ab7a33df847a1908e00485aeb30513f30c9e15f14cb48ea96b291cd12ca27c45

Analysis

max time kernel
1799s
max time network
1745s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 14:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

death.bat
Size

190B
MD5

a4dc5acd0189074c570e78d409bf8259
SHA1

6ee800cf5f59d30f3be87298d755e44c11ae77af
SHA256

720b8bd57d552a134b0f3875c3d1fb564d492a35e2f46eba4ce8dc0ce8d5ad34
SHA512

f953f50e83f76d9a1b29425bb101b5900558bce2b64875235fe5cf9c1027bacb62fc551b32c8bc6762e917234389bbcb944e7fe070b62184ff36ad8952ed72c1

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000\Control Panel\International\Geo\Nation	cmd.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2860750803-256193626-1801997576-1000_Classes\Local Settings	calc.exe

Suspicious behavior: AddClipboardFormatListener 14 IoCs

pid	Process
4960	vlc.exe
2324	vlc.exe
5244	vlc.exe
6292	vlc.exe
6576	vlc.exe
6816	vlc.exe
7308	vlc.exe
7540	vlc.exe
6656	vlc.exe
7444	vlc.exe
8276	vlc.exe
8660	vlc.exe
8880	vlc.exe
7612	vlc.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4240	msedge.exe
4240	msedge.exe
2336	msedge.exe
2336	msedge.exe
4908	msedge.exe
4908	msedge.exe
5216	identity_helper.exe
5216	identity_helper.exe
3796	mspaint.exe
3796	mspaint.exe
6712	mspaint.exe
6712	mspaint.exe
6640	mspaint.exe
6640	mspaint.exe
8636	mspaint.exe
8636	mspaint.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 14 IoCs

pid	Process
4960	vlc.exe
2324	vlc.exe
5244	vlc.exe
6292	vlc.exe
6576	vlc.exe
6816	vlc.exe
7308	vlc.exe
7540	vlc.exe
6656	vlc.exe
7444	vlc.exe
8276	vlc.exe
8660	vlc.exe
8880	vlc.exe
7612	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
4960	vlc.exe
4960	vlc.exe
2324	vlc.exe
2324	vlc.exe
4960	vlc.exe
2324	vlc.exe
5244	vlc.exe
5244	vlc.exe
5244	vlc.exe
6292	vlc.exe
6292	vlc.exe
6292	vlc.exe
6576	vlc.exe
6576	vlc.exe
6576	vlc.exe
6816	vlc.exe
6816	vlc.exe
6816	vlc.exe
7308	vlc.exe
7308	vlc.exe
7308	vlc.exe
7540	vlc.exe
7540	vlc.exe
7540	vlc.exe
6656	vlc.exe
6656	vlc.exe
7444	vlc.exe
7444	vlc.exe
6656	vlc.exe
7444	vlc.exe
8276	vlc.exe
8276	vlc.exe
8276	vlc.exe
8660	vlc.exe
8660	vlc.exe
8880	vlc.exe
8660	vlc.exe
8880	vlc.exe
8880	vlc.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
4960	vlc.exe
4960	vlc.exe
2324	vlc.exe
2324	vlc.exe
5244	vlc.exe
5244	vlc.exe
6292	vlc.exe
6292	vlc.exe
6576	vlc.exe
6576	vlc.exe
6816	vlc.exe
6816	vlc.exe
7308	vlc.exe
7308	vlc.exe
7540	vlc.exe
7540	vlc.exe
6656	vlc.exe
6656	vlc.exe
7444	vlc.exe
7444	vlc.exe
8276	vlc.exe
8276	vlc.exe
8660	vlc.exe
8660	vlc.exe
8880	vlc.exe
8880	vlc.exe
7612	vlc.exe
7612	vlc.exe

Suspicious use of SetWindowsHookEx 35 IoCs

pid	Process
4960	vlc.exe
2324	vlc.exe
852	OpenWith.exe
3796	mspaint.exe
5244	vlc.exe
3796	mspaint.exe
3796	mspaint.exe
3796	mspaint.exe
6292	vlc.exe
6576	vlc.exe
6356	OpenWith.exe
6712	mspaint.exe
6816	vlc.exe
6712	mspaint.exe
6712	mspaint.exe
6712	mspaint.exe
7308	vlc.exe
7540	vlc.exe
7368	OpenWith.exe
6640	mspaint.exe
6656	vlc.exe
6640	mspaint.exe
6640	mspaint.exe
6640	mspaint.exe
7444	vlc.exe
8276	vlc.exe
7428	OpenWith.exe
8636	mspaint.exe
8660	vlc.exe
8636	mspaint.exe
8636	mspaint.exe
8636	mspaint.exe
8880	vlc.exe
7612	vlc.exe
6200	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 2336	1248	cmd.exe	84
PID 1248 wrote to memory of 2336	1248	cmd.exe	84
PID 1248 wrote to memory of 3388	1248	cmd.exe	86
PID 1248 wrote to memory of 3388	1248	cmd.exe	86
PID 2336 wrote to memory of 4244	2336	msedge.exe	87
PID 2336 wrote to memory of 4244	2336	msedge.exe	87
PID 1248 wrote to memory of 4960	1248	cmd.exe	88
PID 1248 wrote to memory of 4960	1248	cmd.exe	88
PID 1248 wrote to memory of 2188	1248	cmd.exe	89
PID 1248 wrote to memory of 2188	1248	cmd.exe	89
PID 2188 wrote to memory of 2892	2188	msedge.exe	90
PID 2188 wrote to memory of 2892	2188	msedge.exe	90
PID 1248 wrote to memory of 2324	1248	cmd.exe	91
PID 1248 wrote to memory of 2324	1248	cmd.exe	91
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4772	2336	msedge.exe	93
PID 2336 wrote to memory of 4240	2336	msedge.exe	94
PID 2336 wrote to memory of 4240	2336	msedge.exe	94
PID 2336 wrote to memory of 2908	2336	msedge.exe	95
PID 2336 wrote to memory of 2908	2336	msedge.exe	95
PID 2336 wrote to memory of 2908	2336	msedge.exe	95
PID 2336 wrote to memory of 2908	2336	msedge.exe	95
PID 2336 wrote to memory of 2908	2336	msedge.exe	95
PID 2336 wrote to memory of 2908	2336	msedge.exe	95
PID 2336 wrote to memory of 2908	2336	msedge.exe	95
PID 2336 wrote to memory of 2908	2336	msedge.exe	95

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\death.bat"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:4244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
    3⤵
    PID:4772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
    3⤵
    PID:2908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
    3⤵
    PID:4196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
    3⤵
    PID:1000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
    3⤵
    PID:3732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
    3⤵
    PID:388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
    3⤵
    PID:3860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
    3⤵
    PID:4908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
    3⤵
    PID:4428
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
    3⤵
    PID:3464
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
    3⤵
    PID:5552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
    3⤵
    PID:5560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
    3⤵
    PID:4716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
    3⤵
    PID:5792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
    3⤵
    PID:5976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
    3⤵
    PID:5988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
    3⤵
    PID:2464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
    3⤵
    PID:6204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
    3⤵
    PID:6608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
    3⤵
    PID:6736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
    3⤵
    PID:6948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
    3⤵
    PID:7008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
    3⤵
    PID:6140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
    3⤵
    PID:5328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
    3⤵
    PID:5404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
    3⤵
    PID:7208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
    3⤵
    PID:7596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
    3⤵
    PID:7712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
    3⤵
    PID:7992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
    3⤵
    PID:8156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
    3⤵
    PID:7548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
    3⤵
    PID:7088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
    3⤵
    PID:5940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8328 /prefetch:1
    3⤵
    PID:888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
    3⤵
    PID:8284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8752 /prefetch:1
    3⤵
    PID:8396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9176 /prefetch:1
    3⤵
    PID:8780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9052 /prefetch:1
    3⤵
    PID:7112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1
    3⤵
    PID:9048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:1
    3⤵
    PID:9156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1
    3⤵
    PID:7552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9492 /prefetch:1
    3⤵
    PID:7496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8780 /prefetch:1
    3⤵
    PID:8528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
    3⤵
    PID:9288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,11859907428736791068,5113835022945341506,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4308
- C:\Windows\system32\calc.exe
  calc
  2⤵
  - Modifies registry class
  PID:3388
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.facebook.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:2892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1184857936939197112,15747686483545703478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4908
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.gmail.com/
  2⤵
  PID:1696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:4968
- C:\Windows\system32\mspaint.exe
  mspaint
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3796
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
  2⤵
  PID:3180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
  2⤵
  PID:4592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:3920
- C:\Windows\system32\calc.exe
  calc
  2⤵
  - Modifies registry class
  PID:2468
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:6292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.facebook.com/
  2⤵
  PID:6512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:6524
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:6576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.gmail.com/
  2⤵
  PID:6520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:6032
- C:\Windows\system32\mspaint.exe
  mspaint
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:6712
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:6816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
  2⤵
  PID:6904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:6920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
  2⤵
  PID:7040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:7060
- C:\Windows\system32\calc.exe
  calc
  2⤵
  - Modifies registry class
  PID:7000
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:7308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.facebook.com/
  2⤵
  PID:7472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:7484
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:7540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.gmail.com/
  2⤵
  PID:5784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:6676
- C:\Windows\system32\mspaint.exe
  mspaint
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:6640
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:6656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
  2⤵
  PID:8112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:8080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
  2⤵
  PID:8172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:6428
- C:\Windows\system32\calc.exe
  calc
  2⤵
  - Modifies registry class
  PID:6732
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:7444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.facebook.com/
  2⤵
  PID:7704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:8136
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:8276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.gmail.com/
  2⤵
  PID:8612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:8668
- C:\Windows\system32\mspaint.exe
  mspaint
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:8636
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:8660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
  2⤵
  PID:8792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:8816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.com/
  2⤵
  PID:536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:7144
- C:\Windows\system32\calc.exe
  calc
  2⤵
  - Modifies registry class
  PID:7140
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:8880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.facebook.com/
  2⤵
  PID:8240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0x104,0x114,0x7ffc03de46f8,0x7ffc03de4708,0x7ffc03de4718
    3⤵
    PID:7428
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:7612

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1592

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:1000

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6356

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:7368

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:7428

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
90KB

MD5
07caa4225c6a34db6e9b82ebc4469de3

SHA1
80fddf08dc4273d3bbec68305d62a003c53cd7f4

SHA256
5e125a65e3f87b5d298f3d02861639c988c2a246d2ffbdad9c1b6b8d9f52dcd3

SHA512
54072c8ec92c0c68f129fa3131a592cbb0f373004dc20983f0dc2b0174e7a386b0d8609a3e72ec1351619f6470a601fb231637d8f7eda2ad8f9cc1b2da94405b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
18KB

MD5
822cc513fc2903189fe062005d5bf19a

SHA1
a80f3fc5813700ebe84eaa96e6cdada7aafafa3d

SHA256
6ca35342bba96a2987e9e078cd0b899b2dcfe554c775972147f8da74a1089a3a

SHA512
448bed9a45eb5c7bda425da36903fd75f1e99605a942cc61bcdd589628934464d8d5210e10818cd9d423c6d6b8c815c49dbaceeffc36c3b825e68e029760a8db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
c1164ab65ff7e42adb16975e59216b06

SHA1
ac7204effb50d0b350b1e362778460515f113ecc

SHA256
d7928d8f5536d503eb37c541b5ce813941694b71b0eb550250c7e4cbcb1babbb

SHA512
1f84a9d9d51ac92e8fb66b54d103986e5c8a1ca03f52a7d8cdf21b77eb9f466568b33821530e80366ce95900b20816e14a767b73043a0019de4a2f1a4ffd1509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
21KB

MD5
3669e98b2ae9734d101d572190d0c90d

SHA1
5e36898bebc6b11d8e985173fd8b401dc1820852

SHA256
7061caa61b21e5e5c1419ae0dc8299142ba89c8169a2bd968b6de34a564f888a

SHA512
0c5f0190b0df4939c2555ec7053a24f5dae388a0936140d68ed720a70542b40aaf65c882f43eb1878704bea3bd18934de4b1aac57a92f89bbb4c67a51b983ae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
34KB

MD5
b63bcace3731e74f6c45002db72b2683

SHA1
99898168473775a18170adad4d313082da090976

SHA256
ea3a8425dcf06dbc9c9be0ccd2eb6381507dd5ac45e2a685b3a9b1b5d289d085

SHA512
d62d4dddb7ec61ef82d84f93f6303001ba78d16fd727090c9d8326a86ab270f926b338c8164c2721569485663da88b850c3a6452ccb8b3650c6fa5ce1ce0f140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
16KB

MD5
9978db669e49523b7adb3af80d561b1b

SHA1
7eb15d01e2afd057188741fad9ea1719bccc01ea

SHA256
4e57f4cf302186300f95c74144cbca9eb756c0a8313ebf32f8aba5c279dd059c

SHA512
04b216bd907c70ee2b96e513f7de56481388b577e6ccd67145a48178a605581fab715096cfb75d1bb336e6ad0060701d2a3680e9f38fe31e1573d5965f1e380a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
49KB

MD5
55abcc758ea44e30cc6bf29a8e961169

SHA1
3b3717aeebb58d07f553c1813635eadb11fda264

SHA256
dada70d2614b10f6666b149d2864fdcf8f944bf748dcf79b2fe6dad73e4ef7b6

SHA512
12e2405f5412c427bee4edd9543f4ea40502eaace30b24fe1ae629895b787ea5a959903a2e32abe341cd8136033a61b802b57fe862efba5f5a1b167176dd2454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
46KB

MD5
beafc7738da2d4d503d2b7bdb5b5ee9b

SHA1
a4fd5eb4624236bc1a482d1b2e25b0f65e1cc0e0

SHA256
bb77e10b27807cbec9a9f7a4aeefaa41d66a4360ed33e55450aaf7a47f0da4b4

SHA512
a0b7cf6df6e8cc2b11e05099253c07042ac474638cc9e7fb0a6816e70f43e400e356d41bde995dce7ff11da65f75e7dc7a7f8593c6b031a0aa17b7181f51312f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
37KB

MD5
01ef159c14690afd71c42942a75d5b2d

SHA1
a38b58196f3e8c111065deb17420a06b8ff8e70f

SHA256
118d6f295fd05bc547835ba1c4360250e97677c0419c03928fd611f4f3e3104b

SHA512
12292194bb089f50bb73507d4324ea691cc853a6e7b8d637c231fadb4f465246b97fd3684162467989b1c3c46eabb3595adb0350c6cf41921213620d0cff455b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
46KB

MD5
621714e5257f6d356c5926b13b8c2018

SHA1
95fbe9dcf1ae01e969d3178e2efd6df377f5f455

SHA256
b6c5da3bf2ae9801a3c1c61328d54f9d3889dcea4049851b4ed4a2ff9ba16800

SHA512
b39ea7c8b6bb14a5a86d121c9afc4e2fc1b46a8f8c8a8ddacfa53996c0c94f39d436479d923bf3da45f04431d93d8b0908c50d586181326f68e7675c530218ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
19KB

MD5
f0dd162b56f0e6766553c308be621734

SHA1
250c5077385ac77807206a6531e8ff494ebb278a

SHA256
da215dcbf480b388d0512cbc351753ec6c6c61925716c57d7bb19c29b51055a4

SHA512
3e0e3445a80f454b0dc403ba4c44744252afed1394e590fae604c073abdccd0c09380f7497181897070ebc0f9dcb7c02c823f963535616a960d17e20c4eaef22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
57KB

MD5
547f0291facde55d35d4a5a04f937725

SHA1
53a58f2264dcbf1a3d605f633d4406711c7a4e4d

SHA256
8cf1811297c915b32c21144c232e3f2bfe5b944e8e518c344d4648663355d5a2

SHA512
f0346a06424313b782c4f322b806779733400e06af5e7d06770f626e50997c4adc6fe46eda90355433fc1894d3a07b7aa6cae26e84211380fd4942e4d437228a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
298KB

MD5
822cb869429566b5e36189cd67c4c87e

SHA1
73b87dc9caa7795d1f229af0f88ca01163d6942e

SHA256
2c711f51a21b8abba9c93dd7938b28560d36548bbba0adb800d4660d1a139fb8

SHA512
8d0232e29b115d91ab903c2a69518fb95a23579349f8b5a9ac1cbb861bdf01880aed3ed79638d7787c82ae1b11dc505c39bc8e89f7293e8e865a05549ce25500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
96KB

MD5
4d5a9375d343399b23ee119bd6bbb732

SHA1
9baf247f21e411715cbd9487afb85c0361b10bc5

SHA256
7fb8902744d71683b58f4a2414605805a13cb505e83e84affbb6f69262a1c2af

SHA512
3a3809e94b1a294ce95bb771775f454668d850c28598c2662fecb0d1a3967dbabbde8b75049af367ad3e4b5cb938061a810faa544820c98acfdf101a0d821e53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
155KB

MD5
6c2e5e61b3660ca72e9df3c181c6b45b

SHA1
c2e2c48270ccac02d5200cec24a548a48ebd112b

SHA256
8db66f729cb1349ab341f3e91978f738d814c676a9ad07c585a19abc558d783b

SHA512
ab6be471084aa9fde8eace9f0e7b0bff809f9fb1c9fe212304ac818c36c407d1425c63f8caf4990d8be64f7eac7532cc45963c6288773deeb7b6eaf7c818710d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
73KB

MD5
a3c02e6e5a47c7adca72345c0280a151

SHA1
3cfa82354f9c6c303167d31dac4a77d9eb12d9e7

SHA256
7a64c587b3dd1437346bfc174c31650ca133f875a4b956525838be2eb4e1f8a3

SHA512
32b149fe20a45788e5cad97c2b50dbb13ce9632668983ccfe1b1fd4f9cac8ec0f249b51007df6260031c45c5351ae2248ca37783220f75444bff23477bad9c8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
34KB

MD5
4641a8c19668b916f10e36f16794c189

SHA1
cdf0959730c7c2d2386cd475dad6158957cc9191

SHA256
eeafc0476ea90536416c060946b3816672a664544c114a38cc38aac8c3d9d673

SHA512
06c38a8bbd166639031c4a67637273e2942e562509e765809d93dbeb450e2ea12fcd55e73aa72ef77ba2cb1f4078862f4e6513e3add2d644a37977c01a713aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
223KB

MD5
8ba1d4e4dca1c9df9b515d3362ccd37f

SHA1
ff7338dd8435f85111284745d532c7a451f9cd01

SHA256
ead3b42c06d51d6fdd15d22b30fe49be9a86690618f4e9f0bfe85a50a4c92930

SHA512
40ddfab6d614bc91af2a66125123597a4a3e46ff50b9d0d47af5ff2c3fcd2e7b5d4045c2c2585166762be0ee88fc20153b3d8d6ce701d4c86c886369016ff2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03ef970d17c2cc97_0

Filesize
2KB

MD5
d4c0ec1eed6df80e4696b0000260784a

SHA1
12441b0f46411e9c329de4f45fe09c02d92627f1

SHA256
1ac7930361855a7a4eb3f3077afde739e43855a14d4f7fa9d7f6e5f80e510119

SHA512
e213a025560dca9b739434a4f0aca97ecc62b32ffbee1ca14aa6be47c800e3fd278b5e67e2a925c90120941115c8f40cf0c8173ba9a3a837b690cb1e08a6f516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\16df31a91c7068c0_0

Filesize
142KB

MD5
207db186f89bde64f8de00414bfad37d

SHA1
59e2be56349b4efb303f6893ab74b3a3cf5c7cc8

SHA256
ec29ae3a56db27d5153f73939baa8229fcb9b368b2419eb43f1f3b959fe804e8

SHA512
cb1f3dcc2695f1657b0835ef17b080a3e24974b4e2e499ee4993b3a1d68334bd9c469248791e42758c3991ff7a7ebbc7538dd4c8a640ebbdabe95ccd36adc148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57e14fe941af17de_0

Filesize
725KB

MD5
50b18dc8cea76db8736716274fd611dc

SHA1
759712f246394044de81d8cc3e2ed663d2f6c50f

SHA256
c00d946e7cda01f1c41838fff5f882ad86febfc3f2a28293cd219d9c8b19fa00

SHA512
203026fd7e4a158b7583c79f8b3f0357ccf8c15d248057d4206a949335ee3eba2767f76964a90f716297311dac5b155d5e3900b142fdb7d1b91dc5e1bc677009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\acfbfa76a1eec4fe_0

Filesize
416B

MD5
7e4d7cd5ff566647be72b1d77297c190

SHA1
865c1b1ec6bfcef1c299e9bae4f1b9a0d773a5f1

SHA256
cabccf891a68684c1b88e0e647c147f952d06bcd1243b646f14bde07c3b641d9

SHA512
e7aa2feb6023fec6558d318b67c0da190ea1499c6a6999144ea71dba5c8bbeff9fc9c3874b862f77b896faff684f2fb80358c60caadf0c757cb5da74ed411900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b277f5bdfcbba980_0

Filesize
227KB

MD5
180af25e24d0df9cf678207841653edb

SHA1
5472155fbfa55950b30b4a1f03484c6fed7e93b8

SHA256
038835f0eb58dc33ed5118285f2bca5f31678f609bba529a6964d69786d024b9

SHA512
3025ec570e43486131cf77c32c038a362462785fb38a39ebf10ff41396858e9405d20c72bb5c51ba7e70e9d1548c0deafcc3156eab825a55a65161fe0f72bbd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca41562ab0b38070_0

Filesize
1.3MB

MD5
de77fd176d554d5ff8f3c40dda3f64c0

SHA1
bf1b4668e146cd794955914090fca3293413fe85

SHA256
5c15eb474fdef8cf839ddf1e93ae54e1b17bff1a6e9c7078f7a44b4458992d96

SHA512
217e637e87eeaa294330310effb901a711c21aa47bc7b49b3b3074d2ae3b3e5b7c6f4db5eba024b372774d3938eb49d77f79c5e79e0b62de38cc487230795a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e2b26c661e93a55b_0

Filesize
394B

MD5
af1aeb0270c9d92085cbe62684d1a971

SHA1
9e49368ae4503ea9a4eb7be92d305cd580a3483e

SHA256
b30c0504ed4dd8fb1752ce59ddae9e1f00ae79efbf4ea9f071d419fb7e4a05b8

SHA512
154c1599be9dac04ec23b8a117bbffe9f6ecbe0c1eeb91e52ccaba4eed9c466c3a5d0f770e1a8a0f5c6999a3a86c419ddf08f071f83cd7f29497f05b962b01a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f49e27e391733e3d_0

Filesize
3KB

MD5
3cafb26761d763a68d7d4a178ffb5686

SHA1
7be885c68c4c5d0e914e4102e8be5727f279bdfd

SHA256
a307964d3bd1f5d803725a3199fc0bb6ad3894b633aefc719bd89a77b1853c11

SHA512
6a9ad6e7f310f0de84f54d1cfb21783fcc96cb6bf90f6d223623b639839310a7bbea722eb95db75f921a5fdaea16edd9bdc782ff1297350a491f87be677717cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f70b1d98c9a3ecbc_0

Filesize
4KB

MD5
e66932b91712b45bcc17c3148d3cd697

SHA1
aeaa6f124685857bd91c2a89d1cd62671cfddb76

SHA256
13565910ac9c7d46a8d8c746693512b195ab7db23ce4dd1783db20d62874ac5f

SHA512
deb6bf34fafa20bbbd76066355c39e383af73aeff96463f579041b057746eb0ff86a31a485a80a9266478155b3308286d307c3b519ac93c9e1085bb43997871c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fa43af1750c631c8_0

Filesize
2KB

MD5
fc36af0c2ae3dd7ae0ed4fb2bde3b385

SHA1
8f11fe8858168442a717bf2cafc7bd55581f7834

SHA256
549474d966d7124ff9b474bc3353a32687d156bbaee7569879979c474ad7fb7f

SHA512
09e06698761f229a2c98d90f97b0fa90ebd812ac037c16865f2553d1c6e81c92f6341c94f428feea1e505d2c78062f11f05586822cc5353f33cbf9fcf27dbaed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8df729095d8ad0b83c7970bc022cc15c

SHA1
e82e09768a38169992222e1aa868a63ebfa3c462

SHA256
d3907d22a510ba0a214727b1f68e7dea69dacddb46d45d086fa6fce1261c0d96

SHA512
e33235d1eee3eca70fe7b51c9995ee505f7dbf3bb9e84cc2e1737219474ae6651758bbdb1e0572e7def557c01b9550a560e36c43d02ab33b5c4a1dd8cb4aba3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
282636600287d66738ad03e1e8ec6fc5

SHA1
69fd3700c09ce5b99bb85076d2da4d407658574a

SHA256
c71a8cdce6737a67f7d71c9aa226416b9d0e08d774d9b2c0098b82a23fd8c9d8

SHA512
bca67fc00d3b9440a2bf02a6210c6e78bd3f7441ab6427d4379a4761f468f31cc1c7738fd9b81d3fab773e6e1ff40a2b170655b2afdee29669899d36c4b04e59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
16b7f3e9b6d58b691c1110e90d913391

SHA1
108e0b88db8b297f6970a2e7217d3c9ab4ccb1ac

SHA256
5fa45caaa3f6ee1f50e7442190dce7a14a21d4ce9f53568d1492e39bb5f1aa26

SHA512
08ca80454418e21c1f503dcd08e05530bb86a30923a2c719c5a6c59bda18e8df38780c545a59f1f4291ed639941f01c777888cf13adc4a6ee16f5ffc12cb1269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ebf06911229404773999188c11cb9d48

SHA1
828132813b39010a23d44a3dea6e5593fb140c44

SHA256
5423b0867d1271f5fa4c1f91ce5f197b762e087062b140a156b09d5fb2bf2612

SHA512
7108501c07eb81da893c31bdfc57fa0d5307a1d82b2cbfdf22e00973432a76bca798f90bcf521d15270ef294eee1ac580f13315b13e213ed90fa82e91df15ae4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5a66eb7d2df5d6e5d33e3ddc2872a285

SHA1
fb4562b6f8c15605148ceff6e3077ecdc20c774d

SHA256
b8fcb26b3325d9cc0165dc0455fef475afdef69fd6419da31d19268e0c40cf80

SHA512
7c68f5a2ed21c3ac26bca8d37e30277aa14d56ac803664909622925aa31dbb749007b8fa7de6c31dcd74b3cbe8b8c918e778a9687dd40e5b6a2bec87d7e59212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5b55d5a909067ed2dfb74d31a65cde30

SHA1
55ca9472dd21340465b3974af193e2545c81947c

SHA256
d4faf16c78f84de7feda781bde3bd4e7d8ec1c452325ee77dc0efd7253fe2244

SHA512
4fd57ee5d21b7c272112e273cd81a770ae59a18dded450ed4f3eeb5bd9572bcdc45a1da4430bdcb29d4422a664bfcc2769e55fa8052fbf2aa59f331279585db4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8bd42308a0ce618ed1147be14e15fa85

SHA1
cf629c4370df01f9e5892ae9cecbec611323d825

SHA256
27852b2fea7180a52a512f44bf95f6e2455f3ee81d13d2f3f75d44151062c0e9

SHA512
b93cf11656504c8ba4c658e2bc3b9d21cbcec5f84853bddcfdbc5b6aab5c3c443093ae3d4e21ab2b7b6dd16ffc1ca3be0cdcb2fb80ae0b683ce7f4492be9fccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
52bd19b7a1d64f937848a4c348c258d3

SHA1
1f99c04a2ea344e236fc37f474203114883e5a98

SHA256
5e1295eb511536498654a12a7b173c6470795e768e8330af6d4d735c46e39b03

SHA512
a18d659f1ec3b070efc91c5c43d16a9522e1335ccf66ed507f1451122886c280350767d09c3645f8e3078b96d23fcef7fd85d1223b995d114afcd052d3232063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9ec00728034c2690b681e4959f3255d5

SHA1
c1bc220f43fc79b6fd976b7d7c373c278b2673ef

SHA256
53e52cfc7ba5bd0a6656c5ff1023fdcf8eb37f61e05e35d3dbabfb585ce4a432

SHA512
713607dccb3d8120f2a011986306a7be5467d7b0a91c3484b6500803901757c82e5cf52ac3e1a1fb606c3482cee67bd221b9e3e4f65d283534776055975a88ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
144292c4b1eb0e702cdf53db074ebd68

SHA1
2419ad2232d032d7dc7b95c57490981786d97b9e

SHA256
522b851a826f34d9daabd3ce86e7a06163d7cccffc882de6e3d2e4ae7c5673db

SHA512
236ca97482c652f5730cb83d1bbcd44a96530ea5376ecfd82135b2fcd6d9254e616b558bf1c997325d60d51560896850c6e6c2695798c98511d537bfb5f8aed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5ef9c49204553d9383e31866c669a9e1

SHA1
32e9f85282b700914ea1039fb7de64fb31522119

SHA256
d73a06099d8e72eeaeb6963f7aacfaf69f539171422ce0f0dec3daeb586da5ad

SHA512
4ec2b8de29272f6666ca38f0fd57089e06f673366c26bbb37b1b944d187bb8e82b0acf2ae5f52bee0dedcbda93d555f9ccd637810793983d6219c41f3ecc8173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d4d683cff27075bce678bda404a6940d

SHA1
3194cd24cd8e68e66e39dcb7009e4c49dad2e92a

SHA256
75ee050eb28673d20c480baccb9bc5542048d086e5799faf80f7f3569d0c7078

SHA512
e5becb7540b47cef142484549095f38cab6374fc37279123ac71ef6e91d559f8ddf01bf9c5c8f1c7e5f3a648c300adfdc6cf8338f2721f7e433d30f5cea7d01d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b500a32795590b7a817386983a289286

SHA1
566fa10f1dd968cca35387d79f7906bb9e1bf1d4

SHA256
d442e8fde5d43338f5c3a939d28166697950fd7b7f4950b40232168c97059edd

SHA512
9a1753709dcba11f3328fe2e19cebc4e006be0fdf63435309740ccdd08b2a45b01cc324d06a94a0bf153523d27a845810cadc5b531ef4079af86bc1f114d2a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
301f95ec954f325a6d0d6f99e3d1b125

SHA1
a68e1ffaef14bbfa6f1bb264e37b1a4c50645325

SHA256
d77a34705571163b7e15fb013cf9c1547a7424eaa71a4b2e7ad1e1b9f206c875

SHA512
4297add65359a6e10a317ace53dd4fcd279dbd14b39d48c4ecf82f149ee35d2fa21078ad1f9ab176c3936afd0c603d3a73a1b65730d0c69e2d50e579032b7fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
460aee6d4fc1cbbc11a2035120f5ccc9

SHA1
b3842bde4bb30bac3720368ec5db58eaf411e469

SHA256
daf36f57ebb4cb830016e244c018d63c4ce1738d9954a7309fd500fa2fddf10a

SHA512
3fcf9855d4d9b81d4738d78d9f2c420a5211c22280611f73c102d20eb9b9bf0042dbabec12c54e5ace5a8fa3d1e5caafa10fdad12a71bd46af80326de8a64e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9f5e74defa8f4b2f4ad17bffb817637e

SHA1
257afdcf731bb2fb9ebc1527cccac2474e5dc809

SHA256
c5035ac3aa58a0bbedba98224f97372597f4a1d6911d286dba4f1ec9d774639b

SHA512
192118902db7fabb57000d8c52efef215d761858e3e1e12161b4b9c738ca762a69ba6a09296ecbbae4bea43798b5dc7e8f4746416919c93ac5c1dac71fd45667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6714949a70f05c7f26bbd369f73945a0

SHA1
096c3b0b622b513fe3f4c77dddf4905f83ce73ca

SHA256
c01596067be1b3f07388fff122b1a3d22b3814bda9f8aaa5de300d6857046dea

SHA512
fb80293c2764aec1fb1176dcecc1e12987ce676d18489163c9b057a90d89e25b7930f0b22f16e82278dc9818e58abc7a988e4a32a89a6dfe59afe50bded9ffdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ef89e36344ef281fb3a17b1a1881fe9

SHA1
a8a8fd8fb238811273d0a81d548b190068e081e2

SHA256
8c867ee32345d5e056d8f3cc4e62f366185aa138e6705d272cb6993502537b82

SHA512
ec0006a24c13fe467da2607b4c41de80895928434e6ea39e4d3f20ad43946f5c98403999479a662d6dcc1b1f056d6acfd1ba280e97f0463377b52b103b4f366c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8e8bdb2a16c7191c7a9acd200cb540b7

SHA1
c47ea008128291590b6490546a53834eea00292e

SHA256
3e0eacab488256716e9c4985cc4e89dfe0310354cbd3e182b0c62e520b2c994d

SHA512
c1ffea0d3c04719f38358cf6e3a3eb66c5072acdcfff28cf184c8e120f16ff07c78db0f8e7d8abe5c75a2acb58e7f66c9256904b605e46040b8dc0c71bc4e557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7cc31b3d0356985ce17182e168a0d6be

SHA1
4237c1f7db42a81031ecdfe565798574f494b382

SHA256
60dae76a143c6289cf0fb8117b97457548da84a33994f9bff79128b0e76b6c06

SHA512
528343b3ff6c797e884ac32e6408447a1313487dc3620d77a9003197400fb506328590989cc09b6917105fb9ccb3b81745de366a0484ff61adbd2da51740b697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ce28c09218d7e7b28eacde499edbe91

SHA1
a258ccb9a82f063adcc2171c24810d7885ded480

SHA256
fb32638a9b793024c69217a4e647e0c243d31795aea1ddb4b760425d477df0af

SHA512
55ddad3ea39a3562410890608b6ba098705fa054bf171bc3fc4bc750a0930f34e5febfff97051726388fbe3dfae9a07cbfc0f1bd408ecd8810902e8a8c3e41e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd6e1b4dffe681acc53b2b2a73cf4edb

SHA1
18adace35513531585bbf87fe5c0cf1d2a10ef0c

SHA256
792424154078a8de967510424abc3ae632984887800ddeca41aab16c4a780630

SHA512
dd8d578d6196bb9d4be0870ca9654d7a7a0aa8a300d88d4f6d85f6b7ce1719dc97b059aa5239208e3b4abe32d794162adac6edfac6005454782153688be09fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ff63bb99f8861eeb9f7e8f58c76e6829

SHA1
00b9feb23067a38f9e71e2e69bb5bd9a4e29438d

SHA256
e881ca974f481b65c0dbf890f80ccb376f7204215edfd4ec1b56312150041818

SHA512
ce330599ec5a7f2081925516573818a7ee4b6bbac01d6f89926f21974fa178e4d8dca6af955f9be87b229358ca709f4527237d9fe680ddaebf0d136af515f848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f36581559de2784e744cd117937019c8

SHA1
1d1a0b5c2ad1bcbc540bc5215e8e2da43573c2fe

SHA256
183aeaae545d53d840ab8ef8a4f1ff702a3e40a51cfad35ba73591e2a5d485d7

SHA512
675321e856cc62c5e4bd6ec66ae3e6ff265900bec146fb7f6962cf899e7255a783ad867c172532bd21c23c94f7a851a3914fd5041fff6e9fdf05ada819481fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7079e58d976a87f6f6abde134b343d87

SHA1
ecb66c9c9f4188d04e90c53229b0196fd4a8072e

SHA256
16924fad2204c0bb672f0d906be09d8ef306d20425b98e023c5a347e89660304

SHA512
d7289cc939f29ad9a46047608d956d310b0a65d0f4df898b0edfb888ce0fa895e53c954f4ddd214a176f7bb602768c8a58d4254009ae6125153477c638cdfb90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
30df0f92567aed2db288f3113d00b5cf

SHA1
b7c2e4f3474f460859e84b152f7f6d7b37850126

SHA256
fbabed1b14f5bf951c551581b63c894acf59d0656916cdb256b6374a9a57a9cc

SHA512
5b6c082b488a0ae5c6e079bb72dc19203a959dad636b784246daecdfeed31e7cf9de5fd368fbdee1c062c71dc4cdffaeedf0d33f08b4d8b9032addcdb1861bb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6899d1abd48a7c99499d5aa2b68a840e

SHA1
1de73dcaebbd6c0bfc18e934213bff4cfe142a07

SHA256
f0da6c46c72645f6e57d13672fbae10cd3552f8244809817660f83077d7c5a8b

SHA512
080ef31dcf4fb8da77c8be8e90f7f59dc47feaeca342b5a11e9732638d5c51634e9a56b35c0994eb34e13f8e62744824e432cc725f1bbd40a35880f563827b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b3e97a3c4f7d28790b5bb4c4302ad437

SHA1
20b8885afdbbb154b7f75111fa2cf6e10e10a07e

SHA256
2e35eb03c3c4ee79fb2ee8fb1a8634af3846303c482661d738172b7301e8faf2

SHA512
7d91dd2adac1a31199b7822ce0d991cdfed683de418ec56af4581e376d233ba165db0bbfdb9a23f200b7e8e80fc69029c824c5a3ee704146204ea39d98cedd1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e5790b87649089ff3e7d50d40879b34f

SHA1
bc343d70b506990295aee694f8665d95da29eab2

SHA256
b62a25e7140992d36747a58c1559fd84fd530a1f2fa99cd75ddd4cc7b1b2c878

SHA512
ea0b8c1176e8439f71ec0307bff802d151e219c0d5faade05de02696a8cc64a3e148b9b5595aa2ea2e29fbaa3cee6621ef53e4bdcf8297df5b31e783d0a57793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cba7ca75fa76cd3e68cb3c20afb124a2

SHA1
8434dfa5874867b31e50feef540e8249549df4be

SHA256
24eee43d7a0fc514f00af6213378f56936d3d9a3e6d1847ad640ca4c4cd411cb

SHA512
b9e8dee86f691b64bdd755313f29ccebcdf9e330a00fd805a5b90bfc1d9805693483e535c42cf370d483b0b18b832ac94ade5de58308509bfc3e0741397d467e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
524e25b34dbe3fa37d935b84531faac5

SHA1
8c53c9951fb13ae991b84b30a08dcf7414700fbd

SHA256
d6c2c8643f1ece544d8f50065936ba108a3f07d416940cdeed647f9610c7654a

SHA512
b27f3203ce588d2453229aa48b37b7e05e841954733dd7bcdf560e8a939e9bac55f1f45012530e3495888667c9bde49648baff1ce7b16b28d334adbd352bdf16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1abe7525724f9dc1715294ba14e14d04

SHA1
7923f821f3ed13e19d261f5f5e43b94af3bd641d

SHA256
174dffb5033eca87d7943d31b848da89338577cb0c3c2269896d5768ebef02a8

SHA512
71cdac6f32d5da1d114f38dca619b4f4ec6570548044c2dfa2eb7c5916ee6cb1a2871a034f36af23e633c02a7a0233e50697898ee4de059659e608bb0e0a4684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8f627f3d067184b321f24474c59d155d

SHA1
0c3814136ae577b6a41d20d84650c49f4624ea3d

SHA256
3a1387c7caea164f213f77b64d579325c317931c2757b39b611c8ad1a16323af

SHA512
d2f62e95c4c81ffe91dd8babb6f80fc72b0180dd97cb2a4a0df1d0832000d2d3fc28b03e092940807a9a502996b27037df7b0534a70e8c7dd0586bcc28d1dc32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
81b6af6737ed72d4eb8af1c36b33f70b

SHA1
25c288a4da03bf194d9ceecf66a83def08d55bb4

SHA256
e8004f13fd6955d296d74999ac32f0da6942731fc127c8b3ceaef7336cfed9c1

SHA512
5210db040dbb6d3dbcb54531d9c7e764ab983082d3979c199495d7f9a5ea74bcbf7f1353be11eac37f19b54dcf569906ba9c986e67e6246d4fe455edcf36c19a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5927f8d29f181a452b9297968e90d6c9

SHA1
c9f13ede8cef1df572a7c11e94b215fd4d83adfc

SHA256
9b7b2ad0a4ec86f955a319703ffd2b86ad6a6fa1170ca26fc3a7c959ba1aaeb0

SHA512
eae4d76dccc787df5cbc3bb3b639600e3d1a97e33422fad4e289c0c0368a98d27478981d703c7cff0f880ce2d87fc4fcf4cff80a102880fcef65270797b6df68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3d315e715b20c57a468648e347b37bf7

SHA1
7fd5904fde2f17b280a1a208168ae43fe46454e9

SHA256
917e186fcd1919567d30fe5745a122b0790adff082284854685f52e52f5f7fd6

SHA512
88015f6ab021742102abb43c01994d6aaf967154d661ae8fcaccea678a4a253d576ae1073dec5b64a7efca35fe03c56cb3ed5c09a7380c9d0fec7326ca255c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
08d74e353829e8d67be2adfb81c78717

SHA1
93658ca517448ef08bc0b47693cc14b266355745

SHA256
35d562ef055973103a35fdc228718c8adc5640ade3ebc6f75878ecb83de18420

SHA512
cd104ab914c419eff7c2ce74e08fcd2ff918208efc8de36acfc3f81b69b470cd25dd449152fd95dd0e6904205fdea8c3d84c604a28690759745c8d4e8937ca65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
942cdbc0927474c8ff6e15dc0f6f2693

SHA1
bf2f098b30c3dc10dcb02113d1c6fecd66dbbd8c

SHA256
44926d44708aee17ba891ea1fc968c502465ac495da7226b282438fcda08ac99

SHA512
5130414daad8addb7a48d8aef159ce53f7b2a0a5994827746144ea60d2f62b2a3040159607bde2647211c5559a196730c5103c724562eb6f926bf5bb6d9031fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578983.TMP

Filesize
873B

MD5
fc94ad3e1151d8f956d99aa650796054

SHA1
caa6ff1857248bcc9b5a684bc9afb18e7d3284a3

SHA256
cff523d0ecdf7465eda75adeee9627e046212ac2addc6f648cb5fecc71c8776a

SHA512
936324071bb437aa500a3de2ed5d884192800eb0e61b7e14e0fec1ccd920b20cf98f6ae773d8310ea5fe54d89dd0c77357752426248ed70c59430bdbde45339e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
cbd674059996f73b7e5fb6290681a1bc

SHA1
ef6e9f566a046d9b4f7c80cce462fc5726cbf4ba

SHA256
7309eb412513732e8611db667f8359b4ad0a725c8da4e32d12e7cd4e785d5cb8

SHA512
ff68befe5cec84845ae85f5f5cb31ff480b28a83ecf3e51b3c4267f8a9231554a880edc380d4e619ae8e369a6e71474934570faa0299796a759045abbd2706f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ec2bb6f932e53aab50df46dd305c9ffa

SHA1
7362f13d9a379d92787b6ebf1b4f63631ef72e7b

SHA256
cd23b1576ac5d647a0cc65c11e3a2419a4c3d47808794cb91a56d6ec11b7e146

SHA512
deca79a4c103b42d217880f6cbd6f488b35035afd2b36d46ebea6fff180496dccc2ea69b19c5bf0c1fdb0b4e84243258acc1327db5097f72a723ebccee342940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
493832690b0c481103ad05aabf81e5a0

SHA1
31f0d4fd44752fb95463684eef01643f5fb5b5f8

SHA256
9ed1fa93c6cf70cf636c4d2394c48b316bdef014f30a8f838f45762c83b3e49c

SHA512
d325a578b9f61f916f96392b464d9848dbbb8b96a501aad320c6bfc10b6a60366c620c2800396b449f0b2c8aff2b73f7ff7b0de54544e2055e5024e2c924dfb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d87459c9-e713-4f5d-8071-65fa5e28cf6b.tmp

Filesize
11KB

MD5
ef01def547dde0aace5ab9b466522e8a

SHA1
4a8851aebaeedddc06454847eef6a672854f891a

SHA256
c4c1cea764ab04f3e4f31d2f5d481f84cbff58afb703d253f10a4506a66b8d2f

SHA512
449c434630f920e96781d372928e786d7a261bc72d524ca825d65bd6d87836483fdd7afd802dfdc2e540f5204dd3fed7712501f9f2b5891618c38577ea3c6cd1

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
1KB

MD5
8dd42197310b598d7399ed78237b2620

SHA1
378f0957938c15a9695b658754908a206ed07851

SHA256
274bc4db67e3297485e690f453dfafd2b2c0cb345278d93309b3a5ef80060449

SHA512
ba0a545e8961c125f6f2d29a5745cc3d33ea02a113115674bb954788b5008ff9b78c4e784c9fdfe4a554ce2bf1d9eac74eea9c0ee180b7771e6b7ce6644fe306

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
3KB

MD5
7b98c26363bce05fb108d7f24e282849

SHA1
e4c77ab1fcb9296d7efed35d43a6ef594a9e95a1

SHA256
de02a1ccfde77890b88e7eb219208137790484103253d7e3270bd7b207a58739

SHA512
ca63b00014f3890c021cb0cb807f9433865df19b8c9c12921e6597c37b2b8d9972243ca2a7d6498a7f009e640fe356c9b4d2741874a4d2899b8d4a20b7414d60

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
4KB

MD5
15a75a74f1d3cd3181074fdf4a8b7f14

SHA1
8d0e2af502a009b911e6f4fe124e6a52a37ee1f3

SHA256
a7abb15ade838a4fef8beb4afbb7f6cb2a2de3270aca5b19ae7d91d95154cdc3

SHA512
af8b96a9c73f768b3a9ea85a71f0a01c3d2bef3726da52afece9ce531a77c59c2f9407ed5afd681610d7b6fe6d040aa107842d01e067dd8c484d01658d0f9903

Download Submit
memory/2324-178-0x00007FFBFA9E0000-0x00007FFBFAA47000-memory.dmp

Filesize
412KB

Download
memory/2324-177-0x00007FFBF3300000-0x00007FFBF43B0000-memory.dmp

Filesize
16.7MB

Download
memory/2324-171-0x00007FFC04350000-0x00007FFC04368000-memory.dmp

Filesize
96KB

Download
memory/2324-168-0x00007FF7EA020000-0x00007FF7EA118000-memory.dmp

Filesize
992KB

Download
memory/2324-170-0x00007FFBF43B0000-0x00007FFBF4666000-memory.dmp

Filesize
2.7MB

Download
memory/2324-176-0x00007FFC03C50000-0x00007FFC03C61000-memory.dmp

Filesize
68KB

Download
memory/2324-175-0x00007FFC03C70000-0x00007FFC03C8D000-memory.dmp

Filesize
116KB

Download
memory/2324-174-0x00007FFC03C90000-0x00007FFC03CA7000-memory.dmp

Filesize
92KB

Download
memory/2324-173-0x00007FFC03E40000-0x00007FFC03E51000-memory.dmp

Filesize
68KB

Download
memory/2324-172-0x00007FFC04200000-0x00007FFC04217000-memory.dmp

Filesize
92KB

Download
memory/2324-169-0x00007FFC043E0000-0x00007FFC04414000-memory.dmp

Filesize
208KB

Download
memory/4960-167-0x00007FFBFA9E0000-0x00007FFBFAA47000-memory.dmp

Filesize
412KB

Download
memory/4960-159-0x00007FFBF43B0000-0x00007FFBF4666000-memory.dmp

Filesize
2.7MB

Download
memory/4960-166-0x00007FFBF3300000-0x00007FFBF43B0000-memory.dmp

Filesize
16.7MB

Download
memory/4960-158-0x00007FFC043E0000-0x00007FFC04414000-memory.dmp

Filesize
208KB

Download
memory/4960-157-0x00007FF7EA020000-0x00007FF7EA118000-memory.dmp

Filesize
992KB

Download
memory/4960-160-0x00007FFC04350000-0x00007FFC04368000-memory.dmp

Filesize
96KB

Download
memory/4960-161-0x00007FFC04200000-0x00007FFC04217000-memory.dmp

Filesize
92KB

Download
memory/4960-162-0x00007FFC03E40000-0x00007FFC03E51000-memory.dmp

Filesize
68KB

Download
memory/4960-165-0x00007FFC03C50000-0x00007FFC03C61000-memory.dmp

Filesize
68KB

Download
memory/4960-163-0x00007FFC03C90000-0x00007FFC03CA7000-memory.dmp

Filesize
92KB

Download
memory/4960-164-0x00007FFC03C70000-0x00007FFC03C8D000-memory.dmp

Filesize
116KB

Download
memory/5244-699-0x00007FFC03E40000-0x00007FFC03E51000-memory.dmp

Filesize
68KB

Download
memory/5244-698-0x00007FFC04200000-0x00007FFC04217000-memory.dmp

Filesize
92KB

Download
memory/5244-697-0x00007FFC04350000-0x00007FFC04368000-memory.dmp

Filesize
96KB

Download
memory/5244-694-0x00007FF7EA020000-0x00007FF7EA118000-memory.dmp

Filesize
992KB

Download
memory/5244-704-0x00007FFBFA9E0000-0x00007FFBFAA47000-memory.dmp

Filesize
412KB

Download
memory/5244-702-0x00007FFC03C50000-0x00007FFC03C61000-memory.dmp

Filesize
68KB

Download
memory/5244-701-0x00007FFC03C70000-0x00007FFC03C8D000-memory.dmp

Filesize
116KB

Download
memory/5244-696-0x00007FFBF43B0000-0x00007FFBF4666000-memory.dmp

Filesize
2.7MB

Download
memory/5244-695-0x00007FFC043E0000-0x00007FFC04414000-memory.dmp

Filesize
208KB

Download
memory/5244-700-0x00007FFC03C90000-0x00007FFC03CA7000-memory.dmp

Filesize
92KB

Download
memory/6292-712-0x00007FFC03C70000-0x00007FFC03C8D000-memory.dmp

Filesize
116KB

Download
memory/6292-708-0x00007FFC04350000-0x00007FFC04368000-memory.dmp

Filesize
96KB

Download
memory/6292-705-0x00007FF7EA020000-0x00007FF7EA118000-memory.dmp

Filesize
992KB

Download
memory/6292-706-0x00007FFC043E0000-0x00007FFC04414000-memory.dmp

Filesize
208KB

Download
memory/6292-707-0x00007FFBF43B0000-0x00007FFBF4666000-memory.dmp

Filesize
2.7MB

Download
memory/6292-710-0x00007FFC03E40000-0x00007FFC03E51000-memory.dmp

Filesize
68KB

Download
memory/6292-713-0x00007FFC03C50000-0x00007FFC03C61000-memory.dmp

Filesize
68KB

Download
memory/6292-709-0x00007FFC04200000-0x00007FFC04217000-memory.dmp

Filesize
92KB

Download
memory/6292-711-0x00007FFC03C90000-0x00007FFC03CA7000-memory.dmp

Filesize
92KB

Download
memory/6292-715-0x00007FFBFA9E0000-0x00007FFBFAA47000-memory.dmp

Filesize
412KB

Download