Overview

overview

10

Static

static

3

aaa4b95522...d2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    176s
  • max time network
    186s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-04-2024 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aaa4b955227b94eca939dbc0afaa558fce10a81d4021a016076414c9dbe83ed2.exe

  • Size

    1.6MB

  • MD5

    c28f9c8113172c2adb98c510a070a0f4

  • SHA1

    5566c8c299cabf6c8558d71e72df39fd00b85383

  • SHA256

    aaa4b955227b94eca939dbc0afaa558fce10a81d4021a016076414c9dbe83ed2

  • SHA512

    fe2017b25bf7c1faa9dfcb9cab1c3e6d79efe74cd132a0395e0907b8b9595283fc8cabbe7d1c5b426622cef40dc19433fa73b1b65cf9cafb6ea7dd415a6ac0ea

  • SSDEEP

    49152:OGV+PKmx+2JnKBb9EIoyLUKYgMfjWUaPR:7V+PoiK1W7yL8rra

Score
10/10
amadeydcratmysticredlinesmokeloadergromebackdoorevasioninfostealerpersistenceratstealertrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

grome

C2

77.91.124.86:19084

Extracted

Family

amadey

Version

3.89

C2

http://77.91.124.1

Attributes
  • install_dir

    fefffe8cea

  • install_file

    explothe.exe

  • strings_key

    36a96139c1118a354edf72b1080d4b2f

  • url_paths

    /theme/index.php

rc4.plain

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Detect Mystic stealer payload 5 IoCs
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 14 IoCs
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 4 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 51 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aaa4b955227b94eca939dbc0afaa558fce10a81d4021a016076414c9dbe83ed2.exe
    "C:\Users\Admin\AppData\Local\Temp\aaa4b955227b94eca939dbc0afaa558fce10a81d4021a016076414c9dbe83ed2.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\At1FG96.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\At1FG96.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:2560
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\UA8ci07.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\UA8ci07.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:4016
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lx4ig89.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lx4ig89.exe
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious use of WriteProcessMemory
          PID:4792
          • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\ey2LY57.exe
            C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\ey2LY57.exe
            5⤵
            • Executes dropped EXE
            • Adds Run key to start application
            • Suspicious use of WriteProcessMemory
            PID:3552
            • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\tP9oS68.exe
              C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\tP9oS68.exe
              6⤵
              • Executes dropped EXE
              • Adds Run key to start application
              • Suspicious use of WriteProcessMemory
              PID:4280
              • C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1eo91NJ9.exe
                C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1eo91NJ9.exe
                7⤵
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                • Suspicious use of WriteProcessMemory
                PID:2776
                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                  8⤵
                    PID:3244
                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                    8⤵
                    • Modifies Windows Defender Real-time Protection settings
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:3772
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 604
                    8⤵
                    • Program crash
                    PID:4292
                • C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2EH4758.exe
                  C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2EH4758.exe
                  7⤵
                  • Executes dropped EXE
                  • Suspicious use of SetThreadContext
                  • Suspicious use of WriteProcessMemory
                  PID:2480
                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                    8⤵
                      PID:2760
                      • C:\Windows\SysWOW64\WerFault.exe
                        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 540
                        9⤵
                        • Program crash
                        PID:4776
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 584
                      8⤵
                      • Program crash
                      PID:5060
                • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hC55qI.exe
                  C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hC55qI.exe
                  6⤵
                  • Executes dropped EXE
                  • Checks SCSI registry key(s)
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: MapViewOfSection
                  PID:3876
              • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4lQ486Xs.exe
                C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4lQ486Xs.exe
                5⤵
                • Executes dropped EXE
                • Suspicious use of SetThreadContext
                • Suspicious use of WriteProcessMemory
                PID:4324
                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                  6⤵
                    PID:1944
                  • C:\Windows\SysWOW64\WerFault.exe
                    C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 584
                    6⤵
                    • Program crash
                    PID:4216
              • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5Ge6UQ0.exe
                C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5Ge6UQ0.exe
                4⤵
                • Checks computer location settings
                • Executes dropped EXE
                • Suspicious use of WriteProcessMemory
                PID:3756
                • C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
                  "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe"
                  5⤵
                  • Checks computer location settings
                  • Executes dropped EXE
                  PID:1136
                  • C:\Windows\SysWOW64\schtasks.exe
                    "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
                    6⤵
                    • Creates scheduled task(s)
                    PID:3288
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "Admin:N"&&CACLS "explothe.exe" /P "Admin:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "Admin:N"&&CACLS "..\fefffe8cea" /P "Admin:R" /E&&Exit
                    6⤵
                      PID:5024
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                        7⤵
                          PID:4832
                        • C:\Windows\SysWOW64\cacls.exe
                          CACLS "explothe.exe" /P "Admin:N"
                          7⤵
                            PID:2704
                          • C:\Windows\SysWOW64\cacls.exe
                            CACLS "explothe.exe" /P "Admin:R" /E
                            7⤵
                              PID:1392
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /S /D /c" echo Y"
                              7⤵
                                PID:4424
                              • C:\Windows\SysWOW64\cacls.exe
                                CACLS "..\fefffe8cea" /P "Admin:N"
                                7⤵
                                  PID:3412
                                • C:\Windows\SysWOW64\cacls.exe
                                  CACLS "..\fefffe8cea" /P "Admin:R" /E
                                  7⤵
                                    PID:1700
                          • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6cN9lD0.exe
                            C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6cN9lD0.exe
                            3⤵
                            • Executes dropped EXE
                            PID:2384
                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Vy8qw06.exe
                          C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Vy8qw06.exe
                          2⤵
                          • Executes dropped EXE
                          PID:3648
                          • C:\Windows\system32\cmd.exe
                            "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3BA8.tmp\3BA9.tmp\3BAA.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Vy8qw06.exe"
                            3⤵
                              PID:4592
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                4⤵
                                • Enumerates system info in registry
                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SendNotifyMessage
                                PID:4528
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9c2c146f8,0x7ff9c2c14708,0x7ff9c2c14718
                                  5⤵
                                    PID:2520
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
                                    5⤵
                                      PID:5196
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
                                      5⤵
                                        PID:5244
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
                                        5⤵
                                          PID:5292
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                                          5⤵
                                            PID:5792
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
                                            5⤵
                                              PID:5800
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
                                              5⤵
                                                PID:2480
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
                                                5⤵
                                                  PID:2760
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
                                                  5⤵
                                                    PID:5632
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
                                                    5⤵
                                                      PID:6148
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
                                                      5⤵
                                                        PID:6156
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
                                                        5⤵
                                                          PID:6164
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
                                                          5⤵
                                                            PID:6172
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
                                                            5⤵
                                                              PID:6660
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
                                                              5⤵
                                                                PID:7140
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
                                                                5⤵
                                                                  PID:7216
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
                                                                  5⤵
                                                                    PID:7600
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:1
                                                                    5⤵
                                                                      PID:8188
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1
                                                                      5⤵
                                                                        PID:7080
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8584 /prefetch:8
                                                                        5⤵
                                                                          PID:5768
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8584 /prefetch:8
                                                                          5⤵
                                                                            PID:5936
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8852 /prefetch:1
                                                                            5⤵
                                                                              PID:4608
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,17105360952834641165,15118897078438950977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:1
                                                                              5⤵
                                                                                PID:1652
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
                                                                              4⤵
                                                                                PID:452
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9c2c146f8,0x7ff9c2c14708,0x7ff9c2c14718
                                                                                  5⤵
                                                                                    PID:1648
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,5578699788355566804,8108345706470656583,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
                                                                                    5⤵
                                                                                      PID:5600
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,5578699788355566804,8108345706470656583,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
                                                                                      5⤵
                                                                                        PID:5608
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                                                                      4⤵
                                                                                        PID:2732
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9c2c146f8,0x7ff9c2c14708,0x7ff9c2c14718
                                                                                          5⤵
                                                                                            PID:1464
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16713470655121838163,4840030630115323989,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
                                                                                            5⤵
                                                                                              PID:5532
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,16713470655121838163,4840030630115323989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
                                                                                              5⤵
                                                                                                PID:5580
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
                                                                                              4⤵
                                                                                                PID:4508
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ff9c2c146f8,0x7ff9c2c14708,0x7ff9c2c14718
                                                                                                  5⤵
                                                                                                    PID:3316
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10825996722161652419,9379994855790637393,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
                                                                                                    5⤵
                                                                                                      PID:5720
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10825996722161652419,9379994855790637393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
                                                                                                      5⤵
                                                                                                        PID:6004
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
                                                                                                      4⤵
                                                                                                        PID:3748
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9c2c146f8,0x7ff9c2c14708,0x7ff9c2c14718
                                                                                                          5⤵
                                                                                                            PID:2392
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,11481372826131518521,14237761452054451727,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
                                                                                                            5⤵
                                                                                                              PID:5488
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,11481372826131518521,14237761452054451727,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
                                                                                                              5⤵
                                                                                                                PID:5644
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
                                                                                                              4⤵
                                                                                                                PID:1408
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9c2c146f8,0x7ff9c2c14708,0x7ff9c2c14718
                                                                                                                  5⤵
                                                                                                                    PID:5016
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,7696191613704502926,13132836423624177979,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
                                                                                                                    5⤵
                                                                                                                      PID:5300
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,7696191613704502926,13132836423624177979,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
                                                                                                                      5⤵
                                                                                                                        PID:5524
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
                                                                                                                      4⤵
                                                                                                                        PID:3928
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ff9c2c146f8,0x7ff9c2c14708,0x7ff9c2c14718
                                                                                                                          5⤵
                                                                                                                            PID:1220
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4529993651688109770,6069192333183007243,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
                                                                                                                            5⤵
                                                                                                                              PID:5516
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4529993651688109770,6069192333183007243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
                                                                                                                              5⤵
                                                                                                                                PID:5652
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
                                                                                                                              4⤵
                                                                                                                                PID:460
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x104,0x16c,0x7ff9c2c146f8,0x7ff9c2c14708,0x7ff9c2c14718
                                                                                                                                  5⤵
                                                                                                                                    PID:2072
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,9521213063131906379,18371223577997164055,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
                                                                                                                                    5⤵
                                                                                                                                      PID:5332
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,9521213063131906379,18371223577997164055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
                                                                                                                                      5⤵
                                                                                                                                        PID:5620
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
                                                                                                                                      4⤵
                                                                                                                                        PID:5096
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9c2c146f8,0x7ff9c2c14708,0x7ff9c2c14718
                                                                                                                                          5⤵
                                                                                                                                            PID:4292
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5419457109061100006,16331338534121763887,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
                                                                                                                                            5⤵
                                                                                                                                              PID:5692
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,5419457109061100006,16331338534121763887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
                                                                                                                                              5⤵
                                                                                                                                                PID:5700
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                                                                                                                              4⤵
                                                                                                                                                PID:660
                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9c2c146f8,0x7ff9c2c14708,0x7ff9c2c14718
                                                                                                                                                  5⤵
                                                                                                                                                    PID:4792
                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,11105471869312030840,16151408890522526837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
                                                                                                                                                    5⤵
                                                                                                                                                      PID:7512
                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2776 -ip 2776
                                                                                                                                              1⤵
                                                                                                                                                PID:4668
                                                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2480 -ip 2480
                                                                                                                                                1⤵
                                                                                                                                                  PID:4432
                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2760 -ip 2760
                                                                                                                                                  1⤵
                                                                                                                                                    PID:2124
                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4324 -ip 4324
                                                                                                                                                    1⤵
                                                                                                                                                      PID:3724
                                                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                      1⤵
                                                                                                                                                        PID:3644
                                                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                        1⤵
                                                                                                                                                          PID:5204
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
                                                                                                                                                          C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
                                                                                                                                                          1⤵
                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                          PID:7596

                                                                                                                                                        Network

                                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                                        Replay Monitor

                                                                                                                                                        Loading Replay Monitor...

                                                                                                                                                        Downloads

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AppLaunch.exe.log
                                                                                                                                                          Filesize

                                                                                                                                                          226B

                                                                                                                                                          MD5

                                                                                                                                                          916851e072fbabc4796d8916c5131092

                                                                                                                                                          SHA1

                                                                                                                                                          d48a602229a690c512d5fdaf4c8d77547a88e7a2

                                                                                                                                                          SHA256

                                                                                                                                                          7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d

                                                                                                                                                          SHA512

                                                                                                                                                          07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3b789b49-381d-4e38-9063-72e13605addf.tmp
                                                                                                                                                          Filesize

                                                                                                                                                          8KB

                                                                                                                                                          MD5

                                                                                                                                                          56cfe737550cc5d97bec27bf2d687fc5

                                                                                                                                                          SHA1

                                                                                                                                                          6395c3120fc9257b485cf549fc42e11f89f808ba

                                                                                                                                                          SHA256

                                                                                                                                                          04901f718b90648c40179aeb44accad0482786ebe2c2837c7805a9872a816507

                                                                                                                                                          SHA512

                                                                                                                                                          c12dcf875b4955603a1fc59ee789a9b954b0f9b7d39f6b06180a4eccb86f0061be1f929b9fe229652b3e1ce16358e57536c6922ff88e9d49290f1c20cab69a5d

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                          Filesize

                                                                                                                                                          152B

                                                                                                                                                          MD5

                                                                                                                                                          36bb45cb1262fcfcab1e3e7960784eaa

                                                                                                                                                          SHA1

                                                                                                                                                          ab0e15841b027632c9e1b0a47d3dec42162fc637

                                                                                                                                                          SHA256

                                                                                                                                                          7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

                                                                                                                                                          SHA512

                                                                                                                                                          02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                          Filesize

                                                                                                                                                          152B

                                                                                                                                                          MD5

                                                                                                                                                          1e3dc6a82a2cb341f7c9feeaf53f466f

                                                                                                                                                          SHA1

                                                                                                                                                          915decb72e1f86e14114f14ac9bfd9ba198fdfce

                                                                                                                                                          SHA256

                                                                                                                                                          a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

                                                                                                                                                          SHA512

                                                                                                                                                          0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1aa1f1b5-26f2-4a29-a06f-a2b765c983da.tmp
                                                                                                                                                          Filesize

                                                                                                                                                          7KB

                                                                                                                                                          MD5

                                                                                                                                                          7be7b0befc8d345ab7026e9a166e1983

                                                                                                                                                          SHA1

                                                                                                                                                          359bf4f44f1c43b189f8e83434e51bcc6f2df30c

                                                                                                                                                          SHA256

                                                                                                                                                          d7a5557552d65d29285810d7aa74df49a443e1afe5fe90844964b0d5ea6f50dd

                                                                                                                                                          SHA512

                                                                                                                                                          8e76ffdb3caee8adb3923216bf26e185de3c626441abbcd98b5783dbb4c01fb7bd80606b65bf3b9f3b3a7e7e1804e640a64e2a6d074d456b57dd9b145bc66cff

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                          Filesize

                                                                                                                                                          6KB

                                                                                                                                                          MD5

                                                                                                                                                          49f2fd5c47dadd26296ddd4394e5a6e3

                                                                                                                                                          SHA1

                                                                                                                                                          e50c823498e9dc5d98edc4206c277d5e7d821f0e

                                                                                                                                                          SHA256

                                                                                                                                                          db85132ca9aca312d9da84183bcf4969c6941e8df493acb4d45d01131dc6f513

                                                                                                                                                          SHA512

                                                                                                                                                          a06107a79f9cd07b207d3c81d9be44400c91ffac63076752c9e70c986b32697c3d738389765841f5e5f3dd0ede7d08a23c0f44c5ccb358aa00e3aeece144eb10

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                          Filesize

                                                                                                                                                          7KB

                                                                                                                                                          MD5

                                                                                                                                                          4487f45d03540a311cca1a02be438262

                                                                                                                                                          SHA1

                                                                                                                                                          8b851e7564103dce3556db86a34b401b3a94c8c6

                                                                                                                                                          SHA256

                                                                                                                                                          719136d24a09344564e7f1bbc46368a1cadcbc472297dbb4aa8870a6bc4a1e25

                                                                                                                                                          SHA512

                                                                                                                                                          ece25e08f182b29522c662ed479930a4e100014798939eef2e087c71cbcf8f84d73e93ac8e50dc55ebe7e8d73521533cfc717946cbde01f6636b5ada92358172

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          417d6b3b5a93e73cadf3352f324fdcb1

                                                                                                                                                          SHA1

                                                                                                                                                          6c86327eadb6307d8c32295452a7f277af3e349b

                                                                                                                                                          SHA256

                                                                                                                                                          ab23e5ef5b811f2da9b7d23b133f96a05953efa3467a0307f373287e28faf91a

                                                                                                                                                          SHA512

                                                                                                                                                          ffa88ed78a4e99b963e340128829d6c092feed370e840777420eebe2bce01e97d1b0f66a8ab13fbd83c33784edb23f2f6c3311f29cffeb7fb396208ec0280e4a

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a204b.TMP
                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          27537b4e377c143002956ac3ab92800b

                                                                                                                                                          SHA1

                                                                                                                                                          840661d8e757226aab5550f594ab8b53c9ffa1e4

                                                                                                                                                          SHA256

                                                                                                                                                          8a9de057b1626455d0befcfd2b9e106123a46d632beaeacb9c26ecea900728e0

                                                                                                                                                          SHA512

                                                                                                                                                          bb18375601a7026a5b24a1c86e0d1f867c26495791bc9f280fb414d863565f17ebcc14aeae387f52f1ac6d06e66d42426fce18a7b2ea83243778e13957e5e303

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                          Filesize

                                                                                                                                                          16B

                                                                                                                                                          MD5

                                                                                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                          SHA1

                                                                                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                          SHA256

                                                                                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                          SHA512

                                                                                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                          Filesize

                                                                                                                                                          11KB

                                                                                                                                                          MD5

                                                                                                                                                          1b37afb55fd089990e3199de026074b2

                                                                                                                                                          SHA1

                                                                                                                                                          029012436b34dd8132430aaef28b48357ab5e8d5

                                                                                                                                                          SHA256

                                                                                                                                                          475137fa36c8ada67d5017b9d76be7a3f01fd74149911ad8c94564258d79884f

                                                                                                                                                          SHA512

                                                                                                                                                          47f1d3220b4f09ae5a85fe6ec51b0a72de3f048954ad53f2bc556a1694c022418eeef90b544994708855b25e8a03dd3ea75d97b5ee22065c4fbbc7dcc7f3a361

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                          Filesize

                                                                                                                                                          11KB

                                                                                                                                                          MD5

                                                                                                                                                          7f1d963a54da5126b4abd71aa4960fcf

                                                                                                                                                          SHA1

                                                                                                                                                          241b01409111b70873eae172cdb863fede023d4a

                                                                                                                                                          SHA256

                                                                                                                                                          6f069f9e3b38a4918908342762bac731447def32f8d3eb21c8fd8a94fba2959e

                                                                                                                                                          SHA512

                                                                                                                                                          b93d75f6dabd2ecdaab6571bbb453dc48aaeb1825d10ab4de0d549c4f619ba7a6512fc70c2d679c7082df60318fd2e82fc38405be7284763b1268249e35ab1e2

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\3BA8.tmp\3BA9.tmp\3BAA.bat
                                                                                                                                                          Filesize

                                                                                                                                                          1KB

                                                                                                                                                          MD5

                                                                                                                                                          df17aff26f059073bed6a5f8824e5c39

                                                                                                                                                          SHA1

                                                                                                                                                          f880f5cbe705ed78afe9cb3a7667b50dbc08443f

                                                                                                                                                          SHA256

                                                                                                                                                          079ad17541306c21039854f1c9a28a9e1b0f131a2fd509f2a6bb1852875a3ea0

                                                                                                                                                          SHA512

                                                                                                                                                          2c9cdd6846b45cbbfcfbe7dbfdaecd32a602c1feb3af1c0a1e894b1e55af5e1e8f095eb60c42bc6efafc37f3c26bc9e45259afbcde9e67bb75c93fb418a1af79

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Vy8qw06.exe
                                                                                                                                                          Filesize

                                                                                                                                                          91KB

                                                                                                                                                          MD5

                                                                                                                                                          977de13db9a1de946e74ba3c9a51cfe0

                                                                                                                                                          SHA1

                                                                                                                                                          0b57ee03fa6fea5deb11c188db31f1db67b0b210

                                                                                                                                                          SHA256

                                                                                                                                                          d1046f142b42113d9bab19f8639e2fb36065971b7b1a119d4ff6a219448386e7

                                                                                                                                                          SHA512

                                                                                                                                                          43f44361211939f728a3335e8b5b984bf1e8353ac3201c37bad21b4ee3112c715c3f0a22b7d1f6a89d3b01015ee422b97ceed2d2272b4b9945a3b6633bbd72a9

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\At1FG96.exe
                                                                                                                                                          Filesize

                                                                                                                                                          1.4MB

                                                                                                                                                          MD5

                                                                                                                                                          8e2d8dfa03de6c15532bfaacec420f81

                                                                                                                                                          SHA1

                                                                                                                                                          101fb2741ffd483e3a011d5b4a45a396f1283cdc

                                                                                                                                                          SHA256

                                                                                                                                                          f69f176f2f7d0f61cb0cc2cc2290a0395a83b2cfc87b03e4ef67d2a9d82a25a7

                                                                                                                                                          SHA512

                                                                                                                                                          0e9c9c91561f38cb51acc7dafd14f3f9d4d1da9c00c28a4964cf0627d4c85748192fd373770c1be2adcb74cd53030cefc8338832b0c87d9427b0774c0240b916

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6cN9lD0.exe
                                                                                                                                                          Filesize

                                                                                                                                                          183KB

                                                                                                                                                          MD5

                                                                                                                                                          9a390e912bba29705f33a7d066f0121d

                                                                                                                                                          SHA1

                                                                                                                                                          c1373d404ae21a459302066b4303ed46a55a4903

                                                                                                                                                          SHA256

                                                                                                                                                          246beaf986e9ea105d8acbe9af02887d30258acd14299cff46d4a9fe69c20f5c

                                                                                                                                                          SHA512

                                                                                                                                                          e3ed53069a18548c9c4a7a43e95d3ba80f7397112ec38f70762d4293376327a3753b3ae2a3d6b5d67d2f4312ea4bc006000aabdab6f6295bba4246ce702d2b3c

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\UA8ci07.exe
                                                                                                                                                          Filesize

                                                                                                                                                          1.2MB

                                                                                                                                                          MD5

                                                                                                                                                          5bf7a7ec740f4a33001915c2b07485ce

                                                                                                                                                          SHA1

                                                                                                                                                          6edee108d86bd7d1f2cc92a513e11a7748d3ac41

                                                                                                                                                          SHA256

                                                                                                                                                          269b4486d82e60999c5e7eae527d80b5c941db368d72443e8c7b674cbcbb9990

                                                                                                                                                          SHA512

                                                                                                                                                          e5cea63fb5f2c85509ca0fca641fd79c245d8cc042edcdbbdc6ebdeb5cc9399f88ae1ae2e5dfe61b943a2d0281ad72b9fd8a3a20750c6eec91e83ccc72254547

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5Ge6UQ0.exe
                                                                                                                                                          Filesize

                                                                                                                                                          220KB

                                                                                                                                                          MD5

                                                                                                                                                          5403a3b8ea0569f5f6986142aa71fcd3

                                                                                                                                                          SHA1

                                                                                                                                                          20804d0d7fa0a86f330cd1a87bb0e53570aa2959

                                                                                                                                                          SHA256

                                                                                                                                                          99337baac4ec3a4528a3c703b921990f1ad0db3aef7a1d19bdec4b86a3c931a0

                                                                                                                                                          SHA512

                                                                                                                                                          f230a243d2e9399659fa83cebc893815c6894bd9de4f69e5a15b3ac8a875ff68830872d8c95b6117924615c8527d478bac979560be4c5bb7ad2568f696cdecb5

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\lx4ig89.exe
                                                                                                                                                          Filesize

                                                                                                                                                          1.0MB

                                                                                                                                                          MD5

                                                                                                                                                          9b8a72174c6d6c1740d713a296713419

                                                                                                                                                          SHA1

                                                                                                                                                          f83dbca8390f6639e38cc14b3fdd2bdeeb03860c

                                                                                                                                                          SHA256

                                                                                                                                                          b1319dce360ce568b30c5ff733f26136194f4a15259ca866df794caf631a2cd5

                                                                                                                                                          SHA512

                                                                                                                                                          eefab9c479778019a299c77b9313e60a0006d3e518fb643deb0ad471d655b6fcd31882dffc9a2010c15630cee0ef1e8d5c94b8a72b8b317e83db106096407bf4

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4lQ486Xs.exe
                                                                                                                                                          Filesize

                                                                                                                                                          1.1MB

                                                                                                                                                          MD5

                                                                                                                                                          c474cb24af058ec68f12ecedb0bd6087

                                                                                                                                                          SHA1

                                                                                                                                                          ba1cdb7706fc2085052d82a3ed402aa443a164d7

                                                                                                                                                          SHA256

                                                                                                                                                          8cbcd459d3ec3e02afb56c45998ee13d21a8cd608872d3a4b34a4e50271691e6

                                                                                                                                                          SHA512

                                                                                                                                                          cd55dee64cdebd241f7c2346eb1a623c039efbcc2d692c779d7fbe7a6b398ac2650f3ce9a7b19d9f0e7ae1c297703161872fbef045c089b052ec97c09a6cccaa

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\ey2LY57.exe
                                                                                                                                                          Filesize

                                                                                                                                                          650KB

                                                                                                                                                          MD5

                                                                                                                                                          0d2e8b4cc91449798dae7881676471a6

                                                                                                                                                          SHA1

                                                                                                                                                          a705fb3fc05731ebc75f2c2e6957a1877e402226

                                                                                                                                                          SHA256

                                                                                                                                                          0f6d6bf2af20f9651df6f17925a9df22c13c8d24bf7b53679f4e716ef659532d

                                                                                                                                                          SHA512

                                                                                                                                                          e36e749c04f9d2750d730906133dcddd55128fa608142b65a6c232ce30fa462b22f026f9c55a85e46a21793d4bf9546940613140400002ec86be272757dfb3e8

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3hC55qI.exe
                                                                                                                                                          Filesize

                                                                                                                                                          30KB

                                                                                                                                                          MD5

                                                                                                                                                          58ce829f506526dcb4ec4fc3df96d013

                                                                                                                                                          SHA1

                                                                                                                                                          3789722432e84ae7f4db840cb855d704abc7df90

                                                                                                                                                          SHA256

                                                                                                                                                          5eab54a985d161e4f851a716f3d5ee2e02802c49e24fa8325cd42f309b6791d1

                                                                                                                                                          SHA512

                                                                                                                                                          a8a227925a7e3d47f7a247e878a24a4c64ef3ae451b8a61a83bc4c8b44e25236eab74fcc0e51851988c6f9e21a5dde0d27a39b36a0b1d3b2a8e2e190d1f9b8bc

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\tP9oS68.exe
                                                                                                                                                          Filesize

                                                                                                                                                          525KB

                                                                                                                                                          MD5

                                                                                                                                                          28174f6760ee5c5e8ac8acbf27d41861

                                                                                                                                                          SHA1

                                                                                                                                                          1189d4f74f91b8f62ce845e9763f2fe667c6d99f

                                                                                                                                                          SHA256

                                                                                                                                                          7555a24ade99fcbe9b7b0df34c69d363f04154abb5e24b470171720ed182123c

                                                                                                                                                          SHA512

                                                                                                                                                          e26335cc1daca7dfe83076ce421ddef76e40490241e3ad119434058991ff3a783ba68e679785dd2c2e516ff192aa1c5d6b645d12f6454ebf82f060cd9c5c6a04

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1eo91NJ9.exe
                                                                                                                                                          Filesize

                                                                                                                                                          890KB

                                                                                                                                                          MD5

                                                                                                                                                          e978c7e1a5be84e958419fdcecd0e1f0

                                                                                                                                                          SHA1

                                                                                                                                                          16990d1c40986a496472fe3221d9ceb981e25f4a

                                                                                                                                                          SHA256

                                                                                                                                                          e72e37b2e1966aa59d99102486d99e0cded9faded978cdb8e7b1e59e49c4cb14

                                                                                                                                                          SHA512

                                                                                                                                                          9fb36bc7791fa24cd8e87ab2fbe02079361f299a84866882b945fab775e44408d112543aced0735cb4aa6267fe8c325925a20ca643cd47b2bb3e07a2ba49484a

                                                                                                                                                          Download Submit

                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2EH4758.exe
                                                                                                                                                          Filesize

                                                                                                                                                          1.1MB

                                                                                                                                                          MD5

                                                                                                                                                          8a4f92e7bae66ff53f4af5d0b94d7f0b

                                                                                                                                                          SHA1

                                                                                                                                                          4a3e2802afd48fddcad3b3badc28261aac260ea7

                                                                                                                                                          SHA256

                                                                                                                                                          791eedb3d2a4b678426283d48a53a6b1d9a1e059d5ca71c942b4b854ea4f2cc5

                                                                                                                                                          SHA512

                                                                                                                                                          1d2140f8792e3ab56e1fbd956f4b2cc7a31efa698284644a858c43e373b2053840d76870a45eeac43cae5eca9bd6b9c2b1f5704e26b0b2c0732f0bec0fe96027

                                                                                                                                                          Download Submit

                                                                                                                                                        • \??\pipe\LOCAL\crashpad_1408_SLGPTRGSZDLEXFLL
                                                                                                                                                          MD5

                                                                                                                                                          d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                          SHA1

                                                                                                                                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                          SHA256

                                                                                                                                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                          SHA512

                                                                                                                                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                          Download Submit

                                                                                                                                                        • memory/1944-70-0x00000000078B0000-0x00000000078C0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          64KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1944-84-0x0000000008A10000-0x0000000009028000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          6.1MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1944-76-0x0000000007B20000-0x0000000007B2A000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          40KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1944-69-0x0000000007930000-0x00000000079C2000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          584KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1944-90-0x0000000007CD0000-0x0000000007DDA000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          1.0MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1944-91-0x0000000007C00000-0x0000000007C12000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          72KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1944-93-0x0000000007C60000-0x0000000007C9C000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          240KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1944-95-0x0000000007DE0000-0x0000000007E2C000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          304KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1944-68-0x0000000007E40000-0x00000000083E4000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          5.6MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1944-67-0x0000000074240000-0x00000000749F0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          7.7MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1944-65-0x0000000000400000-0x000000000043E000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          248KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1944-371-0x00000000078B0000-0x00000000078C0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          64KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/1944-232-0x0000000074240000-0x00000000749F0000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          7.7MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2760-51-0x0000000000400000-0x0000000000434000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          208KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2760-49-0x0000000000400000-0x0000000000434000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          208KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2760-50-0x0000000000400000-0x0000000000434000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          208KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/2760-53-0x0000000000400000-0x0000000000434000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          208KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3436-58-0x0000000002B30000-0x0000000002B46000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          88KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3772-45-0x00000000746E0000-0x0000000074E90000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          7.7MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3772-43-0x00000000746E0000-0x0000000074E90000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          7.7MB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3772-42-0x0000000000400000-0x000000000040A000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          40KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3876-56-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          36KB

                                                                                                                                                          Download

                                                                                                                                                        • memory/3876-59-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                                                                                                          Filesize

                                                                                                                                                          36KB

                                                                                                                                                          Download