646f8,0x7ffe1de64708,0x7ffe1de64718
        7⤵
        
        PID:4644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,7345336775477204451,1220349200966974105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5900
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,7345336775477204451,1220349200966974105,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
        7⤵
        
        PID:5884
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4008
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x108,0x16c,0x7ffe1de646f8,0x7ffe1de64708,0x7ffe1de64718
        7⤵
        
        PID:2696
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,5336608934406923716,15311847951875393644,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5332
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,5336608934406923716,15311847951875393644,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        7⤵
        
        PID:5280
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:4716
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe1de646f8,0x7ffe1de64708,0x7ffe1de64718
        7⤵
        
        PID:2256
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,2274446805341676696,16484880904420426837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5828
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,2274446805341676696,16484880904420426837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        7⤵
        
        PID:5820
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3736
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe1de646f8,0x7ffe1de64708,0x7ffe1de64718
        7⤵
        
        PID:2984
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13725547098463332752,17229885292709098432,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        7⤵
        
        PID:2900
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13725547098463332752,17229885292709098432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5212
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe1de646f8,0x7ffe1de64708,0x7ffe1de64718
        7⤵
        
        PID:2088
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12237048410764719979,16761929748993850809,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5264
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12237048410764719979,16761929748993850809,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        7⤵
        
        PID:5268
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe1de646f8,0x7ffe1de64708,0x7ffe1de64718
        7⤵
        
        PID:4224
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,4970212865199763558,16518912829804133017,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:748
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,4970212865199763558,16518912829804133017,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        7⤵
        
        PID:4148
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1144
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe1de646f8,0x7ffe1de64708,0x7ffe1de64718
        7⤵
        
        PID:3772
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4225225814462078139,16114826686985108592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4225225814462078139,16114826686985108592,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        7⤵
        
        PID:6132
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
        6⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe1de646f8,0x7ffe1de64708,0x7ffe1de64718
        7⤵
        
        PID:3852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4100
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        7⤵
        
        PID:1356
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
        7⤵
        
        PID:5340
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
        7⤵
        
        PID:6480
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
        7⤵
        
        PID:6444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
        7⤵
        
        PID:7680
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
        7⤵
        
        PID:7968
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
        7⤵
        
        PID:6588
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
        7⤵
        
        PID:6100
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
        7⤵
        
        PID:6172
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
        7⤵
        
        PID:5904
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
        7⤵
        
        PID:8116
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
        7⤵
        
        PID:6324
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
        7⤵
        
        PID:7104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
        7⤵
        
        PID:8268
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
        7⤵
        
        PID:8296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
        7⤵
        
        PID:8860
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
        7⤵
        
        PID:8852
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
        7⤵
        
        PID:9012
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
        7⤵
        
        PID:9020
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8556 /prefetch:8
        7⤵
        
        PID:8712
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8556 /prefetch:8
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6280
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
        7⤵
        
        PID:8856
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7760 /prefetch:2
        7⤵
        
        PID:1332
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,17532142045004241352,6053622545181662672,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1
        7⤵
        
        PID:400
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:1720
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe1de646f8,0x7ffe1de64708,0x7ffe1de64718
        7⤵
        
        PID:1344
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11990829931543225302,9492291032047435193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5612
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11990829931543225302,9492291032047435193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
        7⤵
        
        PID:5204
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3640
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe1de646f8,0x7ffe1de64708,0x7ffe1de64718
        7⤵
        
        PID:764
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,3750968088832114486,3221146992560360587,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
        7⤵
        
        PID:6752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,3750968088832114486,3221146992560360587,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2Dk2204.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2Dk2204.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4620
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        6⤵
        
        PID:8960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 544
        7⤵
        Program crash
        
        PID:5624
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Db01uJ.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Db01uJ.exe
      4⤵
      Executes dropped EXE
      Checks SCSI registry key(s)
      Suspicious behavior: EnumeratesProcesses
      PID:9184
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8UI267eS.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8UI267eS.exe
    3⤵
    PID:8776
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:6492
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Au7uv0.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Au7uv0.exe
  2⤵
  PID:6664
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:7948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 8960 -ip 8960
1⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\3AF.exe
C:\Users\Admin\AppData\Local\Temp\3AF.exe
1⤵
PID:1712
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 784
  2⤵
  - Program crash
  PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 1712 -ip 1712
1⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\6048.exe
C:\Users\Admin\AppData\Local\Temp\6048.exe
1⤵
PID:760
- C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
  "C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"
  2⤵
  PID:9044
- - C:\Users\Admin\AppData\Local\Temp\Broom.exe
    C:\Users\Admin\AppData\Local\Temp\Broom.exe
    3⤵
    PID:6344
- C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
  "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
  2⤵
  PID:1676
- C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
  "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
  2⤵
  PID:6240
- C:\Users\Admin\AppData\Local\Temp\random.exe
  "C:\Users\Admin\AppData\Local\Temp\random.exe"
  2⤵
  PID:3216
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\random.exe" -Force
    3⤵
    PID:6308
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
    3⤵
    PID:6672
  - - C:\Users\Admin\Pictures\YxMYEMDDENNedgEkUpSIPZp3.exe
      "C:\Users\Admin\Pictures\YxMYEMDDENNedgEkUpSIPZp3.exe"
      4⤵
      PID:4960
  - - C:\Users\Admin\Pictures\xgXTJfcQEDGiiWucq3GCU7l7.exe
      "C:\Users\Admin\Pictures\xgXTJfcQEDGiiWucq3GCU7l7.exe"
      4⤵
      PID:1992
  - - C:\Users\Admin\Pictures\DdMSGeQ2dvHgsjkOxzAWQR2v.exe
      "C:\Users\Admin\Pictures\DdMSGeQ2dvHgsjkOxzAWQR2v.exe"
      4⤵
      PID:6096
  - - C:\Users\Admin\Pictures\qi7ciX5PBzUYXSCBwAIUllek.exe
      "C:\Users\Admin\Pictures\qi7ciX5PBzUYXSCBwAIUllek.exe"
      4⤵
      PID:8076
  - - C:\Users\Admin\Pictures\ijKr8iV5JRwN5VnF4iFVXYtw.exe
      "C:\Users\Admin\Pictures\ijKr8iV5JRwN5VnF4iFVXYtw.exe"
      4⤵
      PID:6332
  - - C:\Users\Admin\Pictures\FkN6M5z5fQtNEcmXH4okcbUx.exe
      "C:\Users\Admin\Pictures\FkN6M5z5fQtNEcmXH4okcbUx.exe"
      4⤵
      PID:7876
  - - C:\Users\Admin\Pictures\Kw1si2n1Gs09nnVlC1jVVGit.exe
      "C:\Users\Admin\Pictures\Kw1si2n1Gs09nnVlC1jVVGit.exe" --silent --allusers=0
      4⤵
      PID:7380
    - - C:\Users\Admin\Pictures\Kw1si2n1Gs09nnVlC1jVVGit.exe
        
        "C:\Users\Admin\Pictures\Kw1si2n1Gs09nnVlC1jVVGit.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=7380 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20231113014459" --session-guid=3d5c6795-9c3c-45ef-b43f-bcc153f648b1 --server-tracking-blob=MmVhMTczY2M3MTYyYTE1ZjMyNGU5NTg0ZTY1NTQyMjk5ODE3MjExODhiMzg1NDQ0NGNkMDE4ODNlMTBjMjk4OTp7ImNvdW50cnkiOiJOTCIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1ta3QmdXRtX2NhbXBhaWduPTc2NyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY5OTgzOTg4OS4wNTUzIiwidXRtIjp7ImNhbXBhaWduIjoiNzY3IiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoibWt0In0sInV1aWQiOiI1ODhiNzAzZS0zODJjLTRhMWQtYjY3NS1hYWNiZTNhYmE5NTUifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=9C05000000000000
        5⤵
        
        PID:7664
      - C:\Users\Admin\Pictures\Kw1si2n1Gs09nnVlC1jVVGit.exe
        
        C:\Users\Admin\Pictures\Kw1si2n1Gs09nnVlC1jVVGit.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=104.0.4944.54 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2c0,0x2fc,0x6aa65648,0x6aa65658,0x6aa65664
        6⤵
        
        PID:6764
  - - C:\Users\Admin\Pictures\qcmiYicqtAEqocACLdYyofdE.exe
      "C:\Users\Admin\Pictures\qcmiYicqtAEqocACLdYyofdE.exe"
      4⤵
      PID:6912
  - - C:\Users\Admin\Pictures\Zq1fWQGMgPcL1TDBECZ1ShOq.exe
      "C:\Users\Admin\Pictures\Zq1fWQGMgPcL1TDBECZ1ShOq.exe"
      4⤵
      PID:8920
- C:\Users\Admin\AppData\Local\Temp\latestX.exe
  "C:\Users\Admin\AppData\Local\Temp\latestX.exe"
  2⤵
  PID:4720

C:\Users\Admin\AppData\Local\Temp\6682.exe
C:\Users\Admin\AppData\Local\Temp\6682.exe
1⤵
PID:8900
- C:\Users\Admin\AppData\Local\Temp\6682.exe
  C:\Users\Admin\AppData\Local\Temp\6682.exe
  2⤵
  PID:4136

C:\Users\Admin\AppData\Local\Temp\85B4.exe
C:\Users\Admin\AppData\Local\Temp\85B4.exe
1⤵
PID:5452
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  2⤵
  PID:8240

C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\Broom.exe
1⤵
PID:7548

C:\Users\Admin\Pictures\Kw1si2n1Gs09nnVlC1jVVGit.exe
C:\Users\Admin\Pictures\Kw1si2n1Gs09nnVlC1jVVGit.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=104.0.4944.54 --initial-client-data=0x2e0,0x2e4,0x2e8,0x2bc,0x2ec,0x6b7a5648,0x6b7a5658,0x6b7a5664
1⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\Kw1si2n1Gs09nnVlC1jVVGit.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\Kw1si2n1Gs09nnVlC1jVVGit.exe" --version
1⤵
PID:8540

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
1⤵
PID:1884

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
1⤵
PID:8004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\291674b1-dd3c-420d-b1ca-122f53d31c68.tmp

Filesize
2KB

MD5
586d85cb6f0ce478e2b9cf79eb62314d

SHA1
09ec0ff15f9e750cea8b4051bfe3cfae919e6ecb

SHA256
45ad3a0c8d382669b0be5b147f8168891006db337c4e1d8effad80b00cc5de4e

SHA512
7c98481b18a277c98d5e3cf8ec29aac6e7ac505a83481e89a953172d2a35ce1d12ab88e64323fbf0dacb54b54e9e39a96f1bbcb489dcafb1303536880b335e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a87c8dba0154bb9bef5be9c239bf17

SHA1
1c653df4130926b5a1dcab0b111066c006ac82ab

SHA256
5071c9de822e09f2182f66ab806551c02f87e20d160a4923ca1d9763194f2cb5

SHA512
bb4f876fc8a88e480d2d82062b003d2769b75a6cb1a960173bd6b34925a27b1189402677d9124b6445ded6edc3a07ff0e314b71150684e96bc6614185c2e2f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4787679d96bf7263d9a34ce31dea7e4

SHA1
ebbade52b0a07d888ae0221ad89081902e6e7f1b

SHA256
bfcadaffd49f5351acf68b8249b32270424bc2459125818492cd3224662a9a87

SHA512
de3f3d1cd602bddb664bd0d2aecb661204dd239b278b1f03d6b9dca6f3d03bd3041ac42f4382f5edf5b310b17ff9ecddff59f16729e8c095625040a364252307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3da7ee7f-1ddc-4495-94a1-cf1b897fe57b.tmp

Filesize
7KB

MD5
487c3b38340bc8ae5247b983c6272290

SHA1
b1f1fb86aee326a10a330e2dfc41fc9e0546c986

SHA256
36c24bfe86728c0af2666f804dfa7d6f3122a29bda369c548c1abd142fd73585

SHA512
1883cca703fcd6d0824b393612fa68641c48a94a571263ba539c8b076c56faffc881bacebed1652582519002a0f8f3b1a074f2802b0cb96a088d493c512cf35b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
33KB

MD5
fdbf5bcfbb02e2894a519454c232d32f

SHA1
5e225710e9560458ac032ab80e24d0f3cb81b87a

SHA256
d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c

SHA512
9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
224KB

MD5
4e08109ee6888eeb2f5d6987513366bc

SHA1
86340f5fa46d1a73db2031d80699937878da635e

SHA256
bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339

SHA512
4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
8abc3ff9d1cf216f4b2022120b382f70

SHA1
4a74a8972c0bec35eb1f6214e9cc9d507e6091b0

SHA256
2c054fbc846f4e2e49a132ceadab81f9916a34406eb75c1370c1a15b03229df0

SHA512
1bf615e54cd1902a5febce024c33f8f99560c3d9ecb721735b5d31744166efa0a1f18aafd86c041a5292f44d684d3f6de738bec5874d300f40dec972e72f0188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2ef914c610958078d374d2dc21661630

SHA1
018120239e7785996a642c7c7268493cd9ba0a08

SHA256
c517bda84d16872d1e102886abfbd0b4e3cbd6a8137a6aba4a7541db19461071

SHA512
84ae89f1879fbaa1bff1596f2952affb1a6e4c124f001c34371aaba92759bfa0b8a9c443409e7c8fb4daaf77860c4cfa11337cc2a84a76d3ab7078e5cd7a706e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3a748249c8b0e04e77ad0d6723e564ff

SHA1
5c4cc0e5453c13ffc91f259ccb36acfb3d3fa729

SHA256
f98f5543c33c0b85b191bb85718ee7845982275130da1f09e904d220f1c6ceed

SHA512
53254db3efd9c075e4f24a915e0963563ce4df26d4771925199a605cd111ae5025a65f778b4d4ed8a9b3e83b558066cd314f37b84115d4d24c58207760174af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a09baa95df61293d0d0e74c0969ecaf2

SHA1
b57598bf3579d7139b400e1b587136068c4a54ff

SHA256
7d3f707222b65d06217f14fc36b3790a84215eeea065bde3cc4db54611b15b5d

SHA512
f7bcd5ecb2d6aad71de2acd764727ad757a875fda557560fab6f0b7fb2c43b2986927cd9641f2d432f66260b2b3f35f3f26f478684891152d12a7514553d4a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
952eac8dfef481c51ffd3a207996d73f

SHA1
deee4c7c97c4ff25343c901b0ed8ad8b7c15bb13

SHA256
5b56abd5ceccff5f85eca969a7e99e1c485ea26af06bd75f4b1988daa43c9462

SHA512
8103b8cc9b5b2afa59ce56ea5a2771bd1a52942c7afe496af92dafd2460b68d2132a86359f99ee427bb8e0e27f01116a677d663af88cfe821a075aae7c83e4b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
83cfdccf6128040b994448956cbab73d

SHA1
be5b7e8cec23740d0bf103b8978a332fc933733b

SHA256
f0c67386b3a6c8c433ce422b11d8648e00bdad07c8466e7958cc185f217662d3

SHA512
d5f7e7191224a2e4b21d4112f9bb45390010fba3dc3bdd3a554a0b7d6506d5b7144c38126cde1b417e7e5d591dd0a91ad55d9e1ca0a3736463f63c5c62dbba21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c35890dc44dc0c7e737003a93e7e2bd1

SHA1
ecf19cc821423612fa7a06af1eb3893b4aa73a08

SHA256
b34135c4e1094720be9bb1415c11997d4e33b2a005d893c905cf19453ec5ee40

SHA512
887a5b7d78475f0c6c6e315fb7f35ec6b1e2e77a8d910a35024782983faf17d18df901556d8cf0014e0aa440e4dac55c56a18f177f2bf199f6493093213a8332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d9d7405e1ad83802f718a97d9d12b851

SHA1
92b9fe35bf095a5310a920671a7ac17b690506fd

SHA256
a7003af23063a8a0ecf5d9296b1a41e0fe538cec540a40976815fe5258ea0cd5

SHA512
94332811cb4c440b6133f11e9979e4da54eb5e295da4a8d13d27b95cf9a440d307a5938f08ea44d28fcd40e76f28321298d7a7051c515d624ed198d1598d1267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
07b1d9619c4319696803b9d57b1f8d00

SHA1
579f4be456cf4ad7b0d76d571414c7a5455e3b15

SHA256
46b3ce3818c7ddea4b8bdcfc1c76eeccf38abffcc574a4d67d2d2edef6554cae

SHA512
78a39633089178a0a4496999bb1b4698526b248010cad246e7c9ddc8271a0975c383ecefe4093fe396ac96bd8c7ef96f6d95698d6e9c67d686e59c1f81ed2ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b7df8f6a66ee63fcafdd85c276cfd1e3

SHA1
41c3bd776688ce507a8f3c25151aaa003a47d315

SHA256
de96c6ae5ea576734e7907a5d1424c0051698560a55c7802995efc3b686555b2

SHA512
2fa72d1479ea19bfff674e8cd2f68866ca880120ec7fe54df297dc18da881ef48e73101ccd2de5d7917e6d288930723e2575fc5b25bd43b8d587b18f985823e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3fe0eba1030f9d6ce83b28c00681db7

SHA1
048eeeeef34abbef57dcdc69da0547fb65800fa2

SHA256
4bc300a2bf37413cb7fdbc10b7c88318186ee22286ea0533feb69eb0f1aa6832

SHA512
01d28d7b682b8d041d6986c025f25d077ab8553557e8e8bf2624fa1a41ce9cef5b0d604ae855c2430080c3b98f164833a629f034f7c0938bd0ec009132039fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b34d.TMP

Filesize
1KB

MD5
d0dd8b4d8abc3402d71f263473b7e0dc

SHA1
0f003afd659c259bbd14f37f056d8413ed42a366

SHA256
39db58c90e868cc524cbea6970ab585d75cd68fd88577d2b5b1ce07cf10c804b

SHA512
2418e05c2172a1fcc1b7d7eeb5e321bee04b4f4a297f215d75485a76f436fffc77b1cf0cda3e2377065ed3e3be7c558815f9de67ec9a44e6aa5ab51ed316c4aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f51b7638-0b6d-4a85-aa06-7ec949f67d60.tmp

Filesize
5KB

MD5
22e945ee66a2697baf5e11c68a4b1ebe

SHA1
16f422aa9a79120888d8608280c1343fc8eba533

SHA256
058f9b3c891a4bdd97bbebbecad24b5032eedd57c4e650032e592fcadc28e709

SHA512
df80a673c54085003366b87390310532e1a96edf279de15233d06dd2598b26229206fe1e53e3157adb74faa1d485f3168bf74882093f25c97f2d9801b62e8cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
c595eaaf9e8b689bfba2091cb45f0bfc

SHA1
e18107452cdded96f370bc49cc79395230e0cd88

SHA256
b041c614b28122d473c9c790323d6f6fcd52d6357dbab749839b8f9fd9ddd0fc

SHA512
40c9b965b0a2e5b4b1b77edba83bfe027ce3a94ad2d617a76852864cdbe157ab3e00c002ad86a76401fe65c55317cfa99c39d9dfe46fc10434ae107a7afd28e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
c595eaaf9e8b689bfba2091cb45f0bfc

SHA1
e18107452cdded96f370bc49cc79395230e0cd88

SHA256
b041c614b28122d473c9c790323d6f6fcd52d6357dbab749839b8f9fd9ddd0fc

SHA512
40c9b965b0a2e5b4b1b77edba83bfe027ce3a94ad2d617a76852864cdbe157ab3e00c002ad86a76401fe65c55317cfa99c39d9dfe46fc10434ae107a7afd28e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
977c55e419a67d0aa50baf85782aa115

SHA1
2bd1c123413b0ad5fa5f1fd28d4ca461bca5e99b

SHA256
c2a42aac847704e6a1fa5d29926a14f5d6e2643a305af96f9be38e3d720e5f4a

SHA512
784f1c1d721595e4f69a62dcc6fc3068c38f20c08e9a5f4657de86d75a961471957b463a1709367e07b016d602c6f2bca3307859419afb6cb476892c77849107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
513bbd1f0037c323f4d1b2fe8dd4b7a2

SHA1
d0bfe20eeae8f630834846923431b31e51a6d572

SHA256
b24f7837f735adbbf2d5df8da4a76d8291cec475ff3ce5e77cc3080b210b5a20

SHA512
6a2d154a0179665a13548db9705c83e8af4cfadefdffcadfcbaf681c6d51ccdc59857f2197d86cec868c3f6e10a7da786b0a7ae04e746f8c38c244430fef20ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
5912ef7ede983aab6b43add8d8d9190e

SHA1
f94b4e4a0456e31f558f43a0a59e61e51da37367

SHA256
dcb6574f56bcec002e1766a88c9cd35d71a833c11051ba848da5d04c731cbc82

SHA512
4a0235b2b6cbff68d1e6e18ac2d66a0f718f78a73233c3a57c2c73ab6267d5eaedcab4d90cb6f0d598d47426b015d1768e803c76bdcb2e1ff101233f28e316f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
5912ef7ede983aab6b43add8d8d9190e

SHA1
f94b4e4a0456e31f558f43a0a59e61e51da37367

SHA256
dcb6574f56bcec002e1766a88c9cd35d71a833c11051ba848da5d04c731cbc82

SHA512
4a0235b2b6cbff68d1e6e18ac2d66a0f718f78a73233c3a57c2c73ab6267d5eaedcab4d90cb6f0d598d47426b015d1768e803c76bdcb2e1ff101233f28e316f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
586d85cb6f0ce478e2b9cf79eb62314d

SHA1
09ec0ff15f9e750cea8b4051bfe3cfae919e6ecb

SHA256
45ad3a0c8d382669b0be5b147f8168891006db337c4e1d8effad80b00cc5de4e

SHA512
7c98481b18a277c98d5e3cf8ec29aac6e7ac505a83481e89a953172d2a35ce1d12ab88e64323fbf0dacb54b54e9e39a96f1bbcb489dcafb1303536880b335e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
1ba42656ad7ba9438f099b8d2ef7ec17

SHA1
2c166bdea9fd480ec98297d7d625807540bc8e03

SHA256
f8373f06b1cc59211fe75e84b275bf3ec7c89578149bd33da8110dfdf439effe

SHA512
586f2beb50dfdf58178499ec596e2584f015f552e9b21c7c3f418efdfc85424e619274764b3fe7e1b545f7f3cb5226bf11c5fcd8a3cc3efa3b19efc4bc15e296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
1ba42656ad7ba9438f099b8d2ef7ec17

SHA1
2c166bdea9fd480ec98297d7d625807540bc8e03

SHA256
f8373f06b1cc59211fe75e84b275bf3ec7c89578149bd33da8110dfdf439effe

SHA512
586f2beb50dfdf58178499ec596e2584f015f552e9b21c7c3f418efdfc85424e619274764b3fe7e1b545f7f3cb5226bf11c5fcd8a3cc3efa3b19efc4bc15e296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e4c5e3bb61c7178655b7b5e6a86b0637

SHA1
d19bd4b3a5ad612d3fc3e03e9645da882d524d27

SHA256
1bb6c6376f5bc89fb1565eec9f3695c6f8c61ca6a57afc11752b1a77d1476fe8

SHA512
e8d9c9030bec585ced6ebeb1404b32f25db66312fcca835275bd55d685bd5d681ba685c8d216705016d3ff3123668f769b80d010e4305757fc25c5ac2516e901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e4c5e3bb61c7178655b7b5e6a86b0637

SHA1
d19bd4b3a5ad612d3fc3e03e9645da882d524d27

SHA256
1bb6c6376f5bc89fb1565eec9f3695c6f8c61ca6a57afc11752b1a77d1476fe8

SHA512
e8d9c9030bec585ced6ebeb1404b32f25db66312fcca835275bd55d685bd5d681ba685c8d216705016d3ff3123668f769b80d010e4305757fc25c5ac2516e901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
3d9447c061799b2eb69ecd77861b427d

SHA1
2ad4db9129679c8e120bfb9dcdf552d34fd1dd59

SHA256
132953aec7090bf7cdd66e7214a291d607d4a192b4c6424987937a702bc575a6

SHA512
933a4a28287b0c4594cc733b333d966858fda8b0d24c1c4834dbe664856014f1970837a4fc8fe33847e31b863bb6bc6e55f5155adb333b7ab280aa8d45953120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
3d9447c061799b2eb69ecd77861b427d

SHA1
2ad4db9129679c8e120bfb9dcdf552d34fd1dd59

SHA256
132953aec7090bf7cdd66e7214a291d607d4a192b4c6424987937a702bc575a6

SHA512
933a4a28287b0c4594cc733b333d966858fda8b0d24c1c4834dbe664856014f1970837a4fc8fe33847e31b863bb6bc6e55f5155adb333b7ab280aa8d45953120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
68b77a37008ed5aae148c011a1f49765

SHA1
2af4ad68d230066db88ca46de0d7288d12986b4e

SHA256
106213e52306d93abdbacf24a554cf080eb0fe584faf91533c6af3bf8f6e94bb

SHA512
135b5fdebc80ddd378e7620ff8a5af852a5fe12934969a2bf94d9f07b24d0943d961d9314419a75c7bde4e784c7c7286ca818f543d3f2dcf42eec96ddfb362ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
68b77a37008ed5aae148c011a1f49765

SHA1
2af4ad68d230066db88ca46de0d7288d12986b4e

SHA256
106213e52306d93abdbacf24a554cf080eb0fe584faf91533c6af3bf8f6e94bb

SHA512
135b5fdebc80ddd378e7620ff8a5af852a5fe12934969a2bf94d9f07b24d0943d961d9314419a75c7bde4e784c7c7286ca818f543d3f2dcf42eec96ddfb362ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9a838a50509306d019fba9d0dba30ebe

SHA1
fc98e846bdd23e6445beefd6472dc9e02160ad49

SHA256
87981ae33dcd176c299e70ad6613ff6dbd09b86cd6e74a7581672da77e6b276c

SHA512
667da13917b6391632853afd394ec12a50aace797b420e0ea57d1f1bda95a38a118f4c7b254c17a5c4ab5a99ee67276e772fdb996214e160e89d59347a78f26e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8423f7705baadf16b2ba861873ee51e8

SHA1
9e3c0cfa95d92614df54881dc1f427ffdac03760

SHA256
efc1ca94b2db8124bb552f5a785c68bfb4c30050e96755c093b79e9f5fa9e731

SHA512
8702b3a5268718062ced8e6972dfebedd0a0757b7e29e1703cb48a2c3818e231309da75c96aceb0377ff9970d2b015e66dff5a7b235e73b0841cb15fe3f372fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\df95999d-ff8c-48f2-af71-cd122b085160.tmp

Filesize
2KB

MD5
513bbd1f0037c323f4d1b2fe8dd4b7a2

SHA1
d0bfe20eeae8f630834846923431b31e51a6d572

SHA256
b24f7837f735adbbf2d5df8da4a76d8291cec475ff3ce5e77cc3080b210b5a20

SHA512
6a2d154a0179665a13548db9705c83e8af4cfadefdffcadfcbaf681c6d51ccdc59857f2197d86cec868c3f6e10a7da786b0a7ae04e746f8c38c244430fef20ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ee55f90d-42ba-4675-ae73-a55497d9afb2.tmp

Filesize
2KB

MD5
9a838a50509306d019fba9d0dba30ebe

SHA1
fc98e846bdd23e6445beefd6472dc9e02160ad49

SHA256
87981ae33dcd176c299e70ad6613ff6dbd09b86cd6e74a7581672da77e6b276c

SHA512
667da13917b6391632853afd394ec12a50aace797b420e0ea57d1f1bda95a38a118f4c7b254c17a5c4ab5a99ee67276e772fdb996214e160e89d59347a78f26e

Download Submit
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Filesize
4.1MB

MD5
df8a130ef93c8922c459371bcd31d9c7

SHA1
7b4bdfdabb5ff08de0f83ed6858c57ba18f0d393

SHA256
0a394d266e36ef9b75ae2c390a7b68fa50e5188b8338217cf68deda683c84d40

SHA512
364f4c1cb242115266eea05a05bdc1068a6ce7778ae01f84dc3e570acbf5cda134f15e0addd2c7818fba326708b30362f29279e0ce96db51a8db73729f4af99a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\xu2SR13.exe

Filesize
1.0MB

MD5
bde22d62a9c5f8528eefcb8cb52ea2df

SHA1
08ced093a8c3397d841fa862f4725ed782f18d3e

SHA256
6fe4dc0a5488b625885019c47eed727ca2373f66714e7a20aab3950838e68fc2

SHA512
5d454700cf6b2f5712949c3a57a8ad1ff53df6fa32c2693c7c33a202494e1a27bca660b65c95314f54e46114ec4af2d49fe4db3bc46563874bc62d5a81b0e9c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\xu2SR13.exe

Filesize
1.0MB

MD5
bde22d62a9c5f8528eefcb8cb52ea2df

SHA1
08ced093a8c3397d841fa862f4725ed782f18d3e

SHA256
6fe4dc0a5488b625885019c47eed727ca2373f66714e7a20aab3950838e68fc2

SHA512
5d454700cf6b2f5712949c3a57a8ad1ff53df6fa32c2693c7c33a202494e1a27bca660b65c95314f54e46114ec4af2d49fe4db3bc46563874bc62d5a81b0e9c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ce9oC33.exe

Filesize
799KB

MD5
b6bcdda507a93e78860e1f48acef0610

SHA1
0d52291d8410ded4003b78bf660c6deb72266847

SHA256
e0f30b8c0a4c09f04636cbdb31b2cb33d8283b8d3c346fc726a27601df175c38

SHA512
d0d7ce08569e767b25bb9cdceaaf52d1715ef27edd6c8b19ba9ffe3cdf39f7415ebc8b81512504cdabe3506da98cc6b671806a4e82b1d097f99a491237a85420

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\ce9oC33.exe

Filesize
799KB

MD5
b6bcdda507a93e78860e1f48acef0610

SHA1
0d52291d8410ded4003b78bf660c6deb72266847

SHA256
e0f30b8c0a4c09f04636cbdb31b2cb33d8283b8d3c346fc726a27601df175c38

SHA512
d0d7ce08569e767b25bb9cdceaaf52d1715ef27edd6c8b19ba9ffe3cdf39f7415ebc8b81512504cdabe3506da98cc6b671806a4e82b1d097f99a491237a85420

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\yt9mu22.exe

Filesize
674KB

MD5
eb99d28329517fe972dfdd0ba55c1b8d

SHA1
08ad7838967994b501a4288c80b6a29ad165d73a

SHA256
6c889d64f732aedf770f5d8a055843e0f314a0ebed7fe51520fb31a841cbac57

SHA512
c888ae0aa16c284326c6423f42cf9e681444c37d22aec47c2b5a5cf8188d1018cc4b936f1af76fcf905487973391f9447a1e916a958ed94d62a5f8abb1ce2fc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\yt9mu22.exe

Filesize
674KB

MD5
eb99d28329517fe972dfdd0ba55c1b8d

SHA1
08ad7838967994b501a4288c80b6a29ad165d73a

SHA256
6c889d64f732aedf770f5d8a055843e0f314a0ebed7fe51520fb31a841cbac57

SHA512
c888ae0aa16c284326c6423f42cf9e681444c37d22aec47c2b5a5cf8188d1018cc4b936f1af76fcf905487973391f9447a1e916a958ed94d62a5f8abb1ce2fc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1qI47dy4.exe

Filesize
895KB

MD5
7951f37dc1b8dfc2911b2d96a1990ef3

SHA1
ce0a6307dfee36172a62d40146b88170b03e4076

SHA256
045834513dcd1c8df0daf24a86b5af934a5a2fd7fa3763760869eb373a314fa1

SHA512
6217f38e9d9c05944778c2804fb555a4c9a6996470621e1e94434815a52df27cf09e813e94c705fec1d40233de1627c2a0c24c6c0a6499e07da0795407ab0f75

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1qI47dy4.exe

Filesize
895KB

MD5
7951f37dc1b8dfc2911b2d96a1990ef3

SHA1
ce0a6307dfee36172a62d40146b88170b03e4076

SHA256
045834513dcd1c8df0daf24a86b5af934a5a2fd7fa3763760869eb373a314fa1

SHA512
6217f38e9d9c05944778c2804fb555a4c9a6996470621e1e94434815a52df27cf09e813e94c705fec1d40233de1627c2a0c24c6c0a6499e07da0795407ab0f75

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2Dk2204.exe

Filesize
310KB

MD5
a24639301d9a46dd6863f2ccbac7a095

SHA1
8fb08b0c97874831ff319ef63300e408b90cbeed

SHA256
49b28438d1c8824f2497aff311329467c5d920aaf1ae1a78239391b4fbcc7681

SHA512
51e3107af0afb2dfe8f90e47d59c3ddb3578c6fad764c22a144f9b56f8bd839f6543c4d7606255451d7f1e79a481f0b63a4d5743bba5308939a8ce9a09b59d29

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2Dk2204.exe

Filesize
310KB

MD5
a24639301d9a46dd6863f2ccbac7a095

SHA1
8fb08b0c97874831ff319ef63300e408b90cbeed

SHA256
49b28438d1c8824f2497aff311329467c5d920aaf1ae1a78239391b4fbcc7681

SHA512
51e3107af0afb2dfe8f90e47d59c3ddb3578c6fad764c22a144f9b56f8bd839f6543c4d7606255451d7f1e79a481f0b63a4d5743bba5308939a8ce9a09b59d29

Download Submit
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

Filesize
2.5MB

MD5
f13cf6c130d41595bc96be10a737cb18

SHA1
6b14ea97930141aa5caaeeeb13dd4c6dad55d102

SHA256
dd7aaf7ef0e5b3797eaf5182e7b192fa014b735e129e00e0c662829ce0c2515f

SHA512
ccd4f57b1af1f348fcf9f519a4789c04b499ac5e02ccb7333d0a42fa1cb1fdf9f969103b3a5467e278cd5c6cbbbbebaac4577d0c220e13335575a13408c79b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2311130144566758540.dll

Filesize
4.6MB

MD5
0d2cf5e6c13d156467618f37174dd4b5

SHA1
a324c41cbbf96e458072f337a2ef2a61db463d60

SHA256
1845335f4172bd93f2011ff12da6f3d2f99d33740cc1f3ab2201b8205cb773b6

SHA512
f2af281d0702aab8984de88376986f09efc1f4c891353bc6bd4f2c40576ae33858912261502c78b5e0fa92f255a992d4532cf9a9e76a53b46ea263a6b60e2cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pohvlswf.x00.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\latestX.exe

Filesize
5.6MB

MD5
bae29e49e8190bfbbf0d77ffab8de59d

SHA1
4a6352bb47c7e1666a60c76f9b17ca4707872bd9

SHA256
f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87

SHA512
9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\random.exe

Filesize
141KB

MD5
326781a332c7040492dc96b13fb126e5

SHA1
d03d8e89a6c75a14f512eeabf180a2f69d30e884

SHA256
0f09f8f60741e8b3c28dc927ff1b3318d8faa623d641704b605bc38142f54f28

SHA512
e701babafad09f1115511949f3061275bc6fbc54756d40f038aa9be708ff06736413367395bff7e157035aa9260ada439ad9a8d4c2c48c14de94c42f6ec0c2bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

Filesize
221KB

MD5
82cd8d85dc427bfd991758f573525d23

SHA1
8a9f53dced366c5afb0e2a26186059fc34f9423d

SHA256
728a6f117ca91dfa121d74832b9eac2b995ec9887700c7832603730e0300bf4b

SHA512
422ecd38f2d744138dbc9994756407c4bccb9d539cda18bcf873824d1658c9fd264f31af356e171ff728e98d1a90e88af776b238b8fb7d4b4102ff9a8cc10e8a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
c3cdb14ab3f1556bdf789afa6926a2ec

SHA1
e6fb836493723d2f09921f38177b86fc3930339b

SHA256
d3bbf2b538bbc418d6abf468440f91e2cd7e40cf625bc9ab6d06b4f137db7129

SHA512
eeb171bdc0e4a0ad81477df3ddbf71c8f381f2c813a7846175978d40d4f5acbe36ee88f53a691dddd63e6dcc4878216f00332a248e88bb4178331d34737a7077

Download Submit
C:\Users\Admin\Pictures\DdMSGeQ2dvHgsjkOxzAWQR2v.exe

Filesize
4.1MB

MD5
05f8fedb9b645fd9a172f7bd0fa29928

SHA1
edd75603b440bf1cd6ca7791de0f2701278098b3

SHA256
2d34fe146d8502ccc47c98f70b4bdd1c5576994d1265fe1415af6444d8b54a41

SHA512
9c6797c0ccecf9a27cd5eb7092e0355c0b185794b177321fa299294b846cc0a8ee47f16ad7cbba1a0e85e3c6683ccefb917dc52b9117f7ce167345afdc3dab12

Download Submit
C:\Users\Admin\Pictures\FkN6M5z5fQtNEcmXH4okcbUx.exe

Filesize
3.1MB

MD5
823b5fcdef282c5318b670008b9e6922

SHA1
d20cd5321d8a3d423af4c6dabc0ac905796bdc6d

SHA256
712f5bb403ca4ade2d3fa47b050aac51a9f573142fd8ba8bf18f5f8144214d8d

SHA512
4377d06a71291be3e52c28a2ada0b89ff185a8887c4a75972cdc5e85d95da6538d1776bc49fb190c67b8e6497225f1d63b86793f4095c8fb990a5f6659216472

Download Submit
C:\Users\Admin\Pictures\Kw1si2n1Gs09nnVlC1jVVGit.exe

Filesize
2.8MB

MD5
b3ab0a92dd5c9c3db0592d31dd0c22e2

SHA1
09f3b19213ba8a43754ebf8f3e52cd12dcbb557b

SHA256
6266ea1f6130fc43319746c052bdb80e60898a851858034d3745a6f691f178bd

SHA512
536b7de831943b388b9a07aa9ded66be62de5c06eb671590f13909222c67f96bb603d40c425c78fa167f04cf329f252e1b53602e9295f66cf5e9df15da8a40ab

Download Submit
C:\Users\Admin\Pictures\YxMYEMDDENNedgEkUpSIPZp3.exe

Filesize
145KB

MD5
90dd1720cb5f0a539358d8895d3fd27a

SHA1
c1375d0b31adc36f91feb45df705c7e662c95d7d

SHA256
e69a88b0f9ec61f4acf22f9a3d96f60eb3a04db58a74eb4315700ac465de9e01

SHA512
c6e3f1e03f93f6aaa1b93bca21f3a93d6539ede45b06869d3a1daf983d5f1c68bc7e8895126b3d02d4b85854ac3991ecada77ddff2cbdc81c1e93f1f12c4ada1

Download Submit
C:\Users\Admin\Pictures\Zq1fWQGMgPcL1TDBECZ1ShOq.exe

Filesize
4.8MB

MD5
ff6c6212c086b2ea7bb1537a6e9b0abb

SHA1
f058d292f83c16450af74d870056cb742d23b3a3

SHA256
1abe626a7cbd4639f1ba56a6c4dab7f2dd9ad08396eb80ee4a21b0f7ef69d875

SHA512
3b495b12a67cc1cfb73a195ffe62bcccd3d8cf7a8abe556f493d74c835e453b8ad80529b4a24150b25c0eee2807d5fc9e0d43f572869a926435017311cdd97d5

Download Submit
C:\Users\Admin\Pictures\ijKr8iV5JRwN5VnF4iFVXYtw.exe

Filesize
4.1MB

MD5
1aa4b7fe66f4cdeab235562d59d08f87

SHA1
69cc7fbf494b89bdf329bd5036bb8039596e0184

SHA256
741891f7a8dd46182ae9925663d89a5b5e74f93ecf1e773bc30fe96f8e09ffbe

SHA512
4532660a5ddbd0f2f8d52de8533565539ec63651f8d3a1ef942f1cd8fbe5ad5ca0cae5ddb65debe4b82d03ab14ee0fca8f407df62c55efe69e316f3a383c7a5f

Download Submit
C:\Users\Admin\Pictures\qi7ciX5PBzUYXSCBwAIUllek.exe

Filesize
5.2MB

MD5
9873907d252dcecd6baea9a11ac4b0da

SHA1
102562c75d3dbb2c9b2922674f83c5f0f36e3d0c

SHA256
a5c68511132b9590f0d60bc6fa5f43999c25d636d0b29aae1ff3787688907fe7

SHA512
2054607e09f31d65060a8b8205755f785b5ea0be9b248977b00fa95ed2938313309876d91b7fef5d33866024cf52cf0dd7a73336e703e035770e24b506db19c8

Download Submit
C:\Users\Admin\Pictures\usYj7kxqeTVXfw9OPI0uyxuj.exe

Filesize
7KB

MD5
fcad815e470706329e4e327194acc07c

SHA1
c4edd81d00318734028d73be94bc3904373018a9

SHA256
280d939a66a0107297091b3b6f86d6529ef6fac222a85dbc82822c3d5dc372b8

SHA512
f4031b49946da7c6c270e0354ac845b5c77b9dfcd267442e0571dd33ccd5146bc352ed42b59800c9d166c8c1ede61469a00a4e8d3738d937502584e8a1b72485

Download Submit
C:\Users\Admin\Pictures\xgXTJfcQEDGiiWucq3GCU7l7.exe

Filesize
221KB

MD5
4ea71b88c6102990496206084fe59321

SHA1
32e2ccdb47350a561353fe2393f34839e3eef887

SHA256
f3a9883557b07a8bbe3ad42bf14420eb6a719c7e331c5611fe532edee2642cb6

SHA512
b7eb56da2f7ccbd70c7ec1064530e61419bb7b33eae1a74ae620caa4f58be562ee9f8edf07248d45165234fd42dba63d9b6d5d616b3815db7ef170c5b466cf39

Download Submit
memory/760-708-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/760-654-0x0000000000660000-0x0000000001308000-memory.dmp

Filesize
12.7MB

Download
memory/760-653-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/1712-556-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/1712-552-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/1712-549-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/1712-547-0x00000000006C0000-0x000000000071A000-memory.dmp

Filesize
360KB

Download
memory/3216-733-0x0000000004F80000-0x0000000004F9A000-memory.dmp

Filesize
104KB

Download
memory/3216-701-0x0000000000480000-0x00000000004AA000-memory.dmp

Filesize
168KB

Download
memory/3216-766-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/3216-731-0x0000000002800000-0x000000000281C000-memory.dmp

Filesize
112KB

Download
memory/3216-710-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/3216-705-0x0000000004D80000-0x0000000004E1C000-memory.dmp

Filesize
624KB

Download
memory/3216-704-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/3292-404-0x0000000002820000-0x0000000002836000-memory.dmp

Filesize
88KB

Download
memory/4136-790-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-737-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-761-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-788-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-720-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/4136-792-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-771-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-794-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-799-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-808-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-784-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-775-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-729-0x00007FFE19B80000-0x00007FFE1A641000-memory.dmp

Filesize
10.8MB

Download
memory/4136-756-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-820-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-805-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-758-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-764-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-736-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-723-0x00000246EF410000-0x00000246EF4F4000-memory.dmp

Filesize
912KB

Download
memory/4136-748-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-750-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-812-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-752-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4136-754-0x00000246EF410000-0x00000246EF4F0000-memory.dmp

Filesize
896KB

Download
memory/4960-866-0x0000000000810000-0x0000000000A48000-memory.dmp

Filesize
2.2MB

Download
memory/5452-730-0x0000000000230000-0x0000000000628000-memory.dmp

Filesize
4.0MB

Download
memory/5452-984-0x00000000052A0000-0x00000000052B0000-memory.dmp

Filesize
64KB

Download
memory/5452-735-0x0000000005120000-0x0000000005130000-memory.dmp

Filesize
64KB

Download
memory/5452-732-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/5452-949-0x0000000005BD0000-0x0000000005D62000-memory.dmp

Filesize
1.6MB

Download
memory/5452-1006-0x0000000005120000-0x0000000005130000-memory.dmp

Filesize
64KB

Download
memory/5452-1003-0x0000000005120000-0x0000000005130000-memory.dmp

Filesize
64KB

Download
memory/5452-911-0x0000000005A20000-0x0000000005BCA000-memory.dmp

Filesize
1.7MB

Download
memory/6308-811-0x00000000053D0000-0x00000000053E0000-memory.dmp

Filesize
64KB

Download
memory/6308-975-0x00000000063C0000-0x0000000006714000-memory.dmp

Filesize
3.3MB

Download
memory/6308-944-0x00000000061E0000-0x0000000006246000-memory.dmp

Filesize
408KB

Download
memory/6308-950-0x0000000006250000-0x00000000062B6000-memory.dmp

Filesize
408KB

Download
memory/6308-893-0x00000000059E0000-0x0000000005A02000-memory.dmp

Filesize
136KB

Download
memory/6308-829-0x0000000005A10000-0x0000000006038000-memory.dmp

Filesize
6.2MB

Download
memory/6308-813-0x00000000053D0000-0x00000000053E0000-memory.dmp

Filesize
64KB

Download
memory/6308-806-0x0000000005280000-0x00000000052B6000-memory.dmp

Filesize
216KB

Download
memory/6308-809-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/6344-966-0x0000000000D40000-0x0000000000D41000-memory.dmp

Filesize
4KB

Download
memory/6344-698-0x0000000000D40000-0x0000000000D41000-memory.dmp

Filesize
4KB

Download
memory/6492-524-0x0000000007500000-0x0000000007512000-memory.dmp

Filesize
72KB

Download
memory/6492-494-0x0000000007330000-0x000000000733A000-memory.dmp

Filesize
40KB

Download
memory/6492-459-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/6492-471-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/6492-482-0x0000000007210000-0x0000000007220000-memory.dmp

Filesize
64KB

Download
memory/6492-480-0x0000000007750000-0x0000000007CF4000-memory.dmp

Filesize
5.6MB

Download
memory/6492-527-0x00000000076E0000-0x000000000772C000-memory.dmp

Filesize
304KB

Download
memory/6492-525-0x0000000007560000-0x000000000759C000-memory.dmp

Filesize
240KB

Download
memory/6492-628-0x0000000007210000-0x0000000007220000-memory.dmp

Filesize
64KB

Download
memory/6492-586-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/6492-520-0x00000000075D0000-0x00000000076DA000-memory.dmp

Filesize
1.0MB

Download
memory/6492-481-0x0000000007280000-0x0000000007312000-memory.dmp

Filesize
584KB

Download
memory/6492-517-0x0000000008320000-0x0000000008938000-memory.dmp

Filesize
6.1MB

Download
memory/6672-768-0x0000000005940000-0x0000000005950000-memory.dmp

Filesize
64KB

Download
memory/6672-760-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/6672-765-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/7380-986-0x0000000000D40000-0x0000000001269000-memory.dmp

Filesize
5.2MB

Download
memory/7876-993-0x0000000005E80000-0x0000000006042000-memory.dmp

Filesize
1.8MB

Download
memory/7876-991-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/7876-972-0x0000000000F80000-0x000000000129C000-memory.dmp

Filesize
3.1MB

Download
memory/7948-579-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/7948-578-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/7948-587-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/7948-582-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/8900-669-0x000002D8D44D0000-0x000002D8D45B0000-memory.dmp

Filesize
896KB

Download
memory/8900-685-0x000002D8BBCA0000-0x000002D8BBCEC000-memory.dmp

Filesize
304KB

Download
memory/8900-682-0x000002D8D4780000-0x000002D8D4848000-memory.dmp

Filesize
800KB

Download
memory/8900-676-0x000002D8D45B0000-0x000002D8D4678000-memory.dmp

Filesize
800KB

Download
memory/8900-658-0x000002D8B9D90000-0x000002D8B9EF0000-memory.dmp

Filesize
1.4MB

Download
memory/8900-667-0x000002D8BA300000-0x000002D8BA310000-memory.dmp

Filesize
64KB

Download
memory/8900-668-0x000002D8BBB30000-0x000002D8BBC16000-memory.dmp

Filesize
920KB

Download
memory/8900-728-0x00007FFE19B80000-0x00007FFE1A641000-memory.dmp

Filesize
10.8MB

Download
memory/8900-664-0x00007FFE19B80000-0x00007FFE1A641000-memory.dmp

Filesize
10.8MB

Download
memory/8960-366-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/8960-364-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/8960-363-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/8960-358-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/9184-406-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/9184-368-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download