djvu | 22481bcab3bd1258b5d588dca71452d8a4efab00dd7ee2e38a8bacc4a5c80821

Analysis

max time kernel
42s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2023 09:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EXE_01.exe
Size

29KB
MD5

a875a11578c7fbdfbe69734c0f409e6b
SHA1

092ad5bea3e5f49fd3ec4561f62b3e529733ccbb
SHA256

22481bcab3bd1258b5d588dca71452d8a4efab00dd7ee2e38a8bacc4a5c80821
SHA512

e682628e2002fbba46d8166450e7bb45b518ef4fc418cef97a0d257aff46441e4a4d9212aa02cec73499841e338b160a65af0214861e205fb4c52ecb2941d6c0
SSDEEP

768:OAUqYpNSIoKpDd1KM02kQhx4hOtFceWzYqvz0bOS:HLo8LKtd1PBkQD4UtFceWnz

Score

10^/10

djvu lumma redline smokeloader zgrat 666 @ytlogsbot up3 backdoor discovery infostealer ransomware rat stealer themida trojan

Malware Config

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

Extracted

Family

djvu

http://zexeq.com/test1/get.php

Attributes

extension
.loqw
offline_id
NrqpaQRhQqq5l2tBPp1QS34I3ME2IKsAlZ0A9pt1
payload_url
http://brusuax.com/dl/build2.exe

http://zexeq.com/files/1/build3.exe
ransomnote
ATTENTION! Don't worry, you can return all your files! All your files like pictures, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees you have? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can get and look video overview decrypt tool: https://we.tl/t-MhbiRFXgXD Price of private key and decrypt software is $980. Discount 50% available if you contact us first 72 hours, that's price for you is $490. Please note that you'll never restore your data without payment. Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours. To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 0838ASdw

rsa_pubkey.plain

Extracted

Family

redline

Botnet

@ytlogsbot

185.172.128.33:38294

Extracted

Family

smokeloader

Version

2022

http://185.215.113.68/fks/index.php

rc4.i32

Extracted

Family

redline

Botnet

666

195.20.16.103:18305

Signatures

Detect Lumma Stealer payload V4 4 IoCs

resource	yara_rule
behavioral2/memory/8168-550-0x0000000000950000-0x00000000009CC000-memory.dmp	family_lumma_v4
behavioral2/memory/8168-552-0x0000000000400000-0x0000000000892000-memory.dmp	family_lumma_v4
behavioral2/memory/8168-574-0x0000000000400000-0x0000000000892000-memory.dmp	family_lumma_v4
behavioral2/memory/8168-575-0x0000000000950000-0x00000000009CC000-memory.dmp	family_lumma_v4

Detect ZGRat V1 7 IoCs

resource	yara_rule
behavioral2/memory/4312-53-0x0000000000400000-0x000000000059E000-memory.dmp	family_zgrat_v1
behavioral2/memory/4312-52-0x0000000000890000-0x0000000000A22000-memory.dmp	family_zgrat_v1
behavioral2/files/0x0008000000023372-80.dat	family_zgrat_v1
behavioral2/memory/2344-81-0x0000000000680000-0x00000000006DA000-memory.dmp	family_zgrat_v1
behavioral2/files/0x0008000000023372-78.dat	family_zgrat_v1
behavioral2/files/0x0008000000023372-72.dat	family_zgrat_v1
behavioral2/memory/7852-1061-0x0000000000CA0000-0x000000000113E000-memory.dmp	family_zgrat_v1

Detected Djvu ransomware 9 IoCs

resource	yara_rule
behavioral2/memory/3076-22-0x00000000022A0000-0x00000000023BB000-memory.dmp	family_djvu
behavioral2/memory/4472-25-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4472-26-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4472-23-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4472-27-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4472-37-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4476-46-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4476-44-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu
behavioral2/memory/4476-43-0x0000000000400000-0x0000000000537000-memory.dmp	family_djvu

Djvu Ransomware
Ransomware which is a variant of the STOP family.
ransomware djvu
Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 5 IoCs

resource	yara_rule
behavioral2/files/0x0008000000023373-82.dat	family_redline
behavioral2/memory/856-83-0x00000000008D0000-0x0000000000922000-memory.dmp	family_redline
behavioral2/files/0x0008000000023373-79.dat	family_redline
behavioral2/files/0x0008000000023373-66.dat	family_redline
behavioral2/memory/3916-1289-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Downloads MZ/PE file

Deletes itself 1 IoCs

pid	Process
3412	Process not Found

Executes dropped EXE 1 IoCs

pid	Process
3076	A9C.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2236	icacls.exe

Themida packer 5 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/files/0x00060000000233df-273.dat	themida
behavioral2/files/0x00060000000233df-272.dat	themida
behavioral2/memory/5072-289-0x00000000002A0000-0x000000000097A000-memory.dmp	themida
behavioral2/files/0x00060000000233ff-301.dat	themida
behavioral2/memory/5072-545-0x00000000002A0000-0x000000000097A000-memory.dmp	themida

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
127	api.2ip.ua
128	api.2ip.ua
219	ipinfo.io
222	ipinfo.io

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/files/0x00070000000233de-143.dat	autoit_exe
behavioral2/files/0x00070000000233de-142.dat	autoit_exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1000	4476	WerFault.exe	116
8060	5072	WerFault.exe	168
6116	8168	WerFault.exe	193

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	EXE_01.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	EXE_01.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	EXE_01.exe

Creates scheduled task(s) 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
7196	schtasks.exe
7296	schtasks.exe
5652	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2040	EXE_01.exe
2040	EXE_01.exe
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found
3412	Process not Found

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2040	EXE_01.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3412	Process not Found
Token: SeCreatePagefilePrivilege	3412	Process not Found

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3412	Process not Found
3412	Process not Found

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3412 wrote to memory of 2912	3412	Process not Found	98
PID 3412 wrote to memory of 2912	3412	Process not Found	98
PID 2912 wrote to memory of 2908	2912	cmd.exe	100
PID 2912 wrote to memory of 2908	2912	cmd.exe	100
PID 3412 wrote to memory of 472	3412	Process not Found	101
PID 3412 wrote to memory of 472	3412	Process not Found	101
PID 472 wrote to memory of 4380	472	cmd.exe	103
PID 472 wrote to memory of 4380	472	cmd.exe	103
PID 3412 wrote to memory of 3076	3412	Process not Found	108
PID 3412 wrote to memory of 3076	3412	Process not Found	108
PID 3412 wrote to memory of 3076	3412	Process not Found	108

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\EXE_01.exe
"C:\Users\Admin\AppData\Local\Temp\EXE_01.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2040

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BEEB.bat" "
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\system32\reg.exe
  reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
  2⤵
  PID:2908

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\C092.bat" "
1⤵
- Suspicious use of WriteProcessMemory
PID:472
- C:\Windows\system32\reg.exe
  reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
  2⤵
  PID:4380

C:\Users\Admin\AppData\Local\Temp\A9C.exe
C:\Users\Admin\AppData\Local\Temp\A9C.exe
1⤵
- Executes dropped EXE
PID:3076
- C:\Users\Admin\AppData\Local\Temp\A9C.exe
  C:\Users\Admin\AppData\Local\Temp\A9C.exe
  2⤵
  PID:4472
- - C:\Windows\SysWOW64\icacls.exe
    icacls "C:\Users\Admin\AppData\Local\6d7048c8-abe5-4b67-af2a-be10712260ca" /deny *S-1-1-0:(OI)(CI)(DE,DC)
    3⤵
    - Modifies file permissions
    PID:2236
- - C:\Users\Admin\AppData\Local\Temp\A9C.exe
    "C:\Users\Admin\AppData\Local\Temp\A9C.exe" --Admin IsNotAutoStart IsNotTask
    3⤵
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\A9C.exe
      "C:\Users\Admin\AppData\Local\Temp\A9C.exe" --Admin IsNotAutoStart IsNotTask
      4⤵
      PID:4476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 584
        5⤵
        Program crash
        
        PID:1000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4476 -ip 4476
1⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\1B08.exe
C:\Users\Admin\AppData\Local\Temp\1B08.exe
1⤵
PID:4312
- C:\Users\Admin\AppData\Roaming\configurationValue\ytlogsbot.exe
  "C:\Users\Admin\AppData\Roaming\configurationValue\ytlogsbot.exe"
  2⤵
  PID:856
- C:\Users\Admin\AppData\Roaming\configurationValue\UNION.exe
  "C:\Users\Admin\AppData\Roaming\configurationValue\UNION.exe"
  2⤵
  PID:2344
- - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe
    "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"
    3⤵
    PID:1184

C:\Users\Admin\AppData\Local\Temp\7B59.exe
C:\Users\Admin\AppData\Local\Temp\7B59.exe
1⤵
PID:1148
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\PD1Ld46.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\PD1Ld46.exe
  2⤵
  PID:1736
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Or8Dj59.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Or8Dj59.exe
    3⤵
    PID:1000
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1CS31RC1.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1CS31RC1.exe
      4⤵
      PID:2136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
        5⤵
        
        PID:5056
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa780946f8,0x7ffa78094708,0x7ffa78094718
        6⤵
        
        PID:380
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
        6⤵
        
        PID:5472
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
        6⤵
        
        PID:5560
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
        6⤵
        
        PID:5464
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
        6⤵
        
        PID:5952
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
        6⤵
        
        PID:5648
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
        6⤵
        
        PID:6296
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1
        6⤵
        
        PID:6720
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
        6⤵
        
        PID:6976
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
        6⤵
        
        PID:6964
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
        6⤵
        
        PID:6500
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
        6⤵
        
        PID:6584
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
        6⤵
        
        PID:6928
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
        6⤵
        
        PID:6572
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
        6⤵
        
        PID:5956
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
        6⤵
        
        PID:5944
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5448 /prefetch:8
        6⤵
        
        PID:4420
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5440 /prefetch:8
        6⤵
        
        PID:1584
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
        6⤵
        
        PID:7144
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
        6⤵
        
        PID:5352
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
        6⤵
        
        PID:7724
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
        6⤵
        
        PID:5148
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
        6⤵
        
        PID:5484
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
        6⤵
        
        PID:5636
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
        6⤵
        
        PID:7892
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
        6⤵
        
        PID:8084
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8028 /prefetch:8
        6⤵
        
        PID:7748
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,7310647028933150485,13302194328103854361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
        6⤵
        
        PID:4416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        5⤵
        
        PID:3836
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,5616911202896265641,14831441583030242542,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
        6⤵
        
        PID:5704
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,5616911202896265641,14831441583030242542,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
        6⤵
        
        PID:5696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
        5⤵
        
        PID:1284
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa780946f8,0x7ffa78094708,0x7ffa78094718
        6⤵
        
        PID:4872
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,14240896348019951867,2601450602484211826,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
        6⤵
        
        PID:5980
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,14240896348019951867,2601450602484211826,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1472 /prefetch:2
        6⤵
        
        PID:5972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
        5⤵
        
        PID:3600
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1472,13456622207911901316,2272584900336285334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
        6⤵
        
        PID:6476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
        5⤵
        
        PID:5268
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
        5⤵
        
        PID:5840
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa780946f8,0x7ffa78094708,0x7ffa78094718
        6⤵
        
        PID:6220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
        5⤵
        
        PID:7116
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa780946f8,0x7ffa78094708,0x7ffa78094718
        6⤵
        
        PID:7156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.linkedin.com/login
        5⤵
        
        PID:6012
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa780946f8,0x7ffa78094708,0x7ffa78094718
        6⤵
        
        PID:6664
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
        5⤵
        
        PID:6700
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4hs822Jc.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4hs822Jc.exe
      4⤵
      PID:5072
    - - C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /c schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
        5⤵
        
        PID:2180
      - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
        6⤵
        Creates scheduled task(s)
        
        PID:7196
    - - C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /c schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
        5⤵
        
        PID:7240
      - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
        6⤵
        Creates scheduled task(s)
        
        PID:7296
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 3120
        5⤵
        Program crash
        
        PID:8060
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6dp8Ii9.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6dp8Ii9.exe
    3⤵
    PID:8168
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 864
      4⤵
      Program crash
      PID:6116
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Tg4dW20.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Tg4dW20.exe
  2⤵
  PID:7832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffa780946f8,0x7ffa78094708,0x7ffa78094718
1⤵
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffa780946f8,0x7ffa78094708,0x7ffa78094718
1⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa780946f8,0x7ffa78094708,0x7ffa78094718
1⤵
PID:5324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x118,0x170,0x7ffa780946f8,0x7ffa78094708,0x7ffa78094718
1⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5072 -ip 5072
1⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 8168 -ip 8168
1⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\414A.exe
C:\Users\Admin\AppData\Local\Temp\414A.exe
1⤵
PID:7852
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  2⤵
  PID:3916
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  2⤵
  PID:7780

C:\Users\Admin\AppData\Local\Temp\4514.exe
C:\Users\Admin\AppData\Local\Temp\4514.exe
1⤵
PID:7300
- C:\Users\Admin\AppData\Local\Temp\0de90fc5c7\Utsysc.exe
  "C:\Users\Admin\AppData\Local\Temp\0de90fc5c7\Utsysc.exe"
  2⤵
  PID:6560
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\Admin\AppData\Local\Temp\0de90fc5c7\Utsysc.exe" /F
    3⤵
    - Creates scheduled task(s)
    PID:5652

C:\Users\Admin\AppData\Local\Temp\0de90fc5c7\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\0de90fc5c7\Utsysc.exe
1⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\95D5.exe
C:\Users\Admin\AppData\Local\Temp\95D5.exe
1⤵
PID:7488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
a6d95c977632ab3c3b087fe3eed305d0

SHA1
6ac6269f5fd7a8e9a18057bf92821fc9a776a516

SHA256
d692aea91ddfc26b888a567faff69c1d002f412757b201c3cba703a6640e0759

SHA512
e65f647f81dc3870b8042fab23259b520d8ce8f2d294a86b75304359d22d99694e5a3369276b4a97eb88d2bd4dca734bde4d9c56a466b1d4d679614a81119ca4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
593cc4f9c108279d7119ccef071fa09e

SHA1
702a0939011632bf6bbb6326dc1d4c10c4cc22db

SHA256
9e5cdf97319b9729e20ff3f589f3b7e7014508476c485f75871c6fb017773f11

SHA512
90711b27bac5f8273f7eb3ef1660a10fbe4ca7ae85cb1930ea48c4b27e35f684c467b6bfbee3904603788ab9bfe1a5d00c90bd894bc833f129c1eb0e1e25d2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b120b8eb29ba345cb6b9dc955049a7fc

SHA1
aa73c79bff8f6826fe88f535b9f572dcfa8d62b1

SHA256
2eecf596d7c3d76183fc34c506e16da3575edfa398da67fa5d26c2dc4e6bcded

SHA512
c094f0fae696135d98934144d691cee8a4f76c987da6b5abdb2d6b14e0fc2cfcf9142c67c6a76fb09c889db34e608d58f510c844c0e16d753aea0249cfc14bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d5564ccbd62bac229941d2812fc4bfba

SHA1
0483f8496225a0f2ca0d2151fab40e8f4f61ab6d

SHA256
d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921

SHA512
300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
85KB

MD5
e797f0297c5cbd454ca865468e3b2a74

SHA1
bae511898ca3299003a7bb1c1e9e172606b9ecac

SHA256
e2aa4d65cde789dc69d62af39052c8282b4aa11eb2bac6ebc20064c4148fccad

SHA512
41735eb0c137187fd8bb5f7368e4c356b82383b65550811e7d86c2124d87ae71294a18600e1bb2e68564efe1509590608924e90ccb07131a38f03133ad73733c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

Filesize
396B

MD5
12b68513a0bdd6974b43cd0e6743c911

SHA1
c8cb36530b02a3bc5fb5978d1f759ab3a6fbe0b7

SHA256
b11e5394f6cc712afed738f023963ce661b2a6f193553da22ab0f81206417f0f

SHA512
c71b33bd81a0f6cb1e82a3ab69d9bcea92017fb3d2d324716cdd7ffb348b34ad89c6186c6407d9f055325aa2d4b2af155fa90c353783ac688f45b2555a63db5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

Filesize
396B

MD5
035c2d68fa094229d1cc9c8388618eb0

SHA1
dbd1f892115ecefda29499665a1c7a9ec11dc205

SHA256
d53bef209ab30cb80938305858e44b2d9eda6110924ec58c55ae34aca30383ce

SHA512
2b0cbfaac3477011b5bac5925b44d60014e7eda9f5bdd0f21977d1ff66859d5ae8c8eb0611b7b3c21e18406fef6fa14bc39b372b041ebc972323a271a2e39543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

Filesize
396B

MD5
a66b960131c3d0ba81adf5d2ed5c5a75

SHA1
735dc086383cb73c4147df507d5a88743dfafdb2

SHA256
8c45d13f825ecdcde9af43190a27e0f202c76a756534806215a5e5e56dcb8653

SHA512
37f0947de8481a9be4cf7d473660d8981bd4a34df7494bf262aaac191f3fb9cd6bb636bb0d520e232464300829c7ae56c3f07ad74d77ac4d6812b7d24e190609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

Filesize
396B

MD5
9e4d7bbb8188fb6b88e80a66e8c4bcd7

SHA1
e8e5a53d10efe43b50a684a906673eccc9f9869b

SHA256
9d9317d8a38c726c6d606bb98a02a8b90b9a8d2f8acb1a91cf171273ac0b1e82

SHA512
5d6484be931831cb587eea48f50e392affb4c63c6378c3cbf5dd00094b028c966ded4ca131f39036a34bbc39ac7c0009466bde501c253db86a3647faebf6ec1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

Filesize
393B

MD5
3cabccd89a380a73e7d53d37da70a9e7

SHA1
1a4047ee60f20c5581659cdc314eec873a839388

SHA256
f494caa83abcd67331259e53c699e916aa6c1b5a90b0e00170cc01fdc3dadee3

SHA512
b1aac6633965c720ff8b03dab40eecbdfe2c00e3694e5a4679689f2feba4cc2cce1c6cfbda20a91d9bff3a2600cd177aefe8647a5ba63573699d3535f8ee0cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

Filesize
396B

MD5
fcb6add7acad7a5c6cab1071770ceabb

SHA1
6df74ebd57324965f7de50183eb486f72a7776c0

SHA256
700357f4acf7be15ef7112f5281aa52c1fb92a3e707e798122eaf5f982783d39

SHA512
28f5a5a4d19cfc255fab3d5ce7f82d09a066eb82ff326b403cb01d3bb62243ff57f084a6143cce5151fb55b5a981b1491128c7e50ad193a9cfacf09306c882b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

Filesize
396B

MD5
34ffe9916994cc35ff7efbb5bf82b84c

SHA1
0a6bcd74f9703119287a6a49e339538457cfdea6

SHA256
674c145405d871f58ba1228c2b5c3eab6005e0031106a4666750809bf6332324

SHA512
b9307f436b9b1d1764a42ab804dcc9301b0ab8e50e4607754631d702397620a67c93247921f617d1d454b1a16547e5546f2929964a3bedfe79039a3360c079df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old

Filesize
396B

MD5
bb54950c8252a1684fcb866ee0313e5b

SHA1
9b317db6a41708f5db0df9ca3fe4fd7f3c79a379

SHA256
73358c6d7a0f083e82c506df92519eadba9effa710f1e06230547931344ec6f9

SHA512
bd5b37d71782b079cb1c67cd9ed5f059fd2adfa4cdc1577a3efe101ec01f468a309aa2449f1c32e70454ec5174571fe8d4f4fd2ea5692cc8c6c0cddb8b278b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\LOG.old~RFe58cba8.TMP

Filesize
355B

MD5
4e9632ec0a3588cdf26a73ede42cbf76

SHA1
353589716f52663dd0d0e60c724cd77c15eb75fb

SHA256
1e12585eb6284683f50aad048ca81fc8d07a48db77b3d4246256c42361ab1325

SHA512
8e3c81d8859c0c154a2c85c0996edbd3358f52ff152008dfc98648af11bd94002a12e3f5f6f1f7707a9804534da69f968cbbe540e4a778a3aafacd061e61899a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
36095598483a5396871c9e5f220a6061

SHA1
fbf5c57f5c9b473ed7be902abff8cbe7286194f2

SHA256
68ef949c2cb246c60e0a55ff7cb89affd89d9f03b772f548f9852985ea8cbc9b

SHA512
f2dfe252a3c12dda3c7263eb0b5b5e1526e0efddd1d6d44e18641803092c12569e09df11adb4695846039fb7d00bbd357c39b34c6137adafe134d5d19eb04255

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
85029f60c34d772319d7264cfc19c80c

SHA1
54325fbc1a0ae2b350e6e266130a82e13762e7e8

SHA256
375bd5e7f9da2ea5a8e0dad72c05999c88cdce6f5856ca226124452ad89db897

SHA512
b6532b6892aedb48821945998578dd06bb7fecbbdb0a0bff843faa2ade8f98abe3ec454e0d9096b938bd03928b1b3b1b8dc2b368fad723ad6db7d23bbb5f03a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
99e52b77bb0bdab3fe1a510ca457df32

SHA1
693fbc04b4fa35804fb6fa75a85826cb302c35ce

SHA256
2339a9078d3b9121b904a03b964aaec5983b4ca000d124c4cdf1e48335e7e7d5

SHA512
d95fb878cbe4e59477e4b4a71ae5eb16dfb80c01cd6d7ec8adb4521d82d69d7f31fd1e14fa215b8e4a7ea0cb26e96d169656c1f6f888b65f7ab2e9c87c32ab5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e25450b15d580f2acde64b3aa9a0f647

SHA1
38927a822da88400c0312cbfb9c04e18872111a4

SHA256
7bd3b2fdb27d6dfe92cefb859c214b2a5f55e402a187ef593be8fc542a37484d

SHA512
020db786ddc6b522fe8b1d63746fe8a94d897014b05855eecedd56635c45419a7cae7d7466709136f04d84151c82e7794dee0c02537f20ae0f0dbb09762a529a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
876a2ec0821043f49ccec33d2e516213

SHA1
96414169c585a9c99b0be57a075d8330779c38ef

SHA256
d80652b54c6830c9926348e9400ae752cb93d0190d2cd2605a82a50b1002da1f

SHA512
876cd76c9ccd6365f37370c712969e9df5f264f34e0803aa4e8bbf7fb2a8e7dd426dac67b4fcd471a7335e9c109c587eb726cc68f0120a96ef12c6fdc4c773c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8b923790205ca1f20b57ce96f3ca4070

SHA1
e210ce8942f7733943ec8e5c5cccaa7ec070ad78

SHA256
ba8551772a876c538b15c98f22bf165685cf326b4696a40d0be84b0fe9529336

SHA512
74c34fdb94d2b6545984e343897b0c5a4b1356620048dad0ecfdb85687c8a95049c9d6585d69f434ee68f728143bc0e01c8de1a0b4785c31e0dd61caeb64c10b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1d1c7c7f0b54eb8ba4177f9e91af9dce

SHA1
2b0f0ceb9a374fec8258679c2a039fbce4aff396

SHA256
555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18

SHA512
4c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
f0542179450f41faa18e7b6810d4679b

SHA1
a81ffb22ebf336ffa1152e376a9d458a08cda7af

SHA256
f3f891997b8ef67e13e215b188595c1cc3677b7406dcf889716ff59c210e27a6

SHA512
a57e4e8345fe7b56a74106df93fe2e86eec58a2f048b3d15b83a8edabd6fa45e96fe3c0c13c89adad254746b8a1f5e6d5286a0c72fd06b3c7bc123ee101ae0c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
961c4f00f04ea5f897e6a44527a51b90

SHA1
ef1e9e66a81327381f7f19c793f2b546f26a946b

SHA256
30945aecfd75f8ce129379ac7a48890c432e5e45decbbc606f9d093b71fed412

SHA512
6e7f9f7d3a4255fe2af85ee1e07fd14dc6cfdc52e5e26fddc272296cea42c76006dd74ee4650ffb98da7c64352f64d2300da3a7e0b5347ffe1706ed9af281786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
9e4dc3ac493ba8f7c212f42da34946c3

SHA1
d61b7edbc53c0e92079ac2fcbe28ae6258a2efd3

SHA256
6bb331fd2f2af30c9d61b59817f152bc28b0c1799eb11b11ca9f106a068aacb8

SHA512
c9d8e8a3c51574fafd932e4096b43f55cc1d973364c8bca6d2b995c254ffcb4c309131dff865f65c5a777915a382d281046abbc2476cbfb4ecbf25c4b01718cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
83B

MD5
3a58fe4b977dcc03e4999acda47955b0

SHA1
7d7668471a34af5454e5f60591fcbfcabdfd2aee

SHA256
0dc635955eee444c35571df73b343962f1b1265d6142ee3a70b631af779526b8

SHA512
0602c98915a7d14121ed34ab554fa942e4cb0ccf7e6d3e04f901dfeac56a72023e1086dd7921e9c5c7da9e9760759ccef96093f2f4cd1dc139447b7d2726ba61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
c9703b0425a5bfa5a3d3804010793678

SHA1
2286fa64dfa6cfffd441c1fba680b8efe18c44ad

SHA256
b54e390a5e585b9d8961b88ce25dc27d2e6867127af356396215f7995fc87ba3

SHA512
c83cd8abfba9891a05efa8fcba140f9ca33b4282f57c42f1cc6bac09eba213ea502a4ff750ca2deb0cf55e0830610ebf043d0d121922b4fc07cb9070b5867022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe597100.TMP

Filesize
48B

MD5
f0fcc9b3c729142d73e2ee9f2221d032

SHA1
02284848735bbc07e97fcf74e688cbff8b62e85a

SHA256
235f0a67446ea1df27b0d89536b677487a8c0fe290df30c052d00c5129d2d0ee

SHA512
af21891a3580df95bc5184c74e952804c58493fb8aca8b4f57678d5eeadd5fbab5f4dc1de6d284c18920ff2796e9ae05e3d33d08a227df4cec043e750fed168a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b7725d6c9f31217b0434da720d674526

SHA1
c3207d30568bf5f0d90e7f2cb54609fe89ae7ad0

SHA256
cb8ce198784631bbd5b62eec738c8e61fc19467d2c94be39592d5918f4f72dbe

SHA512
0e89b8cb6dea9051f322bd1fdf93bd58a3f6de37c0a69c19db5fa92ae334d0caa78b9ba751fab09d2c652878bc3d9db5a1bbf8e45212bb2b8ad4d0a0e80e307f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0d7a4d1a1f189d0dc4fd896dc55dfcb7

SHA1
84408751f92b9fc1b1655f892f185c5fb620475f

SHA256
1fc8d751889d934b18673ad92e49c22b37213a658c927d8be45b7f3caad9f5d3

SHA512
7cd2e083a858ed8a3d348a45eaa0c6fbc653aa7f3e1481f64bdf18c6e2c31d9d3d7461015e08da871be9db81568b4954ac59700dd8f173c55108ae1cb0aeecc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a809675194149ab279c1828b9b7dd83f

SHA1
e0cd11f0ee455827452974ecdbef32a249091f92

SHA256
48d885791632a3361737a76e7134c0ff2080ef3c959aacf70691156af6711230

SHA512
e72a012e9fe402f1cbf707b7ec2970376ec489ee614190cc388a8eb2b5c408d4d07d47512cd4e334f59002aa7ec253dab60cf4e16c8289d42eb420afdc6368f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
62b4a8b3d45e6fd122ffbca4de4f0871

SHA1
fb6c78da85df27899463b27a14bfe9e62ed36b16

SHA256
123c91e56efb8049cc19d3148250bcc4953cfee7a3257297b359b82673faadba

SHA512
afe92ad609a526d7dd80310c0d4c496740bded1fbffd13c450bc73a8c8dbc36d59c7008e045e2d3229757ab05ff40d52b707b328fe65b35cad091ae5c7d62655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
37c14ab5ec55e2c05c6d00c5cd4e6b26

SHA1
b907b62d37738aedb7e22875f93791ea234b1a0e

SHA256
0719c063950b505b7f7ae7ba405ce385ee78fc9c368521cdfb3055b7a9e5238a

SHA512
84542af497e00d015cdd48f93675e9f34a22c27198d5ef7147f8b7d1816f45afa51e58f8609e97b34d77b8a888e64a9b42d363c49384906b8954a97e2494ed82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
004457e56f08c23a35c3f20817ee603f

SHA1
c0782bdd3612d4dc3920b7ab6c0d21a473e5d535

SHA256
ecff6d2b5f5e5c19fa187481a2ee0f0ae20bc76fe01b871ad0b73e6e0c7784ba

SHA512
e7c35e90c0b767e9d6180345c9a3ac74dd254e8d02f9c4ec364bab845d97053d42cdcbc149798ebf68400a1aaf2a1ba7050ba1577e63af236c13c356f9200ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e114.TMP

Filesize
1KB

MD5
89dc9cbf4ce788f42a026344f79d30c6

SHA1
28ddaba9bbca938bcdccaa8cc702a002a4698b12

SHA256
8d4433390f834b242f8918257f754219f978aa2f33208d0c592af4e468902aa9

SHA512
89c9eb980e3249d12afee428cd2ab1699d8113c2043e857db42d57dfb8d0a877a4bc3e3bb79e2f9d43ff7ae2053c7e880dcd94e3e2952d0821c919ea57f61d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
a3191e3e3e59a663824ede3b60b549e7

SHA1
939ffa99856fe723e1516f464c7f6495cbb99e01

SHA256
ab2c365fd3afe9fe745958abb79e39efbcb5d57efe5c7bf249439cecbe9f0f2d

SHA512
b96e9ba30f6f9c61a1638a705e326c55efb3707f4c013ce4494c01558ab86903e97f5e7b7c8904e4e773e25f452b93cf1ec5fd281be93895a6f98c825dbe34fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
4248bfb0571c94458fd73715a3451793

SHA1
c452cefa86b2b13478c37947e75362f0d94f420b

SHA256
9b5f4b104b6fbeb0dcbe55a9f70b0e5c67d4e05282852ee96d2e4f6d3a378d0b

SHA512
ef03ca84b9a9beda4bf97a716800a478b5f107bb6faa6c1c14ba18dc40f8e02b57f7259f0b399cf8d369952770e48fd3510cf6b84db875fb9d2f201f8c821895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
683c79251955b0c2c10487fd803d40c9

SHA1
08a055d419a6e29c972e5f090a30c0eb280f953c

SHA256
3ab74eecbfa936d27737b41518b73e056b4ea7828704b24255851ec93a9381fb

SHA512
16e09ea6e52b1d96281f677329685aff54064a54e45c3855688a2523672e68f0152da01b7e8c581d78fda164d6612680fcb9ace34f4ecf9e493ca4bdc19411d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c10d57a8e83ce97c9caf89a90544a763

SHA1
4c6948abfc525d8d7776ee102c35cda7b2af62ba

SHA256
1f95ac3fe13d65023d03f5254b58c1ec7861e37dedf12d14cb8357fdfd1c7f5a

SHA512
c003ddc5f689967d0d27a3294b6883c46a5b9415ca5c03e79dd907f48f9c4f386208a99217a09556e219eff0542c35020576c098a9154a3e47b8a8e4e43743fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\0de90fc5c7\Utsysc.exe

Filesize
92KB

MD5
64bf3d85613d1d403935b0526ad21b77

SHA1
e465ad1fc571f3e87800361514d7659695af9fca

SHA256
89a7f63b56fe487400ecbcde391f784908f82b648cc8862462d9a9c04af9dcbd

SHA512
d73ad2fe7d8d4ddb0f6f5ec1cc05031ac08ec7662a9156f8561b712a11aea4a85092293a6b92dca4dd40faec79e9182dbd575af3b53b5711a3c34c9caa8ddb08

Download Submit
C:\Users\Admin\AppData\Local\Temp\1B08.exe

Filesize
163KB

MD5
3c6cecd7d169c6efda2287b85bd68b3d

SHA1
9c4cc1dac0a929c1582cd3339a1c8f222907982f

SHA256
3b244eed3ea844e2393f77983e9fec6fdbcf65b10f8ce64fe2d134f7018c189a

SHA512
271eee8202c32b72afc6b3ed90f0a8e710fecc988d23891d239b609448cd6458848315724f4c73618f72deb9dddc3c3b5f812e761de8694f7ce3df89a496dd6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\1B08.exe

Filesize
211KB

MD5
2a4ca6b2e567ae3c1a604fd8152a8e0b

SHA1
9ee7a6014426d4b52f9092f8a3f46c41bfd46251

SHA256
afcbb820cc3c3bbf69614999ea392f6b9dabfee6741174f9c253c6a3b1e8aec9

SHA512
2187da7750e5707520785459a17e4fe1d6e3caf2f5622e21063f3101280162675677a4d07c2290853bf68c8eb9bfefdbc4d6f35fa944e31ca032f756b83dfc7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7B59.exe

Filesize
273KB

MD5
d3e446928a3fd824758737b3603a6db4

SHA1
037c67bfdcfd004b6c4405b1e8bd6474e6f699df

SHA256
f1db13e36f13049ec6300be432f7355f4ec5dad550449822ff7d25679359a90a

SHA512
8087e2cc05df8c1c374a80eda4adce08ae9b40777dca6e9c4aa773cb6e3916b4eb8de997dbabe9877a6a83be788af142c7422cac6b1346d8e2966072e9c1e6da

Download Submit
C:\Users\Admin\AppData\Local\Temp\7B59.exe

Filesize
410KB

MD5
82db1eed9fc4201aae72580338904d38

SHA1
8b009f93d654c1ae91ebde4717e2e09bc3b655b9

SHA256
6cfb09a100a9d89c5c5440fe3aba322aa62bfda5bec6a0b85c2093b4798c31fc

SHA512
c9b605ece40c376461420d5fd6ee459f993aa5ee790233bf3237c6a1f422487c655ebce748265b86980e7329ead680678d8cc2b360102368b884e5503181ee73

Download Submit
C:\Users\Admin\AppData\Local\Temp\A9C.exe

Filesize
866KB

MD5
8d2076b43faa95dca4ab3a8e5824cdbd

SHA1
162805ffacf9520d73de0d3c2dd756d5f3fc5138

SHA256
3b4eca4a1853b33515b5f08e8511ee9893a04c83ce38f60a5d670899e8613bf5

SHA512
78ead1c65c53901799b67550489c73838b079174420eb525dce1f539f38a9b18094cd4816e5e169d45c31596dd3ffb480caef68ac9ad89e48682f2d9281b6eea

Download Submit
C:\Users\Admin\AppData\Local\Temp\A9C.exe

Filesize
263KB

MD5
b6534f5c45f72e4704df7d9e5009db13

SHA1
4929ab488ebdddb0f7830ebad188cf85e9357a8e

SHA256
9a182bcf007b9dcf60571cd5b1939cd8469f99082548eddcbf4cca4dce8f77b4

SHA512
a05fc33b6dc3b0f6c856a74370d32cc92064ae1aa5fb312fbeb6099ef9c2c5bf828425a0c7179c404139d1826dee17b6e1dd163ac73e9f85069a50e8584564ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\A9C.exe

Filesize
536KB

MD5
42e71e4a4ee311cf356dd9c1f13bdbb8

SHA1
54e7856ab60b472a27c808ff20d32efcad2fafbc

SHA256
a9e88489e3a54ab86e685ba4d3371ca6afd665c4d4b30a797d9305f7ade2a86f

SHA512
a2f427e9f11c31abf652cac140964a250edc10a7be1caaeb0585716b4091e55d187305a19e2109f9f5d16406417c99669606cd3df3136294a494ea48293a4c46

Download Submit
C:\Users\Admin\AppData\Local\Temp\A9C.exe

Filesize
592KB

MD5
2efde38d8cc693aeb557b4a7722402db

SHA1
7627706aa465f3b43ba0b00b6dfc3b1e3c83e229

SHA256
b2231e6e06c316d7dd229f11d7473ac3fa04433d0bae529848e48a61eb58a2ac

SHA512
ef7ef17f78a42b46c395f8b016011ac6811a4a127812c841502e457ec463aeefbb0380f1a6baa88b3dd655fd4972d41a1cbcf5a9107f3116c3c3fb86e14cda6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\BEEB.bat

Filesize
77B

MD5
55cc761bf3429324e5a0095cab002113

SHA1
2cc1ef4542a4e92d4158ab3978425d517fafd16d

SHA256
d6cceb3c71b80403364bf142f2fa4624ee0be36a49bac25ed45a497cf1ce9c3a

SHA512
33f9f5cad22d291077787c7df510806e4ac31f453d288712595af6debe579fabed6cdf4662e46e6fa94de135b161e739f55cfae05c36c87af85ed6a6ad1c9155

Download Submit
C:\Users\Admin\AppData\Local\Temp\FANBooster131\FANBooster131.exe

Filesize
72KB

MD5
f2d5a2056c32cacb949fdf007fd17145

SHA1
510ed9b90164a20aa4bd1aac70be1363fc13ab75

SHA256
0cf17b2cc8abb0cc640608dba0af2b465f27f8e54a3a25d21b2583930f557ac0

SHA512
e1a9d4d8abddd98d15ba91657558f6e43c1a42f595696ef812e5865fb939965631885c53c4388628950ccaca3cc7a29cbf8475f21e461f7fee64321aabf27f09

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\PD1Ld46.exe

Filesize
183KB

MD5
c7a02eb4b5032e54ce732edb14161174

SHA1
6c79b3473ed2f8ee2c24c6bb027a61850f48bdf3

SHA256
58b917b4eb1b712375a5d5902c26619c0d1436f95581c9e54d50d81628644013

SHA512
7ad60d85b8957e26b4a94e79140b690360090657356c21e68ceca19adfd7df97e38af8c51992293458631ef4f86500d9173df0084b9e09cd006faeb011f2c8b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\PD1Ld46.exe

Filesize
304KB

MD5
197ac159fc3aa5bf3919da5995aa64a8

SHA1
ed24451bc7407c10b3e105d510876aea76d6f980

SHA256
50d38ac2c4d2778fb5afe8c6a6bd475b0f505e7913d05186fe4da442dad3d2b5

SHA512
ae694bb4112f913cd52faf34afac6dffd24977e160118b404453d031fa0ea36edbcf7bc6c055dde6a7b4d071befea1bffedc2508fb61c107f9b7ba436d1a1a2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Or8Dj59.exe

Filesize
58KB

MD5
420e1c5fbb1842e786cd663a546c25ca

SHA1
732cfa33864c58fabc331a83e43485c92d032641

SHA256
a26d4b7dbd52f7e8ccdf5aa48a6a1ed89e45f3ac2bdb7f5e30da24ead26f2f40

SHA512
a40ee132d745a5b70a2073d1779c7306bc57f51aa38cd0ef68e7698912ea16add60995535a71f4c9a10d4279196d13af73e144532314e539cefb13611b8a88d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Or8Dj59.exe

Filesize
204KB

MD5
5c3cfd214ad90f8e53dea060c2951e0f

SHA1
94879378afc123200521c1afeeb77383f6793066

SHA256
ef8923d87c7eadb8b678e00107ae330c57e8ad620040fba235192f4cadddeba4

SHA512
e3f12a6080856afe7a3315bded7f1f99b94200cd1dddad4c9a7dcf273354b64b062842e3828b2ae4defe5c7390b61f68bdfb89cdf9d5666dc83aea7610eed962

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1CS31RC1.exe

Filesize
171KB

MD5
cf39bfbd2dc903b5f559989e3dd12611

SHA1
e50064ab816b5059f66c8f6313d9aec6d1350273

SHA256
5a7c57252a13f9403ce9055dabf57b1d76b3cbe5d35028eebf2c4bf24c1f7bf1

SHA512
3073912d1b1d9be66e21f5688c4ca6f6c305747a8d74a378705b0e8e0fecacfbeabdc5f087b194ba00b26f281f8c153f3b6aaf820c1d6456a64ee2ba5d7fccde

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1CS31RC1.exe

Filesize
219KB

MD5
416c66dd44ce4c747bcc69d55c9483d2

SHA1
fb2f1342e453b90f0e7dd363e0c196c92f2af21e

SHA256
1986a6ccc3fe7f7092b90e916ba285a618c07eb2b10508bafe9eed3ee6a6d5a5

SHA512
6dbc8badd680bd9773c152d2a77f065feff935ab337867050b62f02a3af8bf28f0b9a3e7a1bc8168634d3af4b675733c70e15688846294d801d82de118810042

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4hs822Jc.exe

Filesize
39KB

MD5
5ce9f119430a2d2c0b1f47a22cc8445a

SHA1
e789dda076021621184ebf2c65d7f62833ccad9b

SHA256
2f86f75e1fdcee77bb7d53322a410c956a9953b38fd7db5c45a4f7716b046029

SHA512
86125646665e15c58973b426f6db3ca15bac9a5dd5875af997630994023783fbe573f52cf58d2082ecd2b67b497634c1ba4189db5a06bf6f6f4949a507c3d6e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4hs822Jc.exe

Filesize
45KB

MD5
8461ac7a1d10bff6126ed4d4d93d1dcc

SHA1
23452e7dddb28fd67c3c328b776fca047a026c6e

SHA256
ca8566ffc50b8ba1ef42df63db627b6773713aa57a37c8b173082bd6c9d02bcd

SHA512
9e4b5dc1c776515bd14a1a9a514ade571f0e4d17fd0d4e6364aa01b58be50de09c2e95bdae977ec6e7731c2b641fd9605316db513f259473c616179257353df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tempAVSrifuKnf2S8sh\4foeq2B70irUWeb Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\tempAVSrifuKnf2S8sh\jmRAdSEZlwY1Web Data

Filesize
27KB

MD5
f4cbf0a23e22e9d7f733adb40d750cdc

SHA1
b9d07b2e0435536239191ff853df2e5ed5f79eb2

SHA256
856b373bcc7f8d06ab4045c3d637cddd2023f96da516eb63dbd884e4945c0653

SHA512
a8f4b1bf1f2f19cb4f79f1f5b757f94e8fe5e766b4f186ed4c4f0ad6ff51b4270db628d8cc127ff46535c118b8e1761baee334aa285d2a11c423a336fee67058

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

Filesize
4KB

MD5
d4910f56121ae1e3049ee0ed506ed5dc

SHA1
be48eba194f3e507873740cb844c7724ff4ba616

SHA256
ac70c1847bdf903a698de1badb72b9f9539ae9cc75cb3acc3062e4622977ee95

SHA512
c551d52823886f9cec7024457a06028526e8581f3dabd63646db57b9fa4760ccd9a295431cb1d037c20ead0be96f9fa21b04b8611a66429467ef538a8f0468d6

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\UNION.exe

Filesize
268KB

MD5
782cadcf7901ff1e6aa34f83b08d86b2

SHA1
ec651a1d847238d52692dd2e089b2325da2a3a3e

SHA256
e370736e13ea5788948977565ca7791f9f4ec686d4e6844484b52b49649d6667

SHA512
e10fff964a5aec4ec48a4d1ab05eee8cbd31f1edbef31dcec0f10c22909a4a161278d96618d5b5236308f8c6c11eed413114a884cc103ba1a0c1aa0dcf40af4d

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\UNION.exe

Filesize
80KB

MD5
705a4d1cc911a5f4e4617782b85ead8e

SHA1
21138de7f3458bcdb0a7cac18c11a1587239e133

SHA256
e4f6e4ba8741033c31b8cec45a9b709f97aaf8d259759b345bac81e5b46fe153

SHA512
bce4cae8a8a71a4e8c52bcaf0d13164fd5b863bcfdb4945c6bfa45e0e0558db96f086c582a6302a71c4d00783a250242b6a7c919570ba1784a33caaaa8d6e228

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\UNION.exe

Filesize
120KB

MD5
2b2d3ba64dc199793492ffe91de5ae41

SHA1
b89dfd93d7523125a131799f3d54ad502a8fe649

SHA256
6f2f16fca0b077efdf3f01f70f972a9f01d33e733f63bf25c75e502b47ab0ae9

SHA512
929d562fcdfed9c87401a6d066cc0d9876fb4817441fa02ae147cb0c418793d5f62134d80b5ed6dcd5f07574383fe9ec55e1aebe5c185c281cd83fa70f306f30

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\ytlogsbot.exe

Filesize
243KB

MD5
18f462747009d7e76553d64c10b1e522

SHA1
398ad554189649f8a3a55c8bf4dd0646a773f14d

SHA256
a11bf966a1e72421f5b1c5c04791ed822e5b35741ab8b9da324681c078cfa6b5

SHA512
7737b5e8fd0cea258901daef848a238b5f61327f5106e65d51204069282612276b1f98b1e779421a7116cbd98284fa9a1c103d28669818ca602e57ed4528408d

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\ytlogsbot.exe

Filesize
250KB

MD5
233df451252cdf910db6a1f26fdbbacf

SHA1
e0d55f858798e570f7863fc8cdeca91d57247baa

SHA256
af3fd9471ffb4a1273cf71c62347b5e256e1b3e38c1ef994a1108cedfb079540

SHA512
e82793395f830ab0882266e02fbc6b4cfd3df9423029456b92e4d73012f31ba14db036f52a465040ffa745b6f0e0c778433eff0b90f9f942df7a40fcd9da497a

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\ytlogsbot.exe

Filesize
97KB

MD5
9399b79a41ec6ec5d17929f94119adae

SHA1
798fbdb0fa8d481c27352c361a17c9247aa1a5c1

SHA256
c64ad0211fb4dc74e5f8aae9f4f1da08dd80453fb555eb260e8bda9bf1927c63

SHA512
59039650387de7b3725b5b46e0930b8c4d355f723847096632c49f88c442bbbc651dce6cb599032a8101c1c4ba6b835f13a6cbc9c41122f20994347476dbeeda

Download Submit
memory/856-276-0x0000000005530000-0x0000000005540000-memory.dmp

Filesize
64KB

Download
memory/856-86-0x0000000074080000-0x0000000074830000-memory.dmp

Filesize
7.7MB

Download
memory/856-118-0x0000000074080000-0x0000000074830000-memory.dmp

Filesize
7.7MB

Download
memory/856-93-0x00000000051F0000-0x00000000051FA000-memory.dmp

Filesize
40KB

Download
memory/856-87-0x0000000005310000-0x00000000053A2000-memory.dmp

Filesize
584KB

Download
memory/856-85-0x0000000005820000-0x0000000005DC4000-memory.dmp

Filesize
5.6MB

Download
memory/856-83-0x00000000008D0000-0x0000000000922000-memory.dmp

Filesize
328KB

Download
memory/1184-551-0x00007FFA76680000-0x00007FFA77141000-memory.dmp

Filesize
10.8MB

Download
memory/1184-113-0x00000000002E0000-0x00000000002E8000-memory.dmp

Filesize
32KB

Download
memory/1184-117-0x00007FFA76680000-0x00007FFA77141000-memory.dmp

Filesize
10.8MB

Download
memory/2040-3-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2040-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2344-97-0x0000000006190000-0x00000000061AE000-memory.dmp

Filesize
120KB

Download
memory/2344-81-0x0000000000680000-0x00000000006DA000-memory.dmp

Filesize
360KB

Download
memory/2344-100-0x0000000007BA0000-0x00000000080CC000-memory.dmp

Filesize
5.2MB

Download
memory/2344-99-0x0000000006B70000-0x0000000006D32000-memory.dmp

Filesize
1.8MB

Download
memory/2344-98-0x0000000007520000-0x0000000007570000-memory.dmp

Filesize
320KB

Download
memory/2344-91-0x00000000050E0000-0x00000000051EA000-memory.dmp

Filesize
1.0MB

Download
memory/2344-96-0x0000000005FF0000-0x0000000006066000-memory.dmp

Filesize
472KB

Download
memory/2344-89-0x00000000055F0000-0x0000000005C08000-memory.dmp

Filesize
6.1MB

Download
memory/2344-88-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/2344-90-0x0000000004F60000-0x0000000004F72000-memory.dmp

Filesize
72KB

Download
memory/2344-84-0x0000000074080000-0x0000000074830000-memory.dmp

Filesize
7.7MB

Download
memory/2344-115-0x0000000074080000-0x0000000074830000-memory.dmp

Filesize
7.7MB

Download
memory/2344-92-0x0000000004FD0000-0x000000000500C000-memory.dmp

Filesize
240KB

Download
memory/2344-95-0x00000000053B0000-0x0000000005416000-memory.dmp

Filesize
408KB

Download
memory/2344-94-0x0000000005010000-0x000000000505C000-memory.dmp

Filesize
304KB

Download
memory/3076-22-0x00000000022A0000-0x00000000023BB000-memory.dmp

Filesize
1.1MB

Download
memory/3076-21-0x0000000002150000-0x00000000021EB000-memory.dmp

Filesize
620KB

Download
memory/3412-684-0x0000000003080000-0x0000000003096000-memory.dmp

Filesize
88KB

Download
memory/3412-1-0x0000000002FB0000-0x0000000002FC6000-memory.dmp

Filesize
88KB

Download
memory/3916-1289-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/4208-40-0x00000000005B0000-0x0000000000652000-memory.dmp

Filesize
648KB

Download
memory/4312-114-0x0000000074080000-0x0000000074830000-memory.dmp

Filesize
7.7MB

Download
memory/4312-59-0x0000000074080000-0x0000000074830000-memory.dmp

Filesize
7.7MB

Download
memory/4312-52-0x0000000000890000-0x0000000000A22000-memory.dmp

Filesize
1.6MB

Download
memory/4312-53-0x0000000000400000-0x000000000059E000-memory.dmp

Filesize
1.6MB

Download
memory/4472-37-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4472-27-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4472-25-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4472-26-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4472-23-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4476-43-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4476-44-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/4476-46-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/5072-283-0x0000000075F90000-0x0000000076080000-memory.dmp

Filesize
960KB

Download
memory/5072-545-0x00000000002A0000-0x000000000097A000-memory.dmp

Filesize
6.9MB

Download
memory/5072-546-0x0000000075F90000-0x0000000076080000-memory.dmp

Filesize
960KB

Download
memory/5072-286-0x0000000077014000-0x0000000077016000-memory.dmp

Filesize
8KB

Download
memory/5072-284-0x0000000075F90000-0x0000000076080000-memory.dmp

Filesize
960KB

Download
memory/5072-285-0x0000000075F90000-0x0000000076080000-memory.dmp

Filesize
960KB

Download
memory/5072-279-0x00000000002A0000-0x000000000097A000-memory.dmp

Filesize
6.9MB

Download
memory/5072-361-0x0000000008F50000-0x00000000092A4000-memory.dmp

Filesize
3.3MB

Download
memory/5072-289-0x00000000002A0000-0x000000000097A000-memory.dmp

Filesize
6.9MB

Download
memory/7832-695-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/7832-577-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/7852-1064-0x0000000005C90000-0x0000000005D2C000-memory.dmp

Filesize
624KB

Download
memory/7852-1292-0x00000000080A0000-0x00000000081A0000-memory.dmp

Filesize
1024KB

Download
memory/7852-1276-0x0000000006510000-0x00000000066D8000-memory.dmp

Filesize
1.8MB

Download
memory/7852-1277-0x0000000007920000-0x0000000007AB2000-memory.dmp

Filesize
1.6MB

Download
memory/7852-1283-0x0000000005C80000-0x0000000005C90000-memory.dmp

Filesize
64KB

Download
memory/7852-1284-0x00000000059C0000-0x00000000059D0000-memory.dmp

Filesize
64KB

Download
memory/7852-1285-0x00000000059C0000-0x00000000059D0000-memory.dmp

Filesize
64KB

Download
memory/7852-1287-0x00000000059C0000-0x00000000059D0000-memory.dmp

Filesize
64KB

Download
memory/7852-1288-0x00000000080A0000-0x00000000081A0000-memory.dmp

Filesize
1024KB

Download
memory/7852-1060-0x0000000074080000-0x0000000074830000-memory.dmp

Filesize
7.7MB

Download
memory/7852-1290-0x00000000059C0000-0x00000000059D0000-memory.dmp

Filesize
64KB

Download
memory/7852-1061-0x0000000000CA0000-0x000000000113E000-memory.dmp

Filesize
4.6MB

Download
memory/7852-1286-0x00000000059C0000-0x00000000059D0000-memory.dmp

Filesize
64KB

Download
memory/7852-1282-0x00000000059C0000-0x00000000059D0000-memory.dmp

Filesize
64KB

Download
memory/7852-1065-0x00000000059C0000-0x00000000059D0000-memory.dmp

Filesize
64KB

Download
memory/8168-575-0x0000000000950000-0x00000000009CC000-memory.dmp

Filesize
496KB

Download
memory/8168-552-0x0000000000400000-0x0000000000892000-memory.dmp

Filesize
4.6MB

Download
memory/8168-549-0x00000000009F0000-0x0000000000AF0000-memory.dmp

Filesize
1024KB

Download
memory/8168-574-0x0000000000400000-0x0000000000892000-memory.dmp

Filesize
4.6MB

Download
memory/8168-550-0x0000000000950000-0x00000000009CC000-memory.dmp

Filesize
496KB

Download