Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

URLScan

urlscan

https://github.com/D...

windows11-21h2-x64

8

Resubmissions

07/03/2024, 13:12

240307-qfr1aabh25 8

07/03/2024, 13:10

240307-qesv7abg85 6

Analysis

  • max time kernel
    248s
  • max time network
    272s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07/03/2024, 13:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

Score
8/10
evasionpersistenceransomware

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Downloads MZ/PE file
  • Drops file in Drivers directory 7 IoCs
  • Executes dropped EXE 6 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Modifies WinLogon 2 TTPs 1 IoCs
    persistence
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Kills process with taskkill 2 IoCs
    evasion
  • Modifies registry class 4 IoCs
  • NTFS ADS 17 IoCs
  • Suspicious behavior: EnumeratesProcesses 38 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2840
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff893433cb8,0x7ff893433cc8,0x7ff893433cd8
      2⤵
        PID:2496
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1724 /prefetch:2
        2⤵
          PID:4616
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4060
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
          2⤵
            PID:4596
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:1928
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
              2⤵
                PID:1168
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4880 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:2792
              • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:968
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
                2⤵
                  PID:4888
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
                  2⤵
                    PID:3980
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
                    2⤵
                      PID:556
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
                      2⤵
                        PID:2248
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:1
                        2⤵
                          PID:3456
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                          2⤵
                            PID:2144
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
                            2⤵
                              PID:1684
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
                              2⤵
                                PID:2504
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                                2⤵
                                  PID:2092
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
                                  2⤵
                                    PID:3648
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
                                    2⤵
                                      PID:1556
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
                                      2⤵
                                        PID:4836
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
                                        2⤵
                                          PID:4640
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
                                          2⤵
                                          • NTFS ADS
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:3184
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
                                          2⤵
                                            PID:664
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:1
                                            2⤵
                                              PID:3228
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4028 /prefetch:8
                                              2⤵
                                                PID:4820
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6464 /prefetch:8
                                                2⤵
                                                  PID:1684
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
                                                  2⤵
                                                  • NTFS ADS
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1160
                                                • C:\Users\Admin\Downloads\WinNuke.98.exe
                                                  "C:\Users\Admin\Downloads\WinNuke.98.exe"
                                                  2⤵
                                                  • Executes dropped EXE
                                                  PID:4708
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6224 /prefetch:2
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:3428
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
                                                  2⤵
                                                    PID:1772
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
                                                    2⤵
                                                      PID:4080
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
                                                      2⤵
                                                        PID:1568
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2836 /prefetch:8
                                                        2⤵
                                                        • NTFS ADS
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:2876
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4016 /prefetch:8
                                                        2⤵
                                                          PID:1360
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
                                                          2⤵
                                                            PID:3976
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
                                                            2⤵
                                                              PID:1308
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6216 /prefetch:8
                                                              2⤵
                                                                PID:4952
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
                                                                2⤵
                                                                • NTFS ADS
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:3464
                                                              • C:\Users\Admin\Downloads\Gnil.exe
                                                                "C:\Users\Admin\Downloads\Gnil.exe"
                                                                2⤵
                                                                • Drops file in Drivers directory
                                                                • Executes dropped EXE
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:680
                                                                • C:\Windows\SysWOW64\drivers\spoclsv.exe
                                                                  C:\Windows\system32\drivers\spoclsv.exe
                                                                  3⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:1580
                                                              • C:\Users\Admin\Downloads\Gnil.exe
                                                                "C:\Users\Admin\Downloads\Gnil.exe"
                                                                2⤵
                                                                • Drops file in Drivers directory
                                                                • Executes dropped EXE
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                PID:1572
                                                                • C:\Windows\SysWOW64\drivers\spoclsv.exe
                                                                  C:\Windows\system32\drivers\spoclsv.exe
                                                                  3⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:4260
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
                                                                2⤵
                                                                  PID:2360
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1
                                                                  2⤵
                                                                    PID:5108
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
                                                                    2⤵
                                                                      PID:580
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
                                                                      2⤵
                                                                        PID:392
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
                                                                        2⤵
                                                                          PID:3136
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6140 /prefetch:8
                                                                          2⤵
                                                                            PID:2248
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,13282372452366484133,9881466613010438468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
                                                                            2⤵
                                                                            • NTFS ADS
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:4816
                                                                          • C:\Users\Admin\Downloads\000 (4).exe
                                                                            "C:\Users\Admin\Downloads\000 (4).exe"
                                                                            2⤵
                                                                            • Executes dropped EXE
                                                                            • Enumerates connected drives
                                                                            • Modifies WinLogon
                                                                            • Sets desktop wallpaper using registry
                                                                            • Modifies registry class
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            • Suspicious use of SetWindowsHookEx
                                                                            PID:1532
                                                                            • C:\Windows\SysWOW64\cmd.exe
                                                                              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
                                                                              3⤵
                                                                                PID:2056
                                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                                  taskkill /f /im explorer.exe
                                                                                  4⤵
                                                                                  • Kills process with taskkill
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:1652
                                                                                • C:\Windows\SysWOW64\taskkill.exe
                                                                                  taskkill /f /im taskmgr.exe
                                                                                  4⤵
                                                                                  • Kills process with taskkill
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:4280
                                                                                • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                  wmic useraccount where name='Admin' set FullName='UR NEXT'
                                                                                  4⤵
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:4896
                                                                                • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                                                  wmic useraccount where name='Admin' rename 'UR NEXT'
                                                                                  4⤵
                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                  PID:3348
                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                            1⤵
                                                                              PID:3892
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:3548

                                                                              Network

                                                                              MITRE ATT&CK Enterprise v15

                                                                              Replay Monitor

                                                                              Loading Replay Monitor...

                                                                              Downloads

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                a91469041c09ba8e6c92487f02ca8040

                                                                                SHA1

                                                                                7207eded6577ec8dc3962cd5c3b093d194317ea1

                                                                                SHA256

                                                                                0fef2b2f8cd3ef7aca4d2480c0a65ed4c2456f7033267aa41df7124061c7d28f

                                                                                SHA512

                                                                                b620a381ff679ef45ae7ff8899c59b9e5f1c1a4bdcab1af54af2ea410025ed6bdab9272cc342ac3cb18913bc6f7f8156c95e0e0615219d1981a68922ce34230f

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                Filesize

                                                                                152B

                                                                                MD5

                                                                                601fbcb77ed9464402ad83ed36803fd1

                                                                                SHA1

                                                                                9a34f45553356ec48b03c4d2b2aa089b44c6532d

                                                                                SHA256

                                                                                09d069799186ae736e216ab7e4ecdd980c6b202121b47636f2d0dd0dd4cc9e15

                                                                                SHA512

                                                                                c1cb610c25effb19b1c69ddca07f470e785fd329ad4adda90fbccaec180f1cf0be796e5628a30d0af256f5c3dc81d2331603cf8269f038c33b20dbf788406220

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\140ebce7-f67e-4af7-abfe-6fd188eb0dc4.tmp
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                135b0bab61064f66a9dca3593df17fb9

                                                                                SHA1

                                                                                5be9d34ffa161cf26ededf9e9b8603bbfe4aee9e

                                                                                SHA256

                                                                                0724d2108434756d9b64565f66cd2e247f7fcaf3ec0a648b5d0201bf276be90a

                                                                                SHA512

                                                                                3b1b59d6b40594ee49611dd3904d0f32b43a498a62cb25744521b4b2d795d36f72f1d71c204376c98fa19c155c894e4879c5d0547a0d47dbe05139cf6649e22a

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
                                                                                Filesize

                                                                                32KB

                                                                                MD5

                                                                                eb9324121994e5e41f1738b5af8944b1

                                                                                SHA1

                                                                                aa63c521b64602fa9c3a73dadd412fdaf181b690

                                                                                SHA256

                                                                                2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

                                                                                SHA512

                                                                                7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                d44bd8dd7800f754c5e40c974074a829

                                                                                SHA1

                                                                                35a1db3e62430aac98fb7c9038c5d9effa087b6e

                                                                                SHA256

                                                                                fc75c1dc0ec7404a2c5b7422859d354eb7c6dd6b7987cfd8bf6b74b7c09f1cf8

                                                                                SHA512

                                                                                a3cbd927f8174862d80525e0bfabad7000947240c1239c4f61de5c082fb3d3ee1d56a40104a23cfc84de1ab19a0c08d7e11894902064402ec941845b39faf3ab

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                Filesize

                                                                                111B

                                                                                MD5

                                                                                285252a2f6327d41eab203dc2f402c67

                                                                                SHA1

                                                                                acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                SHA256

                                                                                5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                SHA512

                                                                                11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                ae5e0ec19b45ce8725e1d2e54c333a2c

                                                                                SHA1

                                                                                00153e4475b9f2e4122f14e5a90461781e90eab2

                                                                                SHA256

                                                                                89273adc429e76eae03c4e1926c237657d27f8a5a1d69f9564db45576943e7f1

                                                                                SHA512

                                                                                f351bc50d42315a4b09e55e091b1e9df0f7c2c12ace1db0f005f9e078ad6ac65d4bc539a68bdb7b815d9697e13d88563a7d567dfbd9abd147a9246d25c72c0e8

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                d9e82021f59f99431446da6a86e4121b

                                                                                SHA1

                                                                                08e00e34ef12c2d085fd9d0391afdeef5479eb35

                                                                                SHA256

                                                                                8e8ea8617072963ef41896a1655927cc13cfb40240fdf5d16da74a18f0f82e6c

                                                                                SHA512

                                                                                14c37b26cfc948b94c75c02425491374d988e01a6c80e45570b5d791d65d048d068d0d92fc8c65846cf7b4f411047a6471458ce07956547e01e369da8e23d4c1

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                5KB

                                                                                MD5

                                                                                7fcdd446d1e049f0e20a8c621d9d0be9

                                                                                SHA1

                                                                                60baf7a4833e0cb06bcd65d052e49b685280b3ec

                                                                                SHA256

                                                                                e9a74ac8a8411dfcb25734eb1436d37711c01f2b0c85b06e497908c6a1ea7f27

                                                                                SHA512

                                                                                17654f1e565647c673057aef76256ed8b2cd80ce21f97bd3bedb6c8434fc616fb8c3e44db1f31c34e29d471b06a39648e8cf52648738c2de1c37494afeb2d16a

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                d06a3c8f464fb47c686d69e0bea409b1

                                                                                SHA1

                                                                                5e94e2994af2b2779851601d98e3f2f2c19722a6

                                                                                SHA256

                                                                                2de3ebc1c3630a3246a27994ecdfa757c8a453556c4f348397e67eeea3e18eb6

                                                                                SHA512

                                                                                d0715c0d2bb7e5ca87be728d439d6167324482a4e2dc6e48829a53f83b37e22a89e4333f7b564fb2d80a887db4b8ebf6553c1bd2ca8502f749306ca203383285

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                202c31c31a2be1fae162d93001d5c84f

                                                                                SHA1

                                                                                ced51ad7dba9e2f7bab8ee46bda5dd2bd3645d89

                                                                                SHA256

                                                                                ff59479061d558289e2aaf18a80590472d01d4ac84a2c984fdbf350034d35283

                                                                                SHA512

                                                                                485e237f1bc634ab6f8c255772ff9f40f4a477b4f7a3e5ea42647e6b3b958bd95d6a5b8122d4494770e3b9ed3fba706ab544a6cb976aa1260fe5d8b1f4902460

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                6KB

                                                                                MD5

                                                                                bdce062920d2a34c8ee4162ece269e17

                                                                                SHA1

                                                                                1692ae0c7c5b0d03d6526eb56aaed890b3ec567b

                                                                                SHA256

                                                                                f7e25118c6273948b260d5f84bdce1f5b822ca597a048d8438a6100882fab114

                                                                                SHA512

                                                                                11ae07c638567c56b3910d678d077cadbc64877a5c359af355df2b2da59c47c9e582407a1018029fa85d6f3c08ef6a5b9235d153dc86556e88499ff1032ce7a9

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                e62c69d9f827777fba08fb8b308fa034

                                                                                SHA1

                                                                                e250619d62b16f1d7947357df6dc2f627a34e181

                                                                                SHA256

                                                                                c43080324b9cbe27efc1e8bc5dec8e264ba0b0422752ddad3118bda17f8966ac

                                                                                SHA512

                                                                                3132c26a0b53f02810d02b8073f69b946d2f56964e0abc421644acc3c08bb1c4dc9f5d0b6121e7de66e943adefb55926e63998d3689eaf6c983cc66193365d09

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                Filesize

                                                                                7KB

                                                                                MD5

                                                                                c37cac670f40c8f4d2fe65bd47202409

                                                                                SHA1

                                                                                173e0b562efe40cb5c9389d4e186695fb360f7b9

                                                                                SHA256

                                                                                b5e309a31856e1e6fd34d1c94f4e2feb34c8bbe410a6930dffeea48835e76db9

                                                                                SHA512

                                                                                10825750ead98cba7c3dc3f76e577569e8e1fccd57ce1d40b1cdf1d775e198ac81c2f594a70a1fda6faf4c59ef6582c27450ba64de040d192556d3a980c92ee4

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                b0a5a6a5d3c85e1d1155867cf65736fc

                                                                                SHA1

                                                                                5cf76d45dcbc998d3246e50c7de3a7eb55ff4d23

                                                                                SHA256

                                                                                d5432d012e311c217cd6038ad6322aac8baf54b729b544bde1d00428e3fbe602

                                                                                SHA512

                                                                                6e353e51c7a276c3bcfe13f2ca1d943ac0968b1588269dae5dd2003d2235d71c0a7cd6aad5fabb6fffefc994fd09c20e28d92204fd40b187571899e2ef31a0e9

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                de247da1dee061f5f364a865396edc74

                                                                                SHA1

                                                                                1bedd2bb8e422aa5d3f9a34bef1b013565b1b4bc

                                                                                SHA256

                                                                                92ce4b2596254b7bc121952625eea8460e5ca495daf8ac99922f2553f3ee5680

                                                                                SHA512

                                                                                7906f53e2909bbfa54b69439888ff14dfc73ac88988bdaf8fdb19d76519d1853ea1c1174dbda9f35e302eadd2601bd0d187227deaf7b1e5b7f1f0cc9f701e55a

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                ec08308d66f3953a867a2c1f66073635

                                                                                SHA1

                                                                                7198b67390d17c4c7a03211b024c388d5d87134c

                                                                                SHA256

                                                                                984c829e807b47288e1572760e3feadfd45e07622c7f445ab2d014c3f2a9df93

                                                                                SHA512

                                                                                c6f0cb2bea76555fb3574ed9443dcd0b0c2ed153531fc132be7c24795bbb265dbd73410a1716dff0e880cd3afeaec08550b2bbe4ce7d1a119c65c0631b3c4a03

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                318ab60c85c9b28c07ed0de5141da551

                                                                                SHA1

                                                                                81f4978135eafb3fdf920577ec458d8dedaf3716

                                                                                SHA256

                                                                                86406304f8feff75e8cc47e39ea6bd52e3f5fc9329acbe58d13ac3ae5589b8bb

                                                                                SHA512

                                                                                5c6c17f4fd5dbbe8699b192e53556afec881bcc4b98a9bfa1f753261911b65682dea87749429eb98a27fd85d71f07ce013f38db960b540e875a6767f0f2e9505

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                874B

                                                                                MD5

                                                                                dbc3aa2fc34f8d0c888f19d071e4b0cf

                                                                                SHA1

                                                                                fe500322cf263724cd511b8b73220eb5a7f8087b

                                                                                SHA256

                                                                                406b802e3fc5645b663e681a94ff1257eb41db282ffb704a3a353e2cd6e153cd

                                                                                SHA512

                                                                                f45e9e4a03f03c24c9765ee4b81444d0a7ad569e1b2155a8b2334a8e41751feb46eceba11c91cbdbc4a7437ee2a247ca869e834a36ef049567415e727f94da2f

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                df76fe313433a2e88f0d94e00a035f19

                                                                                SHA1

                                                                                42b850cf16a37d5f3d5958eeb09bdd6d069a3cf5

                                                                                SHA256

                                                                                105548ee7862fe41607ba004b6127e76a655c502f3c8bb06f935e43dac143a4e

                                                                                SHA512

                                                                                b50fedd5dff4566fb67f7ec47a0b6e30fb648c74a1265cf55b9f9fd41f39fe6cae166bf16707084507496b0d920f5bbce5373c609c1cdeceefdf281f4d0cc91b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                46d917a2c0d742ec2aa154c9559a61d7

                                                                                SHA1

                                                                                c9b2445dd01828a04f11369bda97720f01830bb1

                                                                                SHA256

                                                                                58534b3c4ed6f05fb038e434e88f4761cc3f09f9455f1daf18975d4b20e45e06

                                                                                SHA512

                                                                                8689f9134b015d348c3d03fd67be2a979f734efa677b805aac8148ee8ed342dffcdf8a4011a1886c5dfe901dad5f61c29c306aa909b790c41149a159dde496ba

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                0687f9feced03f12d75e322ad0a87928

                                                                                SHA1

                                                                                c216f2691a0f3a843a8c4312c050d6285a79f911

                                                                                SHA256

                                                                                10efeed00451cf32b0b9371fa244a9bcc02cee89749a586230c96e17e45e9816

                                                                                SHA512

                                                                                eb35f99e78c82fa185e8b8fcf6299e71d8a7ff3e11e7563d29d249acb30fc8b663f114125d28d9a9e7c9f35910601b34f3a86a422a5ada7a879a00c40d3d3337

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                799c24fbd3d4ac83e92277c474365b6c

                                                                                SHA1

                                                                                304de6c954791373e676834b2ed61a37cf0e0fff

                                                                                SHA256

                                                                                804a39e0aae7fe5e164140882cf30eec7e6f6d1695f20a0946424d4692c8bf5b

                                                                                SHA512

                                                                                7013a5b1ae95998c8595679a7289d6597818942391426c23b8a2b144fd5feb24e95f95e9ab2d6b5face74183321b7a464475ef645f7dff04cda5bc856689f15b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                82c511d3f9993247f255697bed2c9171

                                                                                SHA1

                                                                                7b117d003765cdb0f965c8a48b05b2fe38fbd678

                                                                                SHA256

                                                                                9e39a328286db5c35e619aa6ce0734b4348d272b77dbe82603d1a5022367521b

                                                                                SHA512

                                                                                6d16d63ceaa666a9bda3228bd62fa63c2b2e26cb74efebab9abdc212f65157bab5df717d7cb42e1755ab5068610379739f73db9e6ce3b36b19fde72ead6f94f1

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                768eaa277e56047124ff7fc02fb8f18e

                                                                                SHA1

                                                                                ad9e8fdf15c47b0fb0926c3582ada6651e1c0f4d

                                                                                SHA256

                                                                                cd30985593196cae98d3c34a26c1e7e455f6be5e46adac1b8f2e1ab6f2624438

                                                                                SHA512

                                                                                195dd20352eb95951ad42ec3ff067e45d483b72618616a7af9e2f903c14f396117109e8c5f88d2fe160cb642463958284ddc5a273e700457e4ba1df9386dc7e2

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                Filesize

                                                                                874B

                                                                                MD5

                                                                                66d34daff6cbc267f76579543cedd30e

                                                                                SHA1

                                                                                3dd93e99d311899982a10e2ee476ab8dc7186b80

                                                                                SHA256

                                                                                6b49d98e6272f5ee85b710d9960d1babe6861d234041b517d63fe041fe724355

                                                                                SHA512

                                                                                da28e94e9cd3cd06fef52e8f81b0e9942030b7d9c44aecc1a14d53bff9f2de1473c4abee44c72b01bbd84af7664bbd712e86df5bf35cdc09eb35b7cba8e6b6c5

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d968.TMP
                                                                                Filesize

                                                                                874B

                                                                                MD5

                                                                                02afbc09db40ed8c6df5936ca97f67ec

                                                                                SHA1

                                                                                c4a6a32779729bfbe89355a04daf43315da1fdc7

                                                                                SHA256

                                                                                70e85b45889720081f6d1f35a5094ae9f2e1eb599afd7aecb02816b9d23e8f0d

                                                                                SHA512

                                                                                f38f24398ac1040298f50fe1a52d327b387691a9d0373b36fb0bba9128ae88795c572de714bb0809e321534719564734c229d5cebade9872a00c407bd93af07b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\ec72b8e0-e84d-417a-a815-187031c454c6\0
                                                                                Filesize

                                                                                1.7MB

                                                                                MD5

                                                                                f7afb25d27a61917a2f26df8df3a1c1e

                                                                                SHA1

                                                                                bbfc1acb17d86f6a9562e1bd0f0f740413be2e78

                                                                                SHA256

                                                                                82df41538e6d381bc55ff884d5eadbc2dbbfeff57f50782e24842c4341829554

                                                                                SHA512

                                                                                ae7cb5d064728256959351d10f8f9f05482b2b796dcb08a378548656a91c1df3754c9225ac69e9462908ae332713202699767033e53aa1c74e0f542fb21b654b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                Filesize

                                                                                16B

                                                                                MD5

                                                                                6752a1d65b201c13b62ea44016eb221f

                                                                                SHA1

                                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                SHA256

                                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                SHA512

                                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                12KB

                                                                                MD5

                                                                                c6f6d8ea7930b81db27aa67996cd8502

                                                                                SHA1

                                                                                27e2ed04ba052182ec31352aac8083de8b116757

                                                                                SHA256

                                                                                e382a41a4ccef7259186563b0da20ea570bbe817aa25d7b93d3f399b4a4ee311

                                                                                SHA512

                                                                                4746ddbb9107e0a4d64e4bc38abdc49ce4c25fd1b2e4ead89e9b8fd4f461742f633d03277dd2d87223483411b94133ddc43cb46d4889742cfb46cf6e53ba806c

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                12KB

                                                                                MD5

                                                                                f3447b7e91f517361293cbbb3a9f4f6d

                                                                                SHA1

                                                                                54226baf8771bd4e72899d81701fd0bfbc622c2d

                                                                                SHA256

                                                                                ffd3d85ad5da4d59a9e5c1eec52fdd0ad31f4f84137830eeda9fba207185e2ab

                                                                                SHA512

                                                                                285b1c8d3b060b05c3c1a405014b854045081f6f46994e3aab0743f6d39362c94e0f78632e85463c047021c5c0bf959be61bf3ad85ec018e6567a17341aa1ab4

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                12KB

                                                                                MD5

                                                                                5be0d7024ab12d05a67bb4d2863aa079

                                                                                SHA1

                                                                                ceac7fb7bfa8a50e77778559a2a7dd4445c43983

                                                                                SHA256

                                                                                8c175686a957e8dfbfcb3ab1c9dbbf8f1d95cfbd7292fe3b91e7e3317d9ef3ee

                                                                                SHA512

                                                                                bd6e9b8ae4ed108b746034aae94c2829df532b97ef4010a3e9d0920feea7455ced5908f9b92050f7fcbf4f2704840497549efd827f8baa28aa4aaa7b0727de6d

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                12KB

                                                                                MD5

                                                                                1340419fe284ac2ecb9834a9c35db626

                                                                                SHA1

                                                                                1d9a2a3930d594e18147d665f059b88c9120d8dd

                                                                                SHA256

                                                                                1ec0e5f1379d52d21f9d1a21e9bcb489628eaf3fd1d6b7ade07587955321887d

                                                                                SHA512

                                                                                915050cdc841107821a24a786fc7c2c681c03e6be46f847f740c5d65f931b633bf737f5679c3aa8baa6b0be43630e29e433f7f58666384622891b618db258f12

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                12KB

                                                                                MD5

                                                                                1dcde23691526a5a8065310e279d6491

                                                                                SHA1

                                                                                191c676b1868708ba2ec4a915eb54881c82fc374

                                                                                SHA256

                                                                                6d70fcb102f5a7283ff3def0a4cd22b7da9a0d1615c1cf1aa90b96366e2f9bac

                                                                                SHA512

                                                                                037ba9db7c346e62a8eeb57493357c64ee44f73db730bfde6cd5423feb2e413cf3748e40afc43ef54f94a1664b706c5837bebcd8cdad96aa7763cdbefead0f86

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                12KB

                                                                                MD5

                                                                                b4215cf21e77ae3f6dd34fb34954e21b

                                                                                SHA1

                                                                                ce8165de66820de9a2cbc34bb6784055e9036e3b

                                                                                SHA256

                                                                                e6ed365de423564364228701b2f1ed4062a4838986d1cb917afdaf14941acc17

                                                                                SHA512

                                                                                ecf51da1a94832f0181bbef2ea13ed1f2d1fe5d0b777a13c5afd24588bd96ba991af515ea3d50ac006aecb3961b0ca958f19da07d142efbe961a7f17537adaa7

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                Filesize

                                                                                11KB

                                                                                MD5

                                                                                548f1643d18e771821ef250f92045f7a

                                                                                SHA1

                                                                                e4a763c636eb81c87fe241b2d6955d7987e7300b

                                                                                SHA256

                                                                                b87d1874cd0e409a48eea8c83c6473d37b84f0aa3e1b3443b2ca2840121b9ebd

                                                                                SHA512

                                                                                628bbdc65dbd1d8091ec1bc4ac68c868216affa9c2b8bfb4714a196e4b71d770956533eb1be4db80b74b43a1abfb4d5cd0eea9e8a8d7f9111b325b10e16a9210

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
                                                                                Filesize

                                                                                704KB

                                                                                MD5

                                                                                744b72ee3cdfd797532274f501710143

                                                                                SHA1

                                                                                d2b40bce371921da472a1efe99c5d396d0cd5843

                                                                                SHA256

                                                                                9382efd4ff7b2f2f31841885066f5c185ba4379b7085ee3c959cc15c645e9de8

                                                                                SHA512

                                                                                ba663dcb6849221ecb4cf208ca503aa5f03bc87654a81752f96e3c2d5182135b81592339f3911de50cb0ae0d861e4527f17498de95d446fe5d760af5bbaa2da3

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
                                                                                Filesize

                                                                                9KB

                                                                                MD5

                                                                                7050d5ae8acfbe560fa11073fef8185d

                                                                                SHA1

                                                                                5bc38e77ff06785fe0aec5a345c4ccd15752560e

                                                                                SHA256

                                                                                cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

                                                                                SHA512

                                                                                a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Temp\one.rtf
                                                                                Filesize

                                                                                403B

                                                                                MD5

                                                                                6fbd6ce25307749d6e0a66ebbc0264e7

                                                                                SHA1

                                                                                faee71e2eac4c03b96aabecde91336a6510fff60

                                                                                SHA256

                                                                                e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690

                                                                                SHA512

                                                                                35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Temp\rniw.exe
                                                                                Filesize

                                                                                76KB

                                                                                MD5

                                                                                9232120b6ff11d48a90069b25aa30abc

                                                                                SHA1

                                                                                97bb45f4076083fca037eee15d001fd284e53e47

                                                                                SHA256

                                                                                70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be

                                                                                SHA512

                                                                                b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Temp\v.mp4
                                                                                Filesize

                                                                                81KB

                                                                                MD5

                                                                                d2774b188ab5dde3e2df5033a676a0b4

                                                                                SHA1

                                                                                6e8f668cba211f1c3303e4947676f2fc9e4a1bcc

                                                                                SHA256

                                                                                95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443

                                                                                SHA512

                                                                                3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Local\Temp\windl.bat
                                                                                Filesize

                                                                                771B

                                                                                MD5

                                                                                a9401e260d9856d1134692759d636e92

                                                                                SHA1

                                                                                4141d3c60173741e14f36dfe41588bb2716d2867

                                                                                SHA256

                                                                                b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7

                                                                                SHA512

                                                                                5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6

                                                                                Download Submit

                                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                                                                                Filesize

                                                                                12KB

                                                                                MD5

                                                                                31cf4b6db15f53fd9cb1a146593fd045

                                                                                SHA1

                                                                                6a44975818c38498cbc6323831a422689e65eb72

                                                                                SHA256

                                                                                ac1b0b1c97a18fe06db7866c9e49b8d3a389019ef99d49510ad91986397c05bb

                                                                                SHA512

                                                                                899a663037f2d8e5f768928492eb2d2f962f8ed5fba30be7256c4e486d0cb8f236a612b8eabc5303d31d930e0a5b523395ceeac5baac2bba500f34ebc432514c

                                                                                Download Submit

                                                                              • C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt
                                                                                Filesize

                                                                                396B

                                                                                MD5

                                                                                9037ebf0a18a1c17537832bc73739109

                                                                                SHA1

                                                                                1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

                                                                                SHA256

                                                                                38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

                                                                                SHA512

                                                                                4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\000 (4).exe
                                                                                Filesize

                                                                                6.7MB

                                                                                MD5

                                                                                f2b7074e1543720a9a98fda660e02688

                                                                                SHA1

                                                                                1029492c1a12789d8af78d54adcb921e24b9e5ca

                                                                                SHA256

                                                                                4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966

                                                                                SHA512

                                                                                73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\000 (4).exe:Zone.Identifier
                                                                                Filesize

                                                                                26B

                                                                                MD5

                                                                                fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                SHA1

                                                                                d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                SHA256

                                                                                eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                SHA512

                                                                                aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 30177.crdownload
                                                                                Filesize

                                                                                73KB

                                                                                MD5

                                                                                37e887b7a048ddb9013c8d2a26d5b740

                                                                                SHA1

                                                                                713b4678c05a76dbd22e6f8d738c9ef655e70226

                                                                                SHA256

                                                                                24c0638ff7571c7f4df5bcddd50bc478195823e934481fa3ee96eb1d1c4b4a1b

                                                                                SHA512

                                                                                99f74eb00c6f6d1cbecb4d88e1056222e236cb85cf2a421243b63cd481939d3c4693e08edde743722d3320c27573fbcc99bf749ff72b857831e4b6667374b8af

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 37401.crdownload
                                                                                Filesize

                                                                                2KB

                                                                                MD5

                                                                                a56d479405b23976f162f3a4a74e48aa

                                                                                SHA1

                                                                                f4f433b3f56315e1d469148bdfd835469526262f

                                                                                SHA256

                                                                                17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

                                                                                SHA512

                                                                                f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 37401.crdownload:SmartScreen
                                                                                Filesize

                                                                                7B

                                                                                MD5

                                                                                4047530ecbc0170039e76fe1657bdb01

                                                                                SHA1

                                                                                32db7d5e662ebccdd1d71de285f907e3a1c68ac5

                                                                                SHA256

                                                                                82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

                                                                                SHA512

                                                                                8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 499426.crdownload
                                                                                Filesize

                                                                                4KB

                                                                                MD5

                                                                                93ceffafe7bb69ec3f9b4a90908ece46

                                                                                SHA1

                                                                                14c85fa8930f8bfbe1f9102a10f4b03d24a16d02

                                                                                SHA256

                                                                                b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07

                                                                                SHA512

                                                                                c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Unconfirmed 660361.crdownload
                                                                                Filesize

                                                                                1.8MB

                                                                                MD5

                                                                                e3d6b2a8abf0e7bf1e1a2d0cc35abc1e

                                                                                SHA1

                                                                                d1e115e43b484e93255a1da3685a8e967a8c8b4d

                                                                                SHA256

                                                                                8fa1650a900f7813def5392a7bb818f6c70a6f5bed02522d16881168cc91281e

                                                                                SHA512

                                                                                317a9a1d4bd61bd6ba3eb2a86e8ccfae7c84f1325afccfd993e0fafd3c256de79ecafa6e370c009c7819245816cd7f3f88464c5ec5d362793212844fe0b64e5a

                                                                                Download Submit

                                                                              • C:\Users\Admin\Downloads\Walker.com:Zone.Identifier
                                                                                Filesize

                                                                                55B

                                                                                MD5

                                                                                0f98a5550abe0fb880568b1480c96a1c

                                                                                SHA1

                                                                                d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                                SHA256

                                                                                2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                                SHA512

                                                                                dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                                Download Submit

                                                                              • memory/680-712-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                Filesize

                                                                                272KB

                                                                                Download

                                                                              • memory/680-713-0x0000000002290000-0x0000000002291000-memory.dmp

                                                                                Filesize

                                                                                4KB

                                                                                Download

                                                                              • memory/680-721-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                Filesize

                                                                                272KB

                                                                                Download

                                                                              • memory/1532-930-0x0000000006380000-0x0000000006926000-memory.dmp

                                                                                Filesize

                                                                                5.6MB

                                                                                Download

                                                                              • memory/1532-964-0x000000000C100000-0x000000000C110000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-929-0x0000000005DC0000-0x0000000005DD0000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-928-0x0000000000BC0000-0x000000000126E000-memory.dmp

                                                                                Filesize

                                                                                6.7MB

                                                                                Download

                                                                              • memory/1532-949-0x000000000BFE0000-0x000000000C018000-memory.dmp

                                                                                Filesize

                                                                                224KB

                                                                                Download

                                                                              • memory/1532-950-0x0000000009980000-0x000000000998E000-memory.dmp

                                                                                Filesize

                                                                                56KB

                                                                                Download

                                                                              • memory/1532-927-0x00000000747B0000-0x0000000074F61000-memory.dmp

                                                                                Filesize

                                                                                7.7MB

                                                                                Download

                                                                              • memory/1532-956-0x000000000C240000-0x000000000C250000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-958-0x000000000C240000-0x000000000C250000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-960-0x000000000C240000-0x000000000C250000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-959-0x000000000C240000-0x000000000C250000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-962-0x000000000C240000-0x000000000C250000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-963-0x000000000C240000-0x000000000C250000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-937-0x0000000005DC0000-0x0000000005DD0000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-966-0x000000000C100000-0x000000000C110000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-968-0x000000000C100000-0x000000000C110000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-970-0x000000000C240000-0x000000000C250000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-967-0x000000000C240000-0x000000000C250000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-971-0x000000000C100000-0x000000000C110000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-972-0x00000000747B0000-0x0000000074F61000-memory.dmp

                                                                                Filesize

                                                                                7.7MB

                                                                                Download

                                                                              • memory/1532-973-0x000000000C240000-0x000000000C250000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-974-0x000000000C100000-0x000000000C110000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-975-0x0000000005DC0000-0x0000000005DD0000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1532-1398-0x0000000005DC0000-0x0000000005DD0000-memory.dmp

                                                                                Filesize

                                                                                64KB

                                                                                Download

                                                                              • memory/1572-741-0x00000000006B0000-0x00000000006B1000-memory.dmp

                                                                                Filesize

                                                                                4KB

                                                                                Download

                                                                              • memory/1572-749-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                Filesize

                                                                                272KB

                                                                                Download

                                                                              • memory/1580-720-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                Filesize

                                                                                272KB

                                                                                Download

                                                                              • memory/4260-748-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                                Filesize

                                                                                272KB

                                                                                Download