glupteba | 861bd76fab868f3be964df98bc5c59cd25e187115738efecac98c8b2215c40a0

Analysis

max time kernel
151s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2023 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30befd088724719df66035cff6175ec647a4e80ec049eb84ba0a769e08c9e60c.exe
Size

799KB
MD5

06e964d72a34dc9e1cc80e3a8fe9bdeb
SHA1

58f6a85a578901f1fa64ac9598e47eb121836843
SHA256

30befd088724719df66035cff6175ec647a4e80ec049eb84ba0a769e08c9e60c
SHA512

59ceec8e5aa6453ecf8e6fae57251f88a07ad9b34665143c648e252a6f0af75479a5607839bb0a89621938d0afc340c37778b383a431b586ea4f1412304f1bfb
SSDEEP

24576:ry5rqmZj5AaeuIseC/GRLYDHILx4wqMwFY:e5rNZ9ZetJEGK0F49

Malware Config

Extracted

Family

smokeloader

Version

2022

http://5.42.92.190/fks/index.php

rc4.i32

Extracted

Family

redline

Botnet

pixelfresh

194.49.94.11:80

Extracted

Family

redline

Botnet

@ytlogsbot

194.169.175.235:42691

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral1/memory/5212-432-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/5212-441-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/5212-446-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/5212-454-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Detect ZGRat V1 2 IoCs

resource	yara_rule
behavioral1/memory/7556-1319-0x0000000002560000-0x00000000025AA000-memory.dmp	family_zgrat_v1
behavioral1/memory/7556-1324-0x0000000002560000-0x00000000025AA000-memory.dmp	family_zgrat_v1

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 4 IoCs

resource	yara_rule
behavioral1/memory/3176-826-0x0000000002DC0000-0x00000000036AB000-memory.dmp	family_glupteba
behavioral1/memory/3176-865-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba
behavioral1/memory/3176-1023-0x0000000002DC0000-0x00000000036AB000-memory.dmp	family_glupteba
behavioral1/memory/3176-1180-0x0000000000400000-0x0000000000D1C000-memory.dmp	family_glupteba

Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 7 IoCs

resource	yara_rule
behavioral1/memory/5544-708-0x0000000000980000-0x000000000099E000-memory.dmp	family_redline
behavioral1/memory/6164-736-0x00000000001C0000-0x00000000001FE000-memory.dmp	family_redline
behavioral1/memory/6164-737-0x0000000000400000-0x0000000000449000-memory.dmp	family_redline
behavioral1/memory/3628-745-0x0000000000560000-0x00000000005BA000-memory.dmp	family_redline
behavioral1/memory/3628-746-0x0000000000400000-0x0000000000470000-memory.dmp	family_redline
behavioral1/memory/7556-1319-0x0000000002560000-0x00000000025AA000-memory.dmp	family_redline
behavioral1/memory/7556-1324-0x0000000002560000-0x00000000025AA000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 1 IoCs

resource	yara_rule
behavioral1/memory/5544-708-0x0000000000980000-0x000000000099E000-memory.dmp	family_sectoprat

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader

Suspicious use of NtCreateUserProcessOtherParentProcess 4 IoCs

description	pid	Process	procid_target
PID 5848 created 3320	5848	latestX.exe	46
PID 5848 created 3320	5848	latestX.exe	46
PID 5848 created 3320	5848	latestX.exe	46
PID 5848 created 3320	5848	latestX.exe	46

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Downloads MZ/PE file

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\drivers\etc\hosts	latestX.exe

Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

.NET Reactor proctector 2 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/7556-1319-0x0000000002560000-0x00000000025AA000-memory.dmp	net_reactor
behavioral1/memory/7556-1324-0x0000000002560000-0x00000000025AA000-memory.dmp	net_reactor

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation	5DCB.exe

Executes dropped EXE 15 IoCs

pid	Process
404	NO9ll22.exe
2988	1om77Gk1.exe
3860	2Kf7265.exe
4972	3co79xu.exe
6548	5DCB.exe
5544	603D.exe
6164	62DE.exe
3628	66B7.exe
7420	InstallSetup5.exe
2764	toolspub2.exe
3176	31839b57a4f11171d6abc8bbc4451ee4.exe
6372	Broom.exe
5848	latestX.exe
4272	toolspub2.exe
3780	A037.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	30befd088724719df66035cff6175ec647a4e80ec049eb84ba0a769e08c9e60c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	NO9ll22.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0008000000022d7b-12.dat	autoit_exe
behavioral1/files/0x0008000000022d7b-13.dat	autoit_exe

Detected potential entity reuse from brand microsoft.
phishing microsoft
Detected potential entity reuse from brand paypal.
phishing paypal

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 3860 set thread context of 5212	3860	2Kf7265.exe	148
PID 2764 set thread context of 4272	2764	toolspub2.exe	182
PID 3780 set thread context of 5216	3780	A037.exe	196

Launches sc.exe 5 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
7428	sc.exe
5564	sc.exe
7100	sc.exe
6564	sc.exe
7624	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
412	5212	WerFault.exe	148

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	toolspub2.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	toolspub2.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	toolspub2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	3co79xu.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	3co79xu.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	3co79xu.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5448	msedge.exe
5448	msedge.exe
5472	msedge.exe
5472	msedge.exe
5716	msedge.exe
5716	msedge.exe
5876	msedge.exe
5876	msedge.exe
5524	msedge.exe
5524	msedge.exe
5540	msedge.exe
5540	msedge.exe
5540	msedge.exe
2028	msedge.exe
2028	msedge.exe
5360	msedge.exe
5360	msedge.exe
4724	msedge.exe
4724	msedge.exe
6236	msedge.exe
6236	msedge.exe
6744	msedge.exe
6744	msedge.exe
4972	3co79xu.exe
4972	3co79xu.exe
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE
3320	Explorer.EXE

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
4972	3co79xu.exe
4272	toolspub2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of AdjustPrivilegeToken 53 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeDebugPrivilege	5544	603D.exe
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeShutdownPrivilege	3320	Explorer.EXE
Token: SeCreatePagefilePrivilege	3320	Explorer.EXE
Token: SeDebugPrivilege	2092	powershell.exe
Token: SeDebugPrivilege	5628	powershell.exe
Token: SeDebugPrivilege	6164	62DE.exe
Token: SeDebugPrivilege	7384	powershell.exe
Token: SeShutdownPrivilege	4312	powercfg.exe
Token: SeCreatePagefilePrivilege	4312	powercfg.exe
Token: SeShutdownPrivilege	988	powercfg.exe
Token: SeCreatePagefilePrivilege	988	powercfg.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
2988	1om77Gk1.exe
2988	1om77Gk1.exe
2988	1om77Gk1.exe
2988	1om77Gk1.exe
2988	1om77Gk1.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
2988	1om77Gk1.exe
2988	1om77Gk1.exe
2988	1om77Gk1.exe
2988	1om77Gk1.exe
2988	1om77Gk1.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
6372	Broom.exe

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
3320	Explorer.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 404	4808	30befd088724719df66035cff6175ec647a4e80ec049eb84ba0a769e08c9e60c.exe	86
PID 4808 wrote to memory of 404	4808	30befd088724719df66035cff6175ec647a4e80ec049eb84ba0a769e08c9e60c.exe	86
PID 4808 wrote to memory of 404	4808	30befd088724719df66035cff6175ec647a4e80ec049eb84ba0a769e08c9e60c.exe	86
PID 404 wrote to memory of 2988	404	NO9ll22.exe	87
PID 404 wrote to memory of 2988	404	NO9ll22.exe	87
PID 404 wrote to memory of 2988	404	NO9ll22.exe	87
PID 2988 wrote to memory of 1552	2988	1om77Gk1.exe	88
PID 2988 wrote to memory of 1552	2988	1om77Gk1.exe	88
PID 2988 wrote to memory of 2028	2988	1om77Gk1.exe	90
PID 2988 wrote to memory of 2028	2988	1om77Gk1.exe	90
PID 2988 wrote to memory of 1244	2988	1om77Gk1.exe	91
PID 2988 wrote to memory of 1244	2988	1om77Gk1.exe	91
PID 2988 wrote to memory of 3988	2988	1om77Gk1.exe	92
PID 2988 wrote to memory of 3988	2988	1om77Gk1.exe	92
PID 2988 wrote to memory of 5092	2988	1om77Gk1.exe	93
PID 2988 wrote to memory of 5092	2988	1om77Gk1.exe	93
PID 2988 wrote to memory of 2300	2988	1om77Gk1.exe	94
PID 2988 wrote to memory of 2300	2988	1om77Gk1.exe	94
PID 2988 wrote to memory of 2008	2988	1om77Gk1.exe	95
PID 2988 wrote to memory of 2008	2988	1om77Gk1.exe	95
PID 2988 wrote to memory of 2784	2988	1om77Gk1.exe	96
PID 2988 wrote to memory of 2784	2988	1om77Gk1.exe	96
PID 2988 wrote to memory of 2304	2988	1om77Gk1.exe	97
PID 2988 wrote to memory of 2304	2988	1om77Gk1.exe	97
PID 2300 wrote to memory of 4848	2300	msedge.exe	106
PID 2300 wrote to memory of 4848	2300	msedge.exe	106
PID 2784 wrote to memory of 5016	2784	msedge.exe	104
PID 2784 wrote to memory of 5016	2784	msedge.exe	104
PID 2304 wrote to memory of 4416	2304	msedge.exe	103
PID 2304 wrote to memory of 4416	2304	msedge.exe	103
PID 1244 wrote to memory of 4988	1244	msedge.exe	102
PID 1244 wrote to memory of 4988	1244	msedge.exe	102
PID 2008 wrote to memory of 3892	2008	msedge.exe	101
PID 2008 wrote to memory of 3892	2008	msedge.exe	101
PID 1552 wrote to memory of 3936	1552	msedge.exe	99
PID 1552 wrote to memory of 3936	1552	msedge.exe	99
PID 3988 wrote to memory of 1948	3988	msedge.exe	98
PID 3988 wrote to memory of 1948	3988	msedge.exe	98
PID 2028 wrote to memory of 3144	2028	msedge.exe	100
PID 2028 wrote to memory of 3144	2028	msedge.exe	100
PID 2988 wrote to memory of 3540	2988	1om77Gk1.exe	105
PID 2988 wrote to memory of 3540	2988	1om77Gk1.exe	105
PID 5092 wrote to memory of 3088	5092	msedge.exe	107
PID 5092 wrote to memory of 3088	5092	msedge.exe	107
PID 3540 wrote to memory of 3564	3540	msedge.exe	108
PID 3540 wrote to memory of 3564	3540	msedge.exe	108
PID 404 wrote to memory of 3860	404	NO9ll22.exe	109
PID 404 wrote to memory of 3860	404	NO9ll22.exe	109
PID 404 wrote to memory of 3860	404	NO9ll22.exe	109
PID 5092 wrote to memory of 5440	5092	msedge.exe	119
PID 5092 wrote to memory of 5440	5092	msedge.exe	119
PID 5092 wrote to memory of 5440	5092	msedge.exe	119
PID 5092 wrote to memory of 5440	5092	msedge.exe	119
PID 5092 wrote to memory of 5440	5092	msedge.exe	119
PID 5092 wrote to memory of 5440	5092	msedge.exe	119
PID 5092 wrote to memory of 5440	5092	msedge.exe	119
PID 5092 wrote to memory of 5440	5092	msedge.exe	119
PID 5092 wrote to memory of 5440	5092	msedge.exe	119
PID 5092 wrote to memory of 5440	5092	msedge.exe	119
PID 5092 wrote to memory of 5440	5092	msedge.exe	119
PID 5092 wrote to memory of 5440	5092	msedge.exe	119
PID 5092 wrote to memory of 5440	5092	msedge.exe	119
PID 5092 wrote to memory of 5440	5092	msedge.exe	119
PID 5092 wrote to memory of 5440	5092	msedge.exe	119

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
PID:3320
- C:\Users\Admin\AppData\Local\Temp\30befd088724719df66035cff6175ec647a4e80ec049eb84ba0a769e08c9e60c.exe
  "C:\Users\Admin\AppData\Local\Temp\30befd088724719df66035cff6175ec647a4e80ec049eb84ba0a769e08c9e60c.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:4808
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NO9ll22.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NO9ll22.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:404
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1om77Gk1.exe
      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1om77Gk1.exe
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1552
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x40,0x16c,0x7ffb014846f8,0x7ffb01484708,0x7ffb01484718
        6⤵
        
        PID:3936
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2623300567117664378,15438723567470213300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5540
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2623300567117664378,15438723567470213300,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        6⤵
        
        PID:5532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
        5⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2028
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb014846f8,0x7ffb01484708,0x7ffb01484718
        6⤵
        
        PID:3144
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
        6⤵
        
        PID:5480
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5472
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
        6⤵
        
        PID:5464
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
        6⤵
        
        PID:6044
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
        6⤵
        
        PID:6052
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
        6⤵
        
        PID:7436
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
        6⤵
        
        PID:6828
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
        6⤵
        
        PID:7676
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
        6⤵
        
        PID:7788
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
        6⤵
        
        PID:7916
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
        6⤵
        
        PID:8048
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
        6⤵
        
        PID:8136
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
        6⤵
        
        PID:8168
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
        6⤵
        
        PID:6648
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
        6⤵
        
        PID:3376
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
        6⤵
        
        PID:8124
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
        6⤵
        
        PID:3512
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8676 /prefetch:1
        6⤵
        
        PID:7828
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1
        6⤵
        
        PID:6628
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9900 /prefetch:1
        6⤵
        
        PID:7240
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9868 /prefetch:1
        6⤵
        
        PID:7284
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2980 /prefetch:8
        6⤵
        
        PID:1456
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2980 /prefetch:8
        6⤵
        
        PID:4140
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:1
        6⤵
        
        PID:396
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11048 /prefetch:1
        6⤵
        
        PID:3328
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10872 /prefetch:1
        6⤵
        
        PID:5948
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
        6⤵
        
        PID:3384
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10516 /prefetch:1
        6⤵
        
        PID:1096
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10856 /prefetch:8
        6⤵
        
        PID:6180
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10752 /prefetch:1
        6⤵
        
        PID:8044
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7316 /prefetch:2
        6⤵
        
        PID:8156
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,5999438971314149414,5471831684912018691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
        6⤵
        
        PID:5872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1244
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb014846f8,0x7ffb01484708,0x7ffb01484718
        6⤵
        
        PID:4988
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,14655836149288853084,4686543159382606286,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
        6⤵
        
        PID:5756
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,14655836149288853084,4686543159382606286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3988
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb014846f8,0x7ffb01484708,0x7ffb01484718
        6⤵
        
        PID:1948
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2781807581630884281,6274109400585871683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5360
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2781807581630884281,6274109400585871683,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        6⤵
        
        PID:5348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:5092
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb014846f8,0x7ffb01484708,0x7ffb01484718
        6⤵
        
        PID:3088
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,973273550011695950,7716984052009350187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5448
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,973273550011695950,7716984052009350187,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        6⤵
        
        PID:5440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2300
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb014846f8,0x7ffb01484708,0x7ffb01484718
        6⤵
        
        PID:4848
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,15219871930425783473,17197256843356893002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4724
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15219871930425783473,17197256843356893002,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        6⤵
        
        PID:4640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2008
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb014846f8,0x7ffb01484708,0x7ffb01484718
        6⤵
        
        PID:3892
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,18340563415147450949,9099281011413020304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6744
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,18340563415147450949,9099281011413020304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
        6⤵
        
        PID:6728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2784
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb014846f8,0x7ffb01484708,0x7ffb01484718
        6⤵
        
        PID:5016
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1784,10710209075183690048,5117301326935366705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6236
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,10710209075183690048,5117301326935366705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
        6⤵
        
        PID:6224
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2304
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb014846f8,0x7ffb01484708,0x7ffb01484718
        6⤵
        
        PID:4416
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6650546635744647207,6257337973398768856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5524
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6650546635744647207,6257337973398768856,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        6⤵
        
        PID:5516
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3540
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb014846f8,0x7ffb01484708,0x7ffb01484718
        6⤵
        
        PID:3564
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,13149573231637698411,1106167079957514655,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5716
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13149573231637698411,1106167079957514655,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
        6⤵
        
        PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Kf7265.exe
      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Kf7265.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      PID:3860
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        5⤵
        
        PID:5212
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 540
        6⤵
        Program crash
        
        PID:412
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3co79xu.exe
    C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\3co79xu.exe
    3⤵
    - Executes dropped EXE
    - Checks SCSI registry key(s)
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    PID:4972
- C:\Users\Admin\AppData\Local\Temp\5DCB.exe
  C:\Users\Admin\AppData\Local\Temp\5DCB.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:6548
- - C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
    "C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"
    3⤵
    - Executes dropped EXE
    PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\Broom.exe
      C:\Users\Admin\AppData\Local\Temp\Broom.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:6372
- - C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
    "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
      "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
      4⤵
      Executes dropped EXE
      Checks SCSI registry key(s)
      Suspicious behavior: MapViewOfSection
      PID:4272
- - C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
    "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
    3⤵
    - Executes dropped EXE
    PID:3176
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2092
- - C:\Users\Admin\AppData\Local\Temp\latestX.exe
    "C:\Users\Admin\AppData\Local\Temp\latestX.exe"
    3⤵
    - Suspicious use of NtCreateUserProcessOtherParentProcess
    - Drops file in Drivers directory
    - Executes dropped EXE
    PID:5848
- C:\Users\Admin\AppData\Local\Temp\603D.exe
  C:\Users\Admin\AppData\Local\Temp\603D.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5544
- C:\Users\Admin\AppData\Local\Temp\62DE.exe
  C:\Users\Admin\AppData\Local\Temp\62DE.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:6164
- C:\Users\Admin\AppData\Local\Temp\66B7.exe
  C:\Users\Admin\AppData\Local\Temp\66B7.exe
  2⤵
  - Executes dropped EXE
  PID:3628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=66B7.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    PID:856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb014846f8,0x7ffb01484708,0x7ffb01484718
      4⤵
      PID:3404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=66B7.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
    3⤵
    PID:3260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb014846f8,0x7ffb01484708,0x7ffb01484718
      4⤵
      PID:452
- C:\Users\Admin\AppData\Local\Temp\A037.exe
  C:\Users\Admin\AppData\Local\Temp\A037.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:3780
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
    3⤵
    PID:5216
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5628
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
  2⤵
  PID:6896
- - C:\Windows\System32\sc.exe
    sc stop UsoSvc
    3⤵
    - Launches sc.exe
    PID:5564
- - C:\Windows\System32\sc.exe
    sc stop WaaSMedicSvc
    3⤵
    - Launches sc.exe
    PID:7100
- - C:\Windows\System32\sc.exe
    sc stop wuauserv
    3⤵
    - Launches sc.exe
    PID:6564
- - C:\Windows\System32\sc.exe
    sc stop bits
    3⤵
    - Launches sc.exe
    PID:7624
- - C:\Windows\System32\sc.exe
    sc stop dosvc
    3⤵
    - Launches sc.exe
    PID:7428
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:7384
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
  2⤵
  PID:5832
- - C:\Windows\System32\powercfg.exe
    powercfg /x -hibernate-timeout-ac 0
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4312
- - C:\Windows\System32\powercfg.exe
    powercfg /x -hibernate-timeout-dc 0
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:988
- - C:\Windows\System32\powercfg.exe
    powercfg /x -standby-timeout-ac 0
    3⤵
    PID:7724
- - C:\Windows\System32\powercfg.exe
    powercfg /x -standby-timeout-dc 0
    3⤵
    PID:996
- C:\Users\Admin\AppData\Local\Temp\5407.exe
  C:\Users\Admin\AppData\Local\Temp\5407.exe
  2⤵
  PID:1400
- C:\Users\Admin\AppData\Local\Temp\C408.exe
  C:\Users\Admin\AppData\Local\Temp\C408.exe
  2⤵
  PID:7556
- C:\Users\Admin\AppData\Local\Temp\C5ED.exe
  C:\Users\Admin\AppData\Local\Temp\C5ED.exe
  2⤵
  PID:1052
- C:\Users\Admin\AppData\Local\Temp\C850.exe
  C:\Users\Admin\AppData\Local\Temp\C850.exe
  2⤵
  PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 5212 -ip 5212
1⤵
PID:5192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0f31fbb9-aee2-43fd-b4c3-13a24259b810.tmp

Filesize
2KB

MD5
296e12483cb1d095c6618d3afb800f0e

SHA1
3f4141f8816b86f6237256c22bbd8ecbd7e00bf9

SHA256
3b5768dbe42732490157f5bff55cce4c2a877d79d67b712e23bdbca93015784c

SHA512
038589877a16103751bf0b9cfc011e778098213b8937d0a1c08394b774ef6410085e8afbd11feee71877cb9bcda0eeddcc2c0b85133ec6075f5867e82323e88c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3e10c137-de82-4139-b1f1-f7ea2933c4e3.tmp

Filesize
2KB

MD5
8e1c2bbadeb3d1292eeb91bb74d42d60

SHA1
e3d41ee91763332e6ac28c3da39553a6026660d8

SHA256
03af501fea2f68426a66b9b1e55f54e319edeb8a78c12a77ecfb38f1c4829ab2

SHA512
59c56b15238252ec5bb57c3f7097a0b578066dac3770b053451fa403f785115f2b0f644d0190a223a15f40f6502e2052984559421b903b9bc459c4b154b3d082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\73cfb1d4-0eaf-4381-98e6-3a2008a489fe.tmp

Filesize
2KB

MD5
63302fd84262df413dcc0320e68269b4

SHA1
63f8ad7558d0bbac13fc07b70bae3a23d088bdf3

SHA256
aeb1df842470cf3e7499a987d9fdaf267f1e09263fcb32cf92ace932d4f7927c

SHA512
7e70544fa74cc56065be0f2c3f5da374de769ede54e32a5aaad74cd80b6a3af0575efc33e6ab5a50990f2e23a0c21abea0e2b7cd12f956ea23ac3a7298826af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7625ada5-d56c-4648-8ea5-2fe7e8205139.tmp

Filesize
2KB

MD5
a89cd481282207f3f90cbc62153ceb8a

SHA1
26f222d8d8096b9dc447a33a143bbaf49858696b

SHA256
4cfff48b62faedca6c252b8bac46262373099cab726bfe80b005cfba7ce6aa92

SHA512
25133e18e55a643a9a452bd1a09c5bc07fa5189f9f8a0dd5ba173e6a21094e1687490ac0cffd8ce5a50b8b43c4d0941c514a037ea800dbd66e618331f2fef424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16e56f576d6ace85337e8c07ec00c0bf

SHA1
5c9579bb4975c93a69d1336eed5f05013dc35b9c

SHA256
7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

SHA512
69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16e56f576d6ace85337e8c07ec00c0bf

SHA1
5c9579bb4975c93a69d1336eed5f05013dc35b9c

SHA256
7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

SHA512
69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16e56f576d6ace85337e8c07ec00c0bf

SHA1
5c9579bb4975c93a69d1336eed5f05013dc35b9c

SHA256
7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

SHA512
69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16e56f576d6ace85337e8c07ec00c0bf

SHA1
5c9579bb4975c93a69d1336eed5f05013dc35b9c

SHA256
7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

SHA512
69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16e56f576d6ace85337e8c07ec00c0bf

SHA1
5c9579bb4975c93a69d1336eed5f05013dc35b9c

SHA256
7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

SHA512
69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16e56f576d6ace85337e8c07ec00c0bf

SHA1
5c9579bb4975c93a69d1336eed5f05013dc35b9c

SHA256
7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

SHA512
69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16e56f576d6ace85337e8c07ec00c0bf

SHA1
5c9579bb4975c93a69d1336eed5f05013dc35b9c

SHA256
7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

SHA512
69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16e56f576d6ace85337e8c07ec00c0bf

SHA1
5c9579bb4975c93a69d1336eed5f05013dc35b9c

SHA256
7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

SHA512
69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
16e56f576d6ace85337e8c07ec00c0bf

SHA1
5c9579bb4975c93a69d1336eed5f05013dc35b9c

SHA256
7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5

SHA512
69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0649f58df0cf50cd1691cc386d91b63a

SHA1
5187662e7ae6a3b49e4c170003c7255b48e9da84

SHA256
fbeba6a17e519aabe74ffc92ca5c2ec9397cf585020f003c726764729ccd83e0

SHA512
a22d9a505e4130756799bf316b434fcf8a8a49b4a0a708142962e19627b513876591f2aa096d9d6d456acafa71262f872328fe9965052d1a4938956db5827af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d1533c894dbe51b1f906bcef379946e4

SHA1
86a54e6d374bd9896da9fbf10d381a10afac25fd

SHA256
d0dd6c337678406e0fe3952c73ebd5a19a9cb4583f1179495dcd0e90f70642fe

SHA512
2bb77d63f2791b54dc81853fff967ff489026a23b9a918f991450075bed55797998771c256528b87b00b7799a8f9fd52d70732b9b9bad400523643c722e73852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0fe38070b54ed368e58768a47c7533c9

SHA1
bb621a0f11a48702d0aa7c63054cbead797214c7

SHA256
0cdd400bf5cb02ecb7e6bf151bc054c2d063daf62ea50f546a64e7e2a4cde540

SHA512
c4f0fa1e0b0232c41bb718e29b89ab1ed1f63f20d3796e22d87deb3152f09a115dc151fd2177e919e3357834a65304bc7c98d6d0e9dbb51848f8bd37462c701f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
05bc888ae75221000fce83b3fcace65d

SHA1
627cd040ef52ef6446f231a3697cc940b23ce085

SHA256
8587fafc0ced9fd461d85e50e4fe83f69e027bace84945b07fc3fc267d18303d

SHA512
3df5e54f83eccbb05d48cbe8f6b4e3797e5ba1d98b0f07c60dabd2fa62488356bd167e992f22e07d8004d7f4660c5129212b0c925c1595c121184f97e31846dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f54e6d2ccd3f033c18d45e36282a5370

SHA1
77c4b9469a7890afa04352279ed6f283d7c5916a

SHA256
40850c948f9802cb61c5022697378c3569b5b36de705cac37bf5c9e7b307067c

SHA512
ee56b7ea63a56325a631d9c7c011e8915cf5fb0a38cc721d39f3c584b5c3e2e9b20fd9f57a1d8fb89467ae379bf50423e5a5d5255f778904112381cbb50f6e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bc0d7a714d0a97ab9239d0fbbe86b413

SHA1
0538119c2a1e9616b590d016e6b53864e9c3a204

SHA256
8be815a64a9050357181cbea1bf3b5867c40288d6420c8f99c8b658f697f9c00

SHA512
53d1b86fd4272351a85bb79b4d9c4329741e97c36ecd223affa2f46ca216b4755538b7195104f11d0fad13131ba2566a45fcee1258bcdc72947e36e7f26f1cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
705c94a9a56d4a4e0682b75be4ff65f4

SHA1
dc2acf4e7ed0333129f2d2a403a04c1baaf34113

SHA256
8897c93d655f698fdbf27302831b512b7e891d0d63e9f89a120647851fd207ef

SHA512
963ac813f304fcc2f48ace87c1af573570ee30a435d4460769b7e54aa6bb142c99ea8ee1a7f82d52cd05bc5db3d2b501701d3371bcc6a06ed60b7a04c1a105b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fd20981c7184673929dfcab50885629b

SHA1
14c2437aad662b119689008273844bac535f946c

SHA256
28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22

SHA512
b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
6d4a0681520a37e1139d1f5c1174a1a6

SHA1
a616f8e3fe2bacf3e4511732dd3b2fe64947246e

SHA256
c56512560da27d26c64c6e43b7410f3fe216ee595d6e714e7fea573815cd2549

SHA512
8bd96c2f1068be30fb601282bbf92ba33576e97f1f015139a5cd751015bcb2e9ba8ad9e7e816633cc8a1418c7895076e8e5f49bf8574409ed33db2d282c9944b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
3e687b427d174f631d4645eac4c5135a

SHA1
0ff9a61326f1e6b9c4592edbf6cbd7a3f6f6fb8e

SHA256
df944a021ca4d127bc11ab8a389921b3cac2733fcb968498849022f84e584ac4

SHA512
0247220a8cc03edb5a392b86b036e1d71d290f4891d5a5a553ca3475da01a94c158200ac90340e1fd25b32d547caff8ec6d5e90fc96ffbe76507b99dec22fe75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58fe31.TMP

Filesize
89B

MD5
6eaa66754bb0e76fc70a4d8d95e1a1e2

SHA1
aa73503d6a2b07d51064daf3e8ffc203e7ed2516

SHA256
4d721c27b345a7743830a4659f6cd4a200a55f0d292f7edd6bef5dd9ad28f348

SHA512
7e12b3bd1d054e596f1f89dc1776a695a859dc599541cf3cee8813b9a7c387830384d7511365c53d4a4d085967dab2ad7e949a4c66278838199abe9a704bd845

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\a0e37ba5-8f78-435f-85cd-321cb0119270\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
140B

MD5
0a9e744e51f1936c65b9ae3f485dff76

SHA1
109d917e485b7979a552acc304ecec9f51c17f0e

SHA256
c0267cec40bcb12adefbcc5713b51830ca11a359459e4b4e92fa04dea5778611

SHA512
43f0cfc8b90d01511737e1f0681dff5471b4a8aa840b9dda959ca291f395b3680bd46f0d0d785ce4865351c124fd1ce79c5ddad84c798074cb6aacceb7f92d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
133B

MD5
ee5b0d752c45485d4a3d9015ee3fb493

SHA1
2347c556051ea57dbc0190fa76c198fca50139ab

SHA256
18c8fbbd2cc1db0818f07b4584a0ef3db5a012e626307c964bbba355aa025553

SHA512
460c1d354555e245d87de521cb6df6b5f2304c8f77b78cc696e5ce784dde2d80a56ac7c885f02fa11c5705b95b5c39ac1399b1839593c887daedfd26e1860184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe593ce0.TMP

Filesize
83B

MD5
4b47d5425035d77c60206fd85c731dc1

SHA1
3b2634d550c308e36aa579b3fc311f700fa0a761

SHA256
eb23204db237c38cbd4500c8a5395d3f423bb1c2fcb672b3c8998362efa3a924

SHA512
0adde233e668a60d5ca2a18233ab425aff575990b4ee19c56fa4304295e1cd6ca393d624475025ade9451c0d8422c15d13b1fb2ca97e8dd36dbbb2a952bb9425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
2a92b73c17e1054c96df66f602b21c4d

SHA1
9bc410d4efc5986b05a9e7f483b816af85b55066

SHA256
1510e4b83a5e40c27221cd33e8f11fef7b3e8357f2789bc5ac414934e02999fd

SHA512
8a37005645c1f3bcc4c6383f830adf8ad265f639e1b85f28ef0e30fecff4eb4e8e480fc9033d9433df61fa191a45273135fee704b4e9d6c906341f990eb06df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59c20e.TMP

Filesize
72B

MD5
3817a65b7eb8018633ccab3f4d42df67

SHA1
b036307c71be048ef49618a450c4466fcda1ad55

SHA256
7e05fbe2d26de0dcddf746ddcd981013255c61366d4e09313a770f529dcfa311

SHA512
e016beb2165178fae07d8bdab5a37e7dfa48ce218a23833d8f5c8648369581f2903663cf648d839a1d61cd71964397268f9e48210c21fb2a5d3027b2f11f9da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
37b04226e719147c1747a12132f14622

SHA1
c70340d077df37b82d6d6195692eb9992df77943

SHA256
8303164f8cac4b9f153a932afda20ed328e27013a0eff29b98386475b32c985e

SHA512
7f52dff1695f3cf1237d2ad2f7c898b36454e299c0e1df1817492fe976b058733659f28678a90ca459dd16487f8e5a23d6c8770b703303dcd2b0d0c77322d94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
46037d7a6fab58cbfc9c93dc7380eca2

SHA1
58a72a5be6c846877399027f2fd81b3a90c3edb6

SHA256
a390409602b1ef5faeb0c31423da3b958e66b2cc99ca152ba1dd902035d1d9a5

SHA512
3e9457bb0151b52dc52f8c1a5e8b95325e3aa15c9200065e405cfd014cbdab5330b083e449123336a8207e13fe36b242ad73714147dc1f6f7baf3b76f383783c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9831f5e777989fe393b404ecb84443e0

SHA1
698e3d17b093a95785e7f03cf7f5f89f5933d38b

SHA256
68927f47eb3522ff9fa5921fe75e40f99bf25cf5a57a94974203c353392b0fad

SHA512
dbf4d94040b2eb2c9a75f6db378a4c59ad9480359b2fe0091ad3bd40ebaa0a50b34ee447ef1c086bca5751ab8ac1b0ddf30f1a3f6b3b9ab2848c1a83091bb09a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f140ef806166bd90e466b246903060b5

SHA1
bbcf4fd9d314e1da91578fbfaa26b3e33d25b1c9

SHA256
91c0c282fd257882f1691b5783b8081dd39e9d662ab0fa74405b808b2c64e993

SHA512
28c1bc6c0d347b1cbe68e4e379dbdd6d97f73657fac28a62bb4eb9ef39cf1d4cc230127b48d7228ddbcbecdc949acae5ef1bd28a86bf185f29ebb5c8e6f5d1c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e4dba9808569afbd0a15532fec724927

SHA1
13bbc18e5e6b84c8c0294fc277378e94c02e89f4

SHA256
3ffaf637e7076a19e5c8715bcbeb0f34a395923289948b89b1498fa8a3b5f7a4

SHA512
3932fcd7c79b5f6f28945e92d82cf40e918607c7914a8135ea7fada3c392f992a0cb285fa8ef325601124d425797fd87c2f9272385d899d2d5a07daa6a8a190b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5831b9.TMP

Filesize
2KB

MD5
df97fd950bb0327647291acdb30bc177

SHA1
39a31fdd4c82cd3d84730a42e814709dabd4eebb

SHA256
8708f46814f0f63da1183548ee3a7848c3c48d9b58b91ee1f837fa4607393565

SHA512
b25fdf9e6f9e82e99d02e0bd0d3b420582101a2130d9ec908a8dee7bef162a257ca2f2f04a267e684e0fc396880f6ac00fd48c9a11fc89e954983ba000f9b9ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
3649f95e14ec262f821b4a4b43d13e55

SHA1
a515b4842c5518bb9de4483e11ea8e7e024516da

SHA256
768ceac4d5fdad51f3facf1d350fdc3bf85e16650092bf2e779c62ed27e6de79

SHA512
f8ae0dedc95780b4fcc855756a40dfb38382a51baae880cd66ad5b15869c58121f278b8cc30024511dfaed219ef918bc37114a83bb655505297d2c843e3b83d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
3649f95e14ec262f821b4a4b43d13e55

SHA1
a515b4842c5518bb9de4483e11ea8e7e024516da

SHA256
768ceac4d5fdad51f3facf1d350fdc3bf85e16650092bf2e779c62ed27e6de79

SHA512
f8ae0dedc95780b4fcc855756a40dfb38382a51baae880cd66ad5b15869c58121f278b8cc30024511dfaed219ef918bc37114a83bb655505297d2c843e3b83d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
63302fd84262df413dcc0320e68269b4

SHA1
63f8ad7558d0bbac13fc07b70bae3a23d088bdf3

SHA256
aeb1df842470cf3e7499a987d9fdaf267f1e09263fcb32cf92ace932d4f7927c

SHA512
7e70544fa74cc56065be0f2c3f5da374de769ede54e32a5aaad74cd80b6a3af0575efc33e6ab5a50990f2e23a0c21abea0e2b7cd12f956ea23ac3a7298826af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
35a0ef76de8b18e30a342e16ae21aae4

SHA1
75a95e695f3c9b091f03b9651ff5c0ec5e7afd6c

SHA256
db120620c7fc5678b2720e767479cd9d6b5156bd301af62bdc84893bfd2c8f06

SHA512
e102908d5cdff72b1fbb1709b23b3c89f12a57588ec86ca85da77a1c068bb27fb019b37ea0755a215e527df13d27481669bb5b4a50b45c73709ba913473b35dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
35a0ef76de8b18e30a342e16ae21aae4

SHA1
75a95e695f3c9b091f03b9651ff5c0ec5e7afd6c

SHA256
db120620c7fc5678b2720e767479cd9d6b5156bd301af62bdc84893bfd2c8f06

SHA512
e102908d5cdff72b1fbb1709b23b3c89f12a57588ec86ca85da77a1c068bb27fb019b37ea0755a215e527df13d27481669bb5b4a50b45c73709ba913473b35dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
a89cd481282207f3f90cbc62153ceb8a

SHA1
26f222d8d8096b9dc447a33a143bbaf49858696b

SHA256
4cfff48b62faedca6c252b8bac46262373099cab726bfe80b005cfba7ce6aa92

SHA512
25133e18e55a643a9a452bd1a09c5bc07fa5189f9f8a0dd5ba173e6a21094e1687490ac0cffd8ce5a50b8b43c4d0941c514a037ea800dbd66e618331f2fef424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
006db4404a204fea8540b488aab387d7

SHA1
dac0f5fc6c38b8bccd01504ba147bb88710fa3fb

SHA256
746608a75f62be0897425d65b0ca90d9b8fb3ba901b6dbeed2efcb7ab51fa602

SHA512
e31ade56268940c65bfd6caa5cf5610c06ac1436787741cd81f041cc042b4eda7ac588deea9e2740879bfa1c74ead56d70750b2fb5aee097863428ceb7d449a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
006db4404a204fea8540b488aab387d7

SHA1
dac0f5fc6c38b8bccd01504ba147bb88710fa3fb

SHA256
746608a75f62be0897425d65b0ca90d9b8fb3ba901b6dbeed2efcb7ab51fa602

SHA512
e31ade56268940c65bfd6caa5cf5610c06ac1436787741cd81f041cc042b4eda7ac588deea9e2740879bfa1c74ead56d70750b2fb5aee097863428ceb7d449a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
730938d435e7c44df1e10a5fe572cdf9

SHA1
b115c5e5d3e60316bfa917c1f0df4f3c974f1f95

SHA256
f5cdd8c7591ea86857011bc0707eb1af4c264f428369591fd75e4f7941180ce6

SHA512
732002a82ed6f957fd41274cdab1adadf8b71bc2d5d45dc4746c093401f9834164d1f98d788bca49930fff2a7d853b606cae20ac3acec9c9f56f91cf556485cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
730938d435e7c44df1e10a5fe572cdf9

SHA1
b115c5e5d3e60316bfa917c1f0df4f3c974f1f95

SHA256
f5cdd8c7591ea86857011bc0707eb1af4c264f428369591fd75e4f7941180ce6

SHA512
732002a82ed6f957fd41274cdab1adadf8b71bc2d5d45dc4746c093401f9834164d1f98d788bca49930fff2a7d853b606cae20ac3acec9c9f56f91cf556485cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
502dc2358b4cf3f2f6446ca9d3a8e383

SHA1
29c59492c71c941381f3ce7efd8ee31c50e2cfb5

SHA256
ef554b817d874101eb7d618b550cef8ce94c45e0096e5609dc01c4fdc99f216e

SHA512
2e6e2580cda01aea620366752ba39b974325cfd8a6f6a3edebff29993e36fdbb9963ff37f984e13651f6225fe84155330ad5587f7ea755042d0ead989c7eade7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
2c1b5303b8492975e4251ad15fc8ef84

SHA1
941890acb6d14e2b5bbc40c819a52be0530eb74b

SHA256
33cc08dda077ccaa605937078b2e976b852cc2111d6e390224b36abdb08dee3a

SHA512
f600b9b81c67b6fa324fca3b1225d30c54dae36d5fb90028928aaa4d65b4de838ad0f687dd24ec0cc99192ebab9c79640e81939828974b786f0b6d08452cc2b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
8e1c2bbadeb3d1292eeb91bb74d42d60

SHA1
e3d41ee91763332e6ac28c3da39553a6026660d8

SHA256
03af501fea2f68426a66b9b1e55f54e319edeb8a78c12a77ecfb38f1c4829ab2

SHA512
59c56b15238252ec5bb57c3f7097a0b578066dac3770b053451fa403f785115f2b0f644d0190a223a15f40f6502e2052984559421b903b9bc459c4b154b3d082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
2c1b5303b8492975e4251ad15fc8ef84

SHA1
941890acb6d14e2b5bbc40c819a52be0530eb74b

SHA256
33cc08dda077ccaa605937078b2e976b852cc2111d6e390224b36abdb08dee3a

SHA512
f600b9b81c67b6fa324fca3b1225d30c54dae36d5fb90028928aaa4d65b4de838ad0f687dd24ec0cc99192ebab9c79640e81939828974b786f0b6d08452cc2b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
2c1b5303b8492975e4251ad15fc8ef84

SHA1
941890acb6d14e2b5bbc40c819a52be0530eb74b

SHA256
33cc08dda077ccaa605937078b2e976b852cc2111d6e390224b36abdb08dee3a

SHA512
f600b9b81c67b6fa324fca3b1225d30c54dae36d5fb90028928aaa4d65b4de838ad0f687dd24ec0cc99192ebab9c79640e81939828974b786f0b6d08452cc2b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
296e12483cb1d095c6618d3afb800f0e

SHA1
3f4141f8816b86f6237256c22bbd8ecbd7e00bf9

SHA256
3b5768dbe42732490157f5bff55cce4c2a877d79d67b712e23bdbca93015784c

SHA512
038589877a16103751bf0b9cfc011e778098213b8937d0a1c08394b774ef6410085e8afbd11feee71877cb9bcda0eeddcc2c0b85133ec6075f5867e82323e88c

Download Submit
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Filesize
4.2MB

MD5
194599419a04dd1020da9f97050c58b4

SHA1
cd9a27cbea2c014d376daa1993538dac80968114

SHA256
37378d44454ab9ccf47cab56881e5751a355d7b91013caed8a97a7de92b7dafe

SHA512
551ebcc7bb27b9d8b162f13ff7fad266572575ff41d52c211a1d6f7adbb056eab3ee8110ed208c5a6f9f5dea5d1f7037dfe53ffbc2b2906bf6cc758093323e81

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NO9ll22.exe

Filesize
674KB

MD5
4fde30391186041fa4395f14e6de2f50

SHA1
4a17a3e8987c07787bac9abc9a7755b11c5e7fef

SHA256
92b354efb461488e746c52aba06fbd77aad6b22084e0516b415579f28baa7899

SHA512
4fd66e9fbc7dc68d153de52b7835fe3563d8ed360790c2d7b0c4f20b03c3b8f7770598ce5bc3c126843472ce3fa5c301b0cbfc4c50eac6be46e639b276fe3c26

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\NO9ll22.exe

Filesize
674KB

MD5
4fde30391186041fa4395f14e6de2f50

SHA1
4a17a3e8987c07787bac9abc9a7755b11c5e7fef

SHA256
92b354efb461488e746c52aba06fbd77aad6b22084e0516b415579f28baa7899

SHA512
4fd66e9fbc7dc68d153de52b7835fe3563d8ed360790c2d7b0c4f20b03c3b8f7770598ce5bc3c126843472ce3fa5c301b0cbfc4c50eac6be46e639b276fe3c26

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1om77Gk1.exe

Filesize
895KB

MD5
a93b376f6787116ad07e0b0778cf7859

SHA1
a5bc72c0a3de432f0859396f3917a34f6e210fae

SHA256
d932bcb095ebf5416036e259e4d9f38c78750871a72c8eea06da64931eac8f9e

SHA512
00484025c439cee5182f738bbb8b4463ed5cf0bb4c565fd593197b62300e8d47502f9eb46cdefbc86de081081bf1e9a9d432034ebdb2e9e28930716cecc64e04

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1om77Gk1.exe

Filesize
895KB

MD5
a93b376f6787116ad07e0b0778cf7859

SHA1
a5bc72c0a3de432f0859396f3917a34f6e210fae

SHA256
d932bcb095ebf5416036e259e4d9f38c78750871a72c8eea06da64931eac8f9e

SHA512
00484025c439cee5182f738bbb8b4463ed5cf0bb4c565fd593197b62300e8d47502f9eb46cdefbc86de081081bf1e9a9d432034ebdb2e9e28930716cecc64e04

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Kf7265.exe

Filesize
310KB

MD5
e53d0b8848890f904b79793d51006908

SHA1
a038c706867994de6e85715308a5f02a6b433f23

SHA256
ad0a60c38616ec4fd35c8b3674e27b42853e3c3ebb29100dc4762d0a1e434f3a

SHA512
ffe21e8a218f92a852a30983bc1379669becbff7c4e71b0acb9e6777ddfcd0a33a4f5a03eeee75dfa2681e334bd3dde5daa9c5eb6691c8af1d16bd9a4ea66e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Kf7265.exe

Filesize
310KB

MD5
e53d0b8848890f904b79793d51006908

SHA1
a038c706867994de6e85715308a5f02a6b433f23

SHA256
ad0a60c38616ec4fd35c8b3674e27b42853e3c3ebb29100dc4762d0a1e434f3a

SHA512
ffe21e8a218f92a852a30983bc1379669becbff7c4e71b0acb9e6777ddfcd0a33a4f5a03eeee75dfa2681e334bd3dde5daa9c5eb6691c8af1d16bd9a4ea66e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

Filesize
2.5MB

MD5
f13cf6c130d41595bc96be10a737cb18

SHA1
6b14ea97930141aa5caaeeeb13dd4c6dad55d102

SHA256
dd7aaf7ef0e5b3797eaf5182e7b192fa014b735e129e00e0c662829ce0c2515f

SHA512
ccd4f57b1af1f348fcf9f519a4789c04b499ac5e02ccb7333d0a42fa1cb1fdf9f969103b3a5467e278cd5c6cbbbbebaac4577d0c220e13335575a13408c79b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3izc3ab2.2qs.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\latestX.exe

Filesize
5.6MB

MD5
bae29e49e8190bfbbf0d77ffab8de59d

SHA1
4a6352bb47c7e1666a60c76f9b17ca4707872bd9

SHA256
f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87

SHA512
9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC747.tmp

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC7F9.tmp

Filesize
64KB

MD5
d1fad219c8dad3e3edf17d45c4a27ec7

SHA1
172004793ab1829529e210b1b3567763d6ebf62a

SHA256
d2eefdb7eb89a3a303bdce80cdd81a0fe78cf63d7d9b871ca2c582719835b58c

SHA512
2feba4d917517fae649ea5c89364acb6f2b20e672a9fd4c9f49210df8da78cc80f3ddc850eb6a16bd57e8e5adc87bdf9c3a2e57fdaac00c8f42c8f62aef21fa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC94D.tmp

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC953.tmp

Filesize
28KB

MD5
f4a1e1c9588475e8576a4206a6c75618

SHA1
9c9e0b530d1383235ba9c80a0e761dc74f8744ea

SHA256
f1ce5463f05a4e4da8d44583801ac0eab9b3c0aea28864f706f9d56f8f542f8e

SHA512
817458a29bb3ed79151ecda1f93be4f97213dd6548056c6a0f1577b1a62c752598daecaafeef559c78f33fa030c47da817d944b50e97f4df10bb4433ad19b6b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC9B3.tmp

Filesize
57KB

MD5
237e2069e4c4395847fd9a7c973b434c

SHA1
73697fa5bb2f2cf6aac63fa64d22124a90e49231

SHA256
4a394fca1aed002b5708a9b70ea9dd43dd80760e8f0d0c029dafcb10329bf9f3

SHA512
972dda32f35dec2f250ca566d57c8bfa8f502c3d17459415a4dfa6fe6b41a0b9c4134f750e3a77c734715468501899924a99b9c688cc69fa8d2261aceb867427

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpCA4B.tmp

Filesize
92KB

MD5
bab2de0044ac58e32f31a0d09093058b

SHA1
04aacbcb8ff96af2073d278ab55c7c2c871cb25d

SHA256
6056edaf4a730295fe3fad3483b617b971966dbefd2efb54935f26c315ee276a

SHA512
77b147e6776cd610e815b3ca6be8b83e1c3fe7f3bd7911e9443c0c9fbc1ec0c3d08de6b934d32085930cb52e1b6136eb2f19743227b584872610d8d764011c64

Download Submit
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

Filesize
227KB

MD5
78e1ca1572ad5b5111c103c59bb9bb38

SHA1
9e169cc9eb2f0ea80396858eff0bf793bd589f16

SHA256
1a8aaf92ee3ae30b88a8b5bd43447c3d5b3f2642812d1e106729f8e352de6bd9

SHA512
86ca98952d87c54bc18754f2b92c14220f3b6d1054160d76d9d8be0205291039195ab0712e48dfb663a6e240f162cd221ac7847438631af11e0c99ed5a06c9a1

Download Submit
memory/2092-1038-0x0000000005B80000-0x0000000005BE6000-memory.dmp

Filesize
408KB

Download
memory/2092-1032-0x0000000005200000-0x0000000005222000-memory.dmp

Filesize
136KB

Download
memory/2092-1071-0x0000000004E60000-0x0000000004E7E000-memory.dmp

Filesize
120KB

Download
memory/2092-1040-0x0000000005CC0000-0x0000000006014000-memory.dmp

Filesize
3.3MB

Download
memory/2092-1016-0x0000000074930000-0x00000000750E0000-memory.dmp

Filesize
7.7MB

Download
memory/2092-1015-0x0000000002AD0000-0x0000000002B06000-memory.dmp

Filesize
216KB

Download
memory/2092-1037-0x0000000005B10000-0x0000000005B76000-memory.dmp

Filesize
408KB

Download
memory/2092-1284-0x0000000004E90000-0x0000000004ED4000-memory.dmp

Filesize
272KB

Download
memory/2092-1209-0x0000000004C30000-0x0000000004C40000-memory.dmp

Filesize
64KB

Download
memory/2092-1196-0x0000000004C30000-0x0000000004C40000-memory.dmp

Filesize
64KB

Download
memory/2092-1019-0x0000000004C30000-0x0000000004C40000-memory.dmp

Filesize
64KB

Download
memory/2092-1195-0x0000000074930000-0x00000000750E0000-memory.dmp

Filesize
7.7MB

Download
memory/2092-1022-0x0000000005270000-0x0000000005898000-memory.dmp

Filesize
6.2MB

Download
memory/2764-791-0x0000000000650000-0x0000000000659000-memory.dmp

Filesize
36KB

Download
memory/2764-789-0x0000000000700000-0x0000000000800000-memory.dmp

Filesize
1024KB

Download
memory/3176-865-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/3176-1180-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/3176-1023-0x0000000002DC0000-0x00000000036AB000-memory.dmp

Filesize
8.9MB

Download
memory/3176-826-0x0000000002DC0000-0x00000000036AB000-memory.dmp

Filesize
8.9MB

Download
memory/3176-958-0x00000000029B0000-0x0000000002DB3000-memory.dmp

Filesize
4.0MB

Download
memory/3176-824-0x00000000029B0000-0x0000000002DB3000-memory.dmp

Filesize
4.0MB

Download
memory/3320-827-0x0000000002CD0000-0x0000000002CE6000-memory.dmp

Filesize
88KB

Download
memory/3320-511-0x0000000002880000-0x0000000002896000-memory.dmp

Filesize
88KB

Download
memory/3628-746-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/3628-745-0x0000000000560000-0x00000000005BA000-memory.dmp

Filesize
360KB

Download
memory/3780-1085-0x00007FF67D790000-0x00007FF67E98A000-memory.dmp

Filesize
18.0MB

Download
memory/4272-828-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4272-817-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4272-822-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/4972-513-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4972-456-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/5212-432-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5212-441-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5212-446-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5212-454-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/5216-1086-0x0000000000F00000-0x0000000000F8A000-memory.dmp

Filesize
552KB

Download
memory/5216-1084-0x0000000000F00000-0x0000000000F8A000-memory.dmp

Filesize
552KB

Download
memory/5216-1089-0x0000000000F00000-0x0000000000F8A000-memory.dmp

Filesize
552KB

Download
memory/5216-1087-0x0000000000F00000-0x0000000000F8A000-memory.dmp

Filesize
552KB

Download
memory/5544-711-0x0000000074930000-0x00000000750E0000-memory.dmp

Filesize
7.7MB

Download
memory/5544-729-0x00000000054D0000-0x00000000055DA000-memory.dmp

Filesize
1.0MB

Download
memory/5544-1039-0x0000000006EF0000-0x000000000741C000-memory.dmp

Filesize
5.2MB

Download
memory/5544-712-0x00000000058E0000-0x0000000005EF8000-memory.dmp

Filesize
6.1MB

Download
memory/5544-716-0x00000000051C0000-0x00000000051D2000-memory.dmp

Filesize
72KB

Download
memory/5544-708-0x0000000000980000-0x000000000099E000-memory.dmp

Filesize
120KB

Download
memory/5544-847-0x00000000052B0000-0x00000000052C0000-memory.dmp

Filesize
64KB

Download
memory/5544-1041-0x0000000006A60000-0x0000000006AD6000-memory.dmp

Filesize
472KB

Download
memory/5544-1042-0x0000000006CB0000-0x0000000006CCE000-memory.dmp

Filesize
120KB

Download
memory/5544-825-0x0000000074930000-0x00000000750E0000-memory.dmp

Filesize
7.7MB

Download
memory/5544-718-0x0000000005220000-0x000000000525C000-memory.dmp

Filesize
240KB

Download
memory/5544-719-0x0000000005260000-0x00000000052AC000-memory.dmp

Filesize
304KB

Download
memory/5544-1026-0x00000000067F0000-0x00000000069B2000-memory.dmp

Filesize
1.8MB

Download
memory/5544-720-0x00000000052B0000-0x00000000052C0000-memory.dmp

Filesize
64KB

Download
memory/5628-1184-0x00007FFAFD080000-0x00007FFAFDB41000-memory.dmp

Filesize
10.8MB

Download
memory/5628-1083-0x0000028D7F7F0000-0x0000028D7F800000-memory.dmp

Filesize
64KB

Download
memory/5628-1061-0x0000028D7F7F0000-0x0000028D7F800000-memory.dmp

Filesize
64KB

Download
memory/5628-1181-0x0000028D7F7F0000-0x0000028D7F800000-memory.dmp

Filesize
64KB

Download
memory/5628-1044-0x00007FFAFD080000-0x00007FFAFDB41000-memory.dmp

Filesize
10.8MB

Download
memory/5628-1077-0x0000028D7F9B0000-0x0000028D7F9D2000-memory.dmp

Filesize
136KB

Download
memory/6164-1118-0x0000000000A50000-0x0000000000AA0000-memory.dmp

Filesize
320KB

Download
memory/6164-855-0x0000000074930000-0x00000000750E0000-memory.dmp

Filesize
7.7MB

Download
memory/6164-751-0x0000000074930000-0x00000000750E0000-memory.dmp

Filesize
7.7MB

Download
memory/6164-854-0x00000000075C0000-0x00000000075D0000-memory.dmp

Filesize
64KB

Download
memory/6164-778-0x0000000006EF0000-0x0000000007494000-memory.dmp

Filesize
5.6MB

Download
memory/6164-737-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/6164-1045-0x00000000075C0000-0x00000000075D0000-memory.dmp

Filesize
64KB

Download
memory/6164-850-0x00000000074A0000-0x0000000007532000-memory.dmp

Filesize
584KB

Download
memory/6164-913-0x0000000007600000-0x000000000760A000-memory.dmp

Filesize
40KB

Download
memory/6164-736-0x00000000001C0000-0x00000000001FE000-memory.dmp

Filesize
248KB

Download
memory/6372-860-0x0000000002930000-0x0000000002931000-memory.dmp

Filesize
4KB

Download
memory/6372-1179-0x0000000002930000-0x0000000002931000-memory.dmp

Filesize
4KB

Download
memory/6548-709-0x0000000074930000-0x00000000750E0000-memory.dmp

Filesize
7.7MB

Download
memory/6548-819-0x0000000074930000-0x00000000750E0000-memory.dmp

Filesize
7.7MB

Download
memory/6548-710-0x0000000000320000-0x0000000000FB0000-memory.dmp

Filesize
12.6MB

Download
memory/7384-1201-0x00007FFAFD1A0000-0x00007FFAFDC61000-memory.dmp

Filesize
10.8MB

Download
memory/7384-1202-0x000002895DDC0000-0x000002895DDD0000-memory.dmp

Filesize
64KB

Download
memory/7384-1210-0x000002895DDC0000-0x000002895DDD0000-memory.dmp

Filesize
64KB

Download
memory/7384-1309-0x00007FFAFD1A0000-0x00007FFAFDC61000-memory.dmp

Filesize
10.8MB

Download
memory/7384-1310-0x000002895DDC0000-0x000002895DDD0000-memory.dmp

Filesize
64KB

Download
memory/7556-1391-0x0000000002560000-0x00000000025AA000-memory.dmp

Filesize
296KB

Download
memory/7556-1387-0x0000000002560000-0x00000000025AA000-memory.dmp

Filesize
296KB

Download
memory/7556-1338-0x0000000002560000-0x00000000025AA000-memory.dmp

Filesize
296KB

Download
memory/7556-1434-0x0000000002560000-0x00000000025AA000-memory.dmp

Filesize
296KB

Download
memory/7556-1324-0x0000000002560000-0x00000000025AA000-memory.dmp

Filesize
296KB

Download
memory/7556-1481-0x0000000002560000-0x00000000025AA000-memory.dmp

Filesize
296KB

Download
memory/7556-1319-0x0000000002560000-0x00000000025AA000-memory.dmp

Filesize
296KB

Download
memory/7556-1483-0x0000000002560000-0x00000000025AA000-memory.dmp

Filesize
296KB

Download
memory/7556-1317-0x0000000002560000-0x00000000025AA000-memory.dmp

Filesize
296KB

Download
memory/7556-1488-0x0000000002560000-0x00000000025AA000-memory.dmp

Filesize
296KB

Download