Analysis

  • max time kernel
    326s
  • max time network
    332s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    07-04-2024 21:06

General

  • Target

    sample.html

  • Size

    18KB

  • MD5

    1a142ed78fd54fe0b5427027ba902905

  • SHA1

    8335a20c0ff1c7e89a64a1b06787f6e1c21b7fc4

  • SHA256

    e89e17a5b8d5ab76a31f4404041fc1f9b5d2806c84dfce6034acb481133edb89

  • SHA512

    4ea1f9fd0fc3391dace74273997a33f387ed5bbe12338c4fe86323fb71cf2665fff59567e943a1b2c78e9202556f23a290999d50346daec84117b43004fd5e75

  • SSDEEP

    384:rMLpG3YtDpmReVoOs4EsN9ylKeGMzaU8HhhbO3BS137P2cdS2LjFrSE3+IVJCBXu:rMLOYtBVoOs4EsryI1MzQBhbORS1rP2i

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

6.tcp.ngrok.io:16799

Mutex

0c20af10-1b0a-4d0e-bbca-3718ee39e827

Attributes
  • encryption_key

    284202D1B7ED732612BB54048953C4453A2549F9

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    System32

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

  • Quasar payload 2 IoCs
  • Executes dropped EXE 16 IoCs
  • Loads dropped DLL 5 IoCs
  • UPX packed file 40 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 9 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Detects Pyinstaller 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 3 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

  • Enumerates system info in registry 2 TTPs 14 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 24 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 25 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1816
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffccf999758,0x7ffccf999768,0x7ffccf999778
      2⤵
        PID:1664
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:2
        2⤵
          PID:3132
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:8
          2⤵
            PID:792
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2168 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:8
            2⤵
              PID:4104
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:1
              2⤵
                PID:3216
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:1
                2⤵
                  PID:4996
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:8
                  2⤵
                    PID:3712
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:8
                    2⤵
                      PID:4800
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4964 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:1
                      2⤵
                        PID:4344
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4888 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:1
                        2⤵
                          PID:1572
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=2968 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:1
                          2⤵
                            PID:4472
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3116 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:8
                            2⤵
                              PID:1900
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2532 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:1
                              2⤵
                                PID:2952
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3080 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:8
                                2⤵
                                  PID:3892
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4584
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:8
                                  2⤵
                                  • NTFS ADS
                                  PID:952
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1820,i,18193223508545639936,13610329973327997471,131072 /prefetch:8
                                  2⤵
                                    PID:2608
                                  • C:\Program Files\7-Zip\7zFM.exe
                                    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\TangoGen.rar"
                                    2⤵
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of FindShellTrayWindow
                                    PID:2508
                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                  1⤵
                                    PID:4076
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:4352
                                    • C:\Windows\helppane.exe
                                      C:\Windows\helppane.exe -Embedding
                                      1⤵
                                      • Suspicious use of FindShellTrayWindow
                                      • Suspicious use of SetWindowsHookEx
                                      PID:4588
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528884
                                        2⤵
                                        • Enumerates system info in registry
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                        • Suspicious use of FindShellTrayWindow
                                        • Suspicious use of SendNotifyMessage
                                        PID:2772
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcbdc03cb8,0x7ffcbdc03cc8,0x7ffcbdc03cd8
                                          3⤵
                                            PID:3096
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
                                            3⤵
                                              PID:1784
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2020 /prefetch:3
                                              3⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:4516
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
                                              3⤵
                                                PID:4584
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
                                                3⤵
                                                  PID:2600
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
                                                  3⤵
                                                    PID:464
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
                                                    3⤵
                                                      PID:756
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
                                                      3⤵
                                                        PID:4836
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
                                                        3⤵
                                                          PID:1660
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
                                                          3⤵
                                                            PID:4016
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
                                                            3⤵
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:2824
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
                                                            3⤵
                                                              PID:1720
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
                                                              3⤵
                                                                PID:1296
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3980 /prefetch:8
                                                                3⤵
                                                                  PID:1448
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4612 /prefetch:8
                                                                  3⤵
                                                                  • Modifies registry class
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:1752
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
                                                                  3⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:1440
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1680,17172702818943213213,8847387970862750940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
                                                                  3⤵
                                                                    PID:4820
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:3672
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:1456
                                                                  • C:\Users\Admin\Downloads\TangoGen\TangoGenV1.3.EXE
                                                                    "C:\Users\Admin\Downloads\TangoGen\TangoGenV1.3.EXE"
                                                                    1⤵
                                                                    • Executes dropped EXE
                                                                    • Adds Run key to start application
                                                                    PID:4224
                                                                    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TANGOG~1.EXE
                                                                      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TANGOG~1.EXE
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • Adds Run key to start application
                                                                      PID:2932
                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Built.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Built.exe
                                                                        3⤵
                                                                        • Executes dropped EXE
                                                                        PID:2324
                                                                        • C:\Windows\SYSTEM32\schtasks.exe
                                                                          "schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                                                                          4⤵
                                                                          • Creates scheduled task(s)
                                                                          PID:5540
                                                                  • C:\Users\Admin\Downloads\TangoGen\TangoGenV1.3.EXE
                                                                    "C:\Users\Admin\Downloads\TangoGen\TangoGenV1.3.EXE"
                                                                    1⤵
                                                                    • Executes dropped EXE
                                                                    • Adds Run key to start application
                                                                    PID:2604
                                                                    • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TANGOG~1.EXE
                                                                      C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\TANGOG~1.EXE
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • Adds Run key to start application
                                                                      PID:3036
                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\Built.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\Built.exe
                                                                        3⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:5188
                                                                  • C:\Users\Admin\Downloads\TangoGen\TangoGenV1.3.EXE
                                                                    "C:\Users\Admin\Downloads\TangoGen\TangoGenV1.3.EXE"
                                                                    1⤵
                                                                    • Executes dropped EXE
                                                                    • Adds Run key to start application
                                                                    PID:4472
                                                                    • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\TANGOG~1.EXE
                                                                      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\TANGOG~1.EXE
                                                                      2⤵
                                                                      • Executes dropped EXE
                                                                      • Adds Run key to start application
                                                                      PID:4852
                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\Built.exe
                                                                        C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\Built.exe
                                                                        3⤵
                                                                        • Executes dropped EXE
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:1436
                                                                  • C:\Windows\system32\werfault.exe
                                                                    werfault.exe /hc /shared Global\afce7850a56849d8b3fa0e9b34101ef6 /t 3860 /p 3768
                                                                    1⤵
                                                                      PID:5784
                                                                    • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                                                      "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                                                      1⤵
                                                                      • Enumerates system info in registry
                                                                      • Modifies Internet Explorer settings
                                                                      • Modifies registry class
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:5912
                                                                    • C:\Users\Admin\Downloads\TangoGen\TangoGenV1.3.EXE
                                                                      "C:\Users\Admin\Downloads\TangoGen\TangoGenV1.3.EXE"
                                                                      1⤵
                                                                      • Executes dropped EXE
                                                                      • Adds Run key to start application
                                                                      PID:5716
                                                                      • C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\TANGOG~1.EXE
                                                                        C:\Users\Admin\AppData\Local\Temp\IXP006.TMP\TANGOG~1.EXE
                                                                        2⤵
                                                                        • Executes dropped EXE
                                                                        • Adds Run key to start application
                                                                        PID:5828
                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\Built.exe
                                                                          C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\Built.exe
                                                                          3⤵
                                                                          • Executes dropped EXE
                                                                          PID:2104
                                                                          • C:\Windows\SYSTEM32\schtasks.exe
                                                                            "schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                                                                            4⤵
                                                                            • Creates scheduled task(s)
                                                                            PID:5476
                                                                          • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
                                                                            "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
                                                                            4⤵
                                                                            • Executes dropped EXE
                                                                            • Suspicious use of SendNotifyMessage
                                                                            PID:5760
                                                                            • C:\Windows\SYSTEM32\schtasks.exe
                                                                              "schtasks" /create /tn "System32" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                                                                              5⤵
                                                                              • Creates scheduled task(s)
                                                                              PID:6100
                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\TANGOG~1.EXE
                                                                          C:\Users\Admin\AppData\Local\Temp\IXP007.TMP\TANGOG~1.EXE
                                                                          3⤵
                                                                          • Executes dropped EXE
                                                                          • Adds Run key to start application
                                                                          PID:728
                                                                          • C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\TANGOG~1.EXE
                                                                            C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\TANGOG~1.EXE
                                                                            4⤵
                                                                            • Executes dropped EXE
                                                                            PID:5616
                                                                            • C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\TANGOG~1.EXE
                                                                              C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\TANGOG~1.EXE
                                                                              5⤵
                                                                              • Executes dropped EXE
                                                                              • Loads dropped DLL
                                                                              PID:6076
                                                                          • C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\DMMEIF~1.EXE
                                                                            C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\DMMEIF~1.EXE
                                                                            4⤵
                                                                              PID:2276
                                                                              • C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\System32.exe
                                                                                C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\System32.exe
                                                                                5⤵
                                                                                  PID:5312
                                                                                  • C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\System32.exe
                                                                                    C:\Users\Admin\AppData\Local\Temp\IXP009.TMP\System32.exe
                                                                                    6⤵
                                                                                      PID:5400
                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                        C:\Windows\system32\cmd.exe /c "ver"
                                                                                        7⤵
                                                                                          PID:5448
                                                                                        • C:\Windows\SysWOW64\cmd.exe
                                                                                          C:\Windows\system32\cmd.exe /c "C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid"
                                                                                          7⤵
                                                                                            PID:4188
                                                                                            • C:\Windows\SysWOW64\wbem\WMIC.exe
                                                                                              C:\\Windows\\System32\\wbem\\WMIC.exe csproduct get uuid
                                                                                              8⤵
                                                                                                PID:5196
                                                                                • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                                                                  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                                                                  1⤵
                                                                                  • Enumerates system info in registry
                                                                                  • Modifies Internet Explorer settings
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:5860
                                                                                • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                                                                  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                                                                  1⤵
                                                                                  • Enumerates system info in registry
                                                                                  • Modifies Internet Explorer settings
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:6036
                                                                                • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                                                                  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                                                                  1⤵
                                                                                  • Enumerates system info in registry
                                                                                  • Modifies registry class
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:5844
                                                                                • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
                                                                                  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca
                                                                                  1⤵
                                                                                    PID:3888

                                                                                  Network

                                                                                  MITRE ATT&CK Enterprise v15

                                                                                  Replay Monitor

                                                                                  Loading Replay Monitor...

                                                                                  Downloads

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                    Filesize

                                                                                    288B

                                                                                    MD5

                                                                                    3ec095c902056ce8419e8a16f3f8e5b0

                                                                                    SHA1

                                                                                    adab1e9e733b4ee8bb37f2b24270535600d48533

                                                                                    SHA256

                                                                                    77efe2411c2f25fcc38eee2e533571093f1143125fcd3dbc498b4940d50bde8c

                                                                                    SHA512

                                                                                    6146fb39bb0b4d1e487260790875da3f6723b44f6f0af3da85fd44009187d39e9885e39a4f3ee59647e3c41e92c47bc764bde8eaf4cd377a75e64e43d3683a26

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                    Filesize

                                                                                    815B

                                                                                    MD5

                                                                                    25509d779f0c552e37b10d87d8bf98e7

                                                                                    SHA1

                                                                                    0a6433cae670e27f9db380925e0b98a9529bb97b

                                                                                    SHA256

                                                                                    21e3a99bb6d84388b176021f67c64181bfca7279bc202d2dd45964d9a654f34f

                                                                                    SHA512

                                                                                    802cc736c9ce531eb6f79f91443e33d9078c6e644934187bc1aaf5d4886ee20dc90943523e863c0a47444aaf28ee139bc733b3920daf6f7b20a4617a33670565

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    7f31cfe7baef73a29251c40916ecfaf0

                                                                                    SHA1

                                                                                    004ead05a154d1ad979cef0dec081cf6b46b7703

                                                                                    SHA256

                                                                                    68712b8c0bae341bf8d452bb7abcad0d653d1a8589f7fbbc1dd1c55a9d9859e7

                                                                                    SHA512

                                                                                    1407643b491cf7d42706f60ef14a291df260cf5a8f82e08e6fbb139296dad86d1aa84c22b9f6627baf05f73646262b5e63e15ed25e1dbb18cb4179d505ceaab3

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                    Filesize

                                                                                    873B

                                                                                    MD5

                                                                                    6600477f93233f68eac64b33dc2dfcf9

                                                                                    SHA1

                                                                                    8397d77016784722bcef7856a6cbaebe9c9b76d9

                                                                                    SHA256

                                                                                    d4ff52f26b29e620b308a77ffbd8dff4a3a3bd0dfd7e1060120bf247520e5372

                                                                                    SHA512

                                                                                    ad62091dd1074441c69a15aee3c933b2aff4f3a22726e4df49ca73adf723535cd3174448dc466cb86b0fce065ce6b3e1e4f6070a28b0277d0747853cdfc88333

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    437e38f03742d1af78f84d19cfb8e421

                                                                                    SHA1

                                                                                    b57f19cef9e7116a72ee43cf94260c44a1ac94f4

                                                                                    SHA256

                                                                                    2b9d707d5c64ac80aba19126d57ec295a24b8cccf0a87ca3a7a8b78e2b3d28dd

                                                                                    SHA512

                                                                                    fcbd3e506ade41616b345a079ad8b8f35a911b11d41b61b35269bcb529cda41d73a703618933f733823a53ca6b7720c632111eda5fb762c044a4cd2e24c84770

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    d2e4bbf1afebe1a81a689a436c0b624d

                                                                                    SHA1

                                                                                    7c25767e89b2adc0866db177112ca0a54333b51a

                                                                                    SHA256

                                                                                    e9c6c151ab0358e7056dc43700f0ca2ffc32733cac97bcc420f9b16a461c62f6

                                                                                    SHA512

                                                                                    0c062364cac9a762421663600af2cd65fc9dee6af42a10a88d607eacd8a8edd8ea817241fe12ae5bd837d922e14941ee641cd548351c2f63017625763cfbe6c2

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    9d15a99310a220c67aeb69cc1c8f2082

                                                                                    SHA1

                                                                                    2f5ab5f7ca2fb2c224f41eefbc5fd4e29853ad31

                                                                                    SHA256

                                                                                    92bd5428fbfe6d5b71f19e2d3e653470a31cc83dadc532465c7ec2d8c73d8fd6

                                                                                    SHA512

                                                                                    f2f12f270d0679500306f413e085d125d53bbfcd9b808c805712a9b8ab504cee88e2921d6ee7b652c140caf4d1363ecf873a42ddbb01782a08aad882f8f739e0

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    670ad852158255ae833f4e05c9398b3b

                                                                                    SHA1

                                                                                    0e83486a61ef000c781de0c689d3202d939966ac

                                                                                    SHA256

                                                                                    6783cda91f1c1fc0c0461807a413c525a793d63fcbca9a5d03788000e4c08662

                                                                                    SHA512

                                                                                    f4abae64687087bea50f32955a589c485db0f03b0b4ddbb7395ccf4b58d900f53e27a968779b1dea45474e6427d8dd18d87919ab277b018ee8c4f35717276934

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                    Filesize

                                                                                    130KB

                                                                                    MD5

                                                                                    1410c216b4609107e4da52a16237b875

                                                                                    SHA1

                                                                                    41b6b7068493cc6d058f46aa1910c4166f0a840e

                                                                                    SHA256

                                                                                    0f0aac2563c1f55395e8a2d6298a01e13d1eb1591db4f81d6f098dbf123425de

                                                                                    SHA512

                                                                                    11419e50264eab3b0cecfd9b34293b4921fdc4363c833607e80e5aec9a8d66730a8186bd9f8ae0ab75ee5f03ec7c84ea2e5b428478bc146860ca891e16927aa6

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                    Filesize

                                                                                    93KB

                                                                                    MD5

                                                                                    34473c147182169a0feb0fd9082e2ecb

                                                                                    SHA1

                                                                                    451a9683d9f9aac555be7ac3d5aa2943749d593d

                                                                                    SHA256

                                                                                    5ff60a13d559e2e2bb860ae7344f0c53a4cb5593626edf93d481e893ee86a9b7

                                                                                    SHA512

                                                                                    b0c3262415a3d7705e6fd6fab90ffcfd47b7510de26bb6c306c08ad16b48632cc440f514c6c1e27802d8b3079390012bac39657342d42a5e6ad0ae546d780d69

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                    Filesize

                                                                                    98KB

                                                                                    MD5

                                                                                    06a85b675ed694119b19779c11503055

                                                                                    SHA1

                                                                                    0f99f7428e0c321f749de5d343b6023a24e03e72

                                                                                    SHA256

                                                                                    becff4994b576074ac3e1fa3a0121f1c3eea9fe3d1f3d41caf5932100a70eaac

                                                                                    SHA512

                                                                                    91cb5836d798242e3a480841351acdc93b864c338cfcade7ffe2b2b08c25345c73cd7e7bdf4c161c092bdf5350091d2d2e0dea94057c6124b7c4bf20cd140e7d

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                    Filesize

                                                                                    107KB

                                                                                    MD5

                                                                                    097cc46a1f17d3640a253173d33db205

                                                                                    SHA1

                                                                                    dd1b4ca9d609d48b8b9db7d02ea964db1d208676

                                                                                    SHA256

                                                                                    973ac1e78e8cf9bbf7cd3216ea95c047fe2c3c87dcaf03d06660c0de78ae3457

                                                                                    SHA512

                                                                                    dc2376ee2dcd659ad2f5c1966340b10110847cdd1a5c454a9d99a86303edc440babfdcd578da30e1243a5fa05dcd93e4dd225a5f34cc5d22cd32693d0fb1634e

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58aa54.TMP

                                                                                    Filesize

                                                                                    89KB

                                                                                    MD5

                                                                                    fb1ca655e55f9d8636fbd03b6ed7a8c9

                                                                                    SHA1

                                                                                    4a4f5d713e52701400059c920def26515bcce725

                                                                                    SHA256

                                                                                    3225099234958c92bb14b1a219fc94f3b3e5aaa7881cad0e9ccae11de5de4fee

                                                                                    SHA512

                                                                                    e2614ed38899b6b6118a33e3454f2d5fa892fad3239fc09aefc3bd24ff3012bc4b1a4ed31f5b1b445c6bf020badf4e7667c363337f69338375e9b4bb22cb27a3

                                                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                    Filesize

                                                                                    2B

                                                                                    MD5

                                                                                    99914b932bd37a50b983c5e7c90ae93b

                                                                                    SHA1

                                                                                    bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                    SHA256

                                                                                    44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                    SHA512

                                                                                    27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                    Filesize

                                                                                    152B

                                                                                    MD5

                                                                                    ce319bd3ed3c89069337a6292042bbe0

                                                                                    SHA1

                                                                                    7e058bce90e1940293044abffe993adf67d8d888

                                                                                    SHA256

                                                                                    34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

                                                                                    SHA512

                                                                                    d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                    Filesize

                                                                                    152B

                                                                                    MD5

                                                                                    12b71c4e45a845b5f29a54abb695e302

                                                                                    SHA1

                                                                                    8699ca2c717839c385f13fb26d111e57a9e61d6f

                                                                                    SHA256

                                                                                    c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

                                                                                    SHA512

                                                                                    09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    a23ab3830540d929844cefe522617bbe

                                                                                    SHA1

                                                                                    75b701d686ca0a154d171be013fb2b0340e7a0ff

                                                                                    SHA256

                                                                                    4279d7498cbd424a71de5d3d5912da9f90d88619908912f299e2a2439b4d973d

                                                                                    SHA512

                                                                                    936acf067f9f10e01c508597fa1dbf63563a2b2d5affebea85a9f5d9c722480b3bb281eab23305ae45e1e9ba54d9bd7c792e29f83d841cad30f9aa8579a57471

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                    Filesize

                                                                                    467B

                                                                                    MD5

                                                                                    dd88537e60a124434832bd1bfbfea3f0

                                                                                    SHA1

                                                                                    725d982202e4428f90a3b8a6df0dd12deab5479e

                                                                                    SHA256

                                                                                    e251a4be9fb7c76800080f983d1a67f1e20cb9e456de673fb298b12e845812c1

                                                                                    SHA512

                                                                                    56459b6d36503cb659c245f94edcfa77c5641ae9304fd2adc54bb5faeb37451ac84fdfd2b785abf73d0be44d7c75977c14e159f0367c260fbd3af03f1377cdcd

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    5KB

                                                                                    MD5

                                                                                    02f6d785afb88961420aa2318989e262

                                                                                    SHA1

                                                                                    928e9f89e6b179035821c3250b2289e16cfd70d2

                                                                                    SHA256

                                                                                    95e5bab1ecea6592e0e3e28ffced647ce77477e04bc4271fbc35578da587818c

                                                                                    SHA512

                                                                                    053cc737a75fbe2e4f30541f62a94083534a9997a1c2e27ac31c88791bae411ddaf6fe97da9468eace5dc8e889eaebcd2a624ffebbc44ef722496efd6ee0943f

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    ca338509f28f152429a8e62a49ae40ba

                                                                                    SHA1

                                                                                    4ce00d0b05d3c23ef50fa8f66570560676ac5c03

                                                                                    SHA256

                                                                                    09126f08a8b09ad08d9ee7f7fe201c08da001b64be1761f945becbbd8115097c

                                                                                    SHA512

                                                                                    11d284cdcba4d05fbe7afc0304fb6914a912a185c03c4cb27b59006576e59b2ce6fa4df3762c013549f960c7997979cdd52bc743c8d2e32e15b5561b0cbabf69

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                    Filesize

                                                                                    703B

                                                                                    MD5

                                                                                    df9ab2856e79924f41e74a0aa56ad4eb

                                                                                    SHA1

                                                                                    ce19b13d09258b43981c6376f431ccf5c8432d28

                                                                                    SHA256

                                                                                    1eac79081561be7a790a407c3177f442bf7a2505161eee5ee0f9eab19f52dbb4

                                                                                    SHA512

                                                                                    a25552ff044095455544c8517ffcd3dd971504e46b4cf0f48274e59d8e56c6fdf741594538511027840d459f285b26b92a6f1097c2ba4cd73eb2049b8ec14638

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bacd6.TMP

                                                                                    Filesize

                                                                                    537B

                                                                                    MD5

                                                                                    493d6c08d6dc196a6267b860abc3c8b9

                                                                                    SHA1

                                                                                    0c4c2647abceaac00a1d78f3a2306e4fcdb809e5

                                                                                    SHA256

                                                                                    3e7798a5c2319ec814d68d4e8d7f8c3eee4c888e4a2c2878ec6c31b1e0dd5883

                                                                                    SHA512

                                                                                    9fe85adede7bab810d4048333b5d099efe884b5d012f2c8f3aa38574a39d58b0fa404176a5398a355e153a1f414827ecc2ad5b404319e9ff53b5f6dc177a87ba

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                    Filesize

                                                                                    16B

                                                                                    MD5

                                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                                    SHA1

                                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                    SHA256

                                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                    SHA512

                                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    a9cff109779e9367e3d80cecbe55e037

                                                                                    SHA1

                                                                                    8321b606526c73dfc3f9975a32052a38347e4a75

                                                                                    SHA256

                                                                                    de8fe8f2625dca0590089b55a61ac595219f384f7bd71884897117bea5b48676

                                                                                    SHA512

                                                                                    155e700b9f0e21efc6076378835d8717943383ab7fd226c5c5d06f30813f893e98284c013b34a2cedb2271b6559e31522cce7d2fd0b16788ce71bb04f4c12975

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    bce64d78f09f1e271a8d4e5d664dcc24

                                                                                    SHA1

                                                                                    20ea240514c9f561910fd05e83454671fceefc25

                                                                                    SHA256

                                                                                    15ff98e5338ff233708d2a836ff6c31647845ab8a46e9fc47397916cdc05d451

                                                                                    SHA512

                                                                                    e7280d88aab4f038c0ed307f662d8262a2a8422332403349b362b929264372940ba2d1f86108bb98a37170d6c4357c3d4933c820e778183eb6d792c7bff10a95

                                                                                  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TANGOG~1.EXE

                                                                                    Filesize

                                                                                    42.6MB

                                                                                    MD5

                                                                                    ea0f2bf412f49a4d131e186647e430fa

                                                                                    SHA1

                                                                                    a05b3d2e924b385089fcf477155c11af0d3852af

                                                                                    SHA256

                                                                                    f29dad7c38548748e8705ff719b4bba758bae20561318a91b3f4de65e715f6c9

                                                                                    SHA512

                                                                                    d360a148f83b4f5b2b03a445f566549aa1cf187640b4cd81d4854845f0415c96ea46f4a8afdb75ab03d0987b28fbf8eaf8d4a332b4d1c8587c77255188f97587

                                                                                  • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WINDOW~1.EXE

                                                                                    Filesize

                                                                                    9.4MB

                                                                                    MD5

                                                                                    66d4b34a620496eef746ff9877a19153

                                                                                    SHA1

                                                                                    364957fe3636d9802141a5ad80dbef80b14c274a

                                                                                    SHA256

                                                                                    88920d4fc74333ad6d6d67f37ff75afc127147a93246c67f099aca85e3f7e69f

                                                                                    SHA512

                                                                                    0d933482d766ba207282823f44e985fa68aa345430efca229cd08eb90dc2660abfe819628d558f8b50ab07b180ea5447f24ad64e9909c7ac45f3f5b490776c23

                                                                                  • C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Built.exe

                                                                                    Filesize

                                                                                    3.1MB

                                                                                    MD5

                                                                                    415b798b89de60513a68357847e0892d

                                                                                    SHA1

                                                                                    76703f5121b80e67a4b55fba3a68ea57d452952b

                                                                                    SHA256

                                                                                    b4d710f8d33014f5b77ff61f10bc70df4eec50e0a954c7ef5f09fb75e62ca110

                                                                                    SHA512

                                                                                    c6463d4e828cd18c4f95e11023a2d85e8a24bcce8a2b616d23a6b76f47a45a7a77f6b66d2d09f88228252ace251150216086c159e4a5e73489ef5349ecd213dd

                                                                                  • C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\TANGOG~1.EXE

                                                                                    Filesize

                                                                                    41.5MB

                                                                                    MD5

                                                                                    418826371c8cb889128cdfa3615fa99d

                                                                                    SHA1

                                                                                    d4bfaf14d2801611e2a64120aba2a2eb0fb52d4a

                                                                                    SHA256

                                                                                    48d96c17a1f0557d4ded682f7bd4179d463327685543b23100ef9152fa54412b

                                                                                    SHA512

                                                                                    c1fcad76fe6cf5d1af8168f334226a7153a4ac407efe93393f008e35f2ee5db4eb7091ea65a1d56f66d99696013192c214d54ecd022d883104b4325132628044

                                                                                  • C:\Users\Admin\AppData\Local\Temp\IXP008.TMP\TANGOG~1.EXE

                                                                                    Filesize

                                                                                    6.0MB

                                                                                    MD5

                                                                                    cca4410ce6b5c64389e221899c7924f5

                                                                                    SHA1

                                                                                    b43ecf2734266f0a0648ff6909eeab0b7cd162be

                                                                                    SHA256

                                                                                    5263a206f4c5bfaf4d64778507820df4e04273e19f767df253aa20fae1e31647

                                                                                    SHA512

                                                                                    616bb3a340e2a1ebf9c13d40868a2d3207b159757d9034621ecdec9d3c223e876a7cdcc39149d1e27b740cad937ccb8d36d79d418267c84393349d57b295d74e

                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI56162\VCRUNTIME140.dll

                                                                                    Filesize

                                                                                    94KB

                                                                                    MD5

                                                                                    11d9ac94e8cb17bd23dea89f8e757f18

                                                                                    SHA1

                                                                                    d4fb80a512486821ad320c4fd67abcae63005158

                                                                                    SHA256

                                                                                    e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e

                                                                                    SHA512

                                                                                    aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778

                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI56162\python310.dll

                                                                                    Filesize

                                                                                    4.2MB

                                                                                    MD5

                                                                                    384349987b60775d6fc3a6d202c3e1bd

                                                                                    SHA1

                                                                                    701cb80c55f859ad4a31c53aa744a00d61e467e5

                                                                                    SHA256

                                                                                    f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

                                                                                    SHA512

                                                                                    6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

                                                                                  • C:\Users\Admin\AppData\Local\Temp\_MEI56162\ucrtbase.dll

                                                                                    Filesize

                                                                                    992KB

                                                                                    MD5

                                                                                    0e0bac3d1dcc1833eae4e3e4cf83c4ef

                                                                                    SHA1

                                                                                    4189f4459c54e69c6d3155a82524bda7549a75a6

                                                                                    SHA256

                                                                                    8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

                                                                                    SHA512

                                                                                    a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

                                                                                  • C:\Users\Admin\Downloads\TangoGen.rar

                                                                                    Filesize

                                                                                    43.6MB

                                                                                    MD5

                                                                                    58499bbb694ff3a09362d57e35c660c7

                                                                                    SHA1

                                                                                    8fb1d6c6ff24b9710e78fddce0a3ed20201ccf96

                                                                                    SHA256

                                                                                    eb6f8f2a7f814d765640c5e6422921576383c85183677c8c1328f846bda5906e

                                                                                    SHA512

                                                                                    bb60444d0c0e91759bc6737a79d1cdb1e678b853fefc0e254a30d3455dcbd4c929847272e2a8f8ef779b6991f1aed44691a10a772c9920dca2a2298fb9a22b89

                                                                                  • C:\Users\Admin\Downloads\TangoGen.rar:Zone.Identifier

                                                                                    Filesize

                                                                                    26B

                                                                                    MD5

                                                                                    fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                    SHA1

                                                                                    d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                    SHA256

                                                                                    eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                    SHA512

                                                                                    aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                  • C:\Users\Admin\Downloads\TangoGen\TangoGenV1.3.EXE

                                                                                    Filesize

                                                                                    52.0MB

                                                                                    MD5

                                                                                    e9150812ffb2317a7ff1a2491a392ade

                                                                                    SHA1

                                                                                    6b929ee7d7555604ec71d2463b6c1602aaf38b75

                                                                                    SHA256

                                                                                    0e01eb02101b4aa05e0484ac9caebb77a7ecda7a36263aac8a32225fa2a8d38a

                                                                                    SHA512

                                                                                    7a7a5c6c29848e5a2f1c12753c6bf9900937b99fd5e07cfb6fc6793216361bc7962fbd0a2b29448bae1c028ab93c11640f176cf5d3897a64973dd954ff417914

                                                                                  • \??\pipe\crashpad_1816_YLKUSKIZLWCMNUOT

                                                                                    MD5

                                                                                    d41d8cd98f00b204e9800998ecf8427e

                                                                                    SHA1

                                                                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                    SHA256

                                                                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                    SHA512

                                                                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                  • memory/1436-691-0x000000001B0F0000-0x000000001B100000-memory.dmp

                                                                                    Filesize

                                                                                    64KB

                                                                                  • memory/1436-456-0x000000001B0F0000-0x000000001B100000-memory.dmp

                                                                                    Filesize

                                                                                    64KB

                                                                                  • memory/1436-455-0x00007FFCB9380000-0x00007FFCB9E42000-memory.dmp

                                                                                    Filesize

                                                                                    10.8MB

                                                                                  • memory/1436-659-0x00007FFCB9380000-0x00007FFCB9E42000-memory.dmp

                                                                                    Filesize

                                                                                    10.8MB

                                                                                  • memory/2104-564-0x00007FFCB9380000-0x00007FFCB9E42000-memory.dmp

                                                                                    Filesize

                                                                                    10.8MB

                                                                                  • memory/2104-522-0x000000001B900000-0x000000001B910000-memory.dmp

                                                                                    Filesize

                                                                                    64KB

                                                                                  • memory/2104-520-0x00007FFCB9380000-0x00007FFCB9E42000-memory.dmp

                                                                                    Filesize

                                                                                    10.8MB

                                                                                  • memory/2324-458-0x000000001B7B0000-0x000000001B7C0000-memory.dmp

                                                                                    Filesize

                                                                                    64KB

                                                                                  • memory/2324-696-0x000000001B7B0000-0x000000001B7C0000-memory.dmp

                                                                                    Filesize

                                                                                    64KB

                                                                                  • memory/2324-449-0x00007FFCB9380000-0x00007FFCB9E42000-memory.dmp

                                                                                    Filesize

                                                                                    10.8MB

                                                                                  • memory/2324-443-0x0000000000650000-0x0000000000974000-memory.dmp

                                                                                    Filesize

                                                                                    3.1MB

                                                                                  • memory/2324-676-0x00007FFCB9380000-0x00007FFCB9E42000-memory.dmp

                                                                                    Filesize

                                                                                    10.8MB

                                                                                  • memory/5188-697-0x00007FFCB9380000-0x00007FFCB9E42000-memory.dmp

                                                                                    Filesize

                                                                                    10.8MB

                                                                                  • memory/5188-457-0x0000000002DD0000-0x0000000002DE0000-memory.dmp

                                                                                    Filesize

                                                                                    64KB

                                                                                  • memory/5188-693-0x0000000002DD0000-0x0000000002DE0000-memory.dmp

                                                                                    Filesize

                                                                                    64KB

                                                                                  • memory/5188-459-0x00007FFCB9380000-0x00007FFCB9E42000-memory.dmp

                                                                                    Filesize

                                                                                    10.8MB

                                                                                  • memory/5400-827-0x00000000743B0000-0x0000000074444000-memory.dmp

                                                                                    Filesize

                                                                                    592KB

                                                                                  • memory/5400-828-0x0000000074390000-0x00000000743A2000-memory.dmp

                                                                                    Filesize

                                                                                    72KB

                                                                                  • memory/5400-855-0x0000000074E50000-0x000000007535B000-memory.dmp

                                                                                    Filesize

                                                                                    5.0MB

                                                                                  • memory/5400-854-0x0000000073BD0000-0x0000000073BF5000-memory.dmp

                                                                                    Filesize

                                                                                    148KB

                                                                                  • memory/5400-853-0x0000000074C10000-0x0000000074CB0000-memory.dmp

                                                                                    Filesize

                                                                                    640KB

                                                                                  • memory/5400-852-0x0000000073C10000-0x0000000073E3C000-memory.dmp

                                                                                    Filesize

                                                                                    2.2MB

                                                                                  • memory/5400-811-0x0000000074E50000-0x000000007535B000-memory.dmp

                                                                                    Filesize

                                                                                    5.0MB

                                                                                  • memory/5400-812-0x0000000074DE0000-0x0000000074DFF000-memory.dmp

                                                                                    Filesize

                                                                                    124KB

                                                                                  • memory/5400-813-0x0000000074DD0000-0x0000000074DDD000-memory.dmp

                                                                                    Filesize

                                                                                    52KB

                                                                                  • memory/5400-851-0x0000000073E60000-0x0000000073E6A000-memory.dmp

                                                                                    Filesize

                                                                                    40KB

                                                                                  • memory/5400-815-0x0000000074D60000-0x0000000074D76000-memory.dmp

                                                                                    Filesize

                                                                                    88KB

                                                                                  • memory/5400-816-0x0000000074DB0000-0x0000000074DC8000-memory.dmp

                                                                                    Filesize

                                                                                    96KB

                                                                                  • memory/5400-819-0x0000000074CB0000-0x0000000074CD7000-memory.dmp

                                                                                    Filesize

                                                                                    156KB

                                                                                  • memory/5400-817-0x0000000074D80000-0x0000000074DA7000-memory.dmp

                                                                                    Filesize

                                                                                    156KB

                                                                                  • memory/5400-818-0x0000000074CE0000-0x0000000074CEC000-memory.dmp

                                                                                    Filesize

                                                                                    48KB

                                                                                  • memory/5400-849-0x0000000073E80000-0x0000000073E8A000-memory.dmp

                                                                                    Filesize

                                                                                    40KB

                                                                                  • memory/5400-823-0x0000000074C10000-0x0000000074CB0000-memory.dmp

                                                                                    Filesize

                                                                                    640KB

                                                                                  • memory/5400-822-0x0000000074CF0000-0x0000000074D1F000-memory.dmp

                                                                                    Filesize

                                                                                    188KB

                                                                                  • memory/5400-821-0x0000000074D20000-0x0000000074D2C000-memory.dmp

                                                                                    Filesize

                                                                                    48KB

                                                                                  • memory/5400-824-0x0000000074720000-0x0000000074744000-memory.dmp

                                                                                    Filesize

                                                                                    144KB

                                                                                  • memory/5400-825-0x00000000746B0000-0x00000000746D8000-memory.dmp

                                                                                    Filesize

                                                                                    160KB

                                                                                  • memory/5400-826-0x0000000074450000-0x00000000746AA000-memory.dmp

                                                                                    Filesize

                                                                                    2.4MB

                                                                                  • memory/5400-848-0x0000000074CB0000-0x0000000074CD7000-memory.dmp

                                                                                    Filesize

                                                                                    156KB

                                                                                  • memory/5400-847-0x0000000073EC0000-0x0000000073ECD000-memory.dmp

                                                                                    Filesize

                                                                                    52KB

                                                                                  • memory/5400-831-0x0000000074E50000-0x000000007535B000-memory.dmp

                                                                                    Filesize

                                                                                    5.0MB

                                                                                  • memory/5400-832-0x0000000074380000-0x000000007438F000-memory.dmp

                                                                                    Filesize

                                                                                    60KB

                                                                                  • memory/5400-833-0x00000000741D0000-0x0000000074307000-memory.dmp

                                                                                    Filesize

                                                                                    1.2MB

                                                                                  • memory/5400-834-0x00000000740F0000-0x0000000074100000-memory.dmp

                                                                                    Filesize

                                                                                    64KB

                                                                                  • memory/5400-835-0x0000000074310000-0x000000007432B000-memory.dmp

                                                                                    Filesize

                                                                                    108KB

                                                                                  • memory/5400-836-0x0000000074DE0000-0x0000000074DFF000-memory.dmp

                                                                                    Filesize

                                                                                    124KB

                                                                                  • memory/5400-837-0x0000000074D60000-0x0000000074D76000-memory.dmp

                                                                                    Filesize

                                                                                    88KB

                                                                                  • memory/5400-838-0x00000000741B0000-0x00000000741C6000-memory.dmp

                                                                                    Filesize

                                                                                    88KB

                                                                                  • memory/5400-839-0x00000000740B0000-0x00000000740D2000-memory.dmp

                                                                                    Filesize

                                                                                    136KB

                                                                                  • memory/5400-840-0x0000000073F90000-0x00000000740A9000-memory.dmp

                                                                                    Filesize

                                                                                    1.1MB

                                                                                  • memory/5400-841-0x0000000073F50000-0x0000000073F81000-memory.dmp

                                                                                    Filesize

                                                                                    196KB

                                                                                  • memory/5400-843-0x0000000073ED0000-0x0000000073EDC000-memory.dmp

                                                                                    Filesize

                                                                                    48KB

                                                                                  • memory/5400-842-0x0000000073EE0000-0x0000000073EEA000-memory.dmp

                                                                                    Filesize

                                                                                    40KB

                                                                                  • memory/5400-844-0x0000000073E50000-0x0000000073E60000-memory.dmp

                                                                                    Filesize

                                                                                    64KB

                                                                                  • memory/5400-846-0x0000000073F00000-0x0000000073F0A000-memory.dmp

                                                                                    Filesize

                                                                                    40KB

                                                                                  • memory/5400-845-0x0000000073E40000-0x0000000073E4A000-memory.dmp

                                                                                    Filesize

                                                                                    40KB

                                                                                  • memory/5760-820-0x000000001B6B0000-0x000000001B6C0000-memory.dmp

                                                                                    Filesize

                                                                                    64KB

                                                                                  • memory/5760-814-0x00007FFCB9380000-0x00007FFCB9E42000-memory.dmp

                                                                                    Filesize

                                                                                    10.8MB

                                                                                  • memory/5760-565-0x00007FFCB9380000-0x00007FFCB9E42000-memory.dmp

                                                                                    Filesize

                                                                                    10.8MB

                                                                                  • memory/5760-566-0x000000001B6B0000-0x000000001B6C0000-memory.dmp

                                                                                    Filesize

                                                                                    64KB

                                                                                  • memory/5760-640-0x000000001C4D0000-0x000000001C520000-memory.dmp

                                                                                    Filesize

                                                                                    320KB

                                                                                  • memory/5760-641-0x000000001C5E0000-0x000000001C692000-memory.dmp

                                                                                    Filesize

                                                                                    712KB

                                                                                  • memory/5912-521-0x000001C763FD0000-0x000001C763FF0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB

                                                                                  • memory/6036-658-0x000001FD7C990000-0x000001FD7C9B0000-memory.dmp

                                                                                    Filesize

                                                                                    128KB