mystic | dd599a6bab1a1dabfa1fca35b3aa571004102301666e21fec5316076b068ab55

Analysis

max time kernel
149s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15dbe47ffc282036b5b74c9775a05b1985197b01705a5e5240936b02f6f8c2c2.exe
Size

878KB
MD5

430d4ddd9926c78ec33815c6a675c127
SHA1

9928ac37f6349c30fc35fd71404f9d61c9e534b7
SHA256

15dbe47ffc282036b5b74c9775a05b1985197b01705a5e5240936b02f6f8c2c2
SHA512

f15900a68de711c481c5c6858817fce486dc78e6c4142ee67e5063e0b132c9ee0825186e74e9e745a1823351c2ab7032eaeed93ee425c29491871e83e8012c2e
SSDEEP

24576:gyb/PaeUIs8CtGEPYDVUBGE4evvuchgujj:nbKezhiGL5E4eng

Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer

Malware Config

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Signatures

Detect Mystic stealer payload 3 IoCs

resource	yara_rule
behavioral1/memory/6532-183-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/6532-192-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/6532-190-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/6816-214-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline

Executes dropped EXE 4 IoCs

pid	Process
5920	gz4Yd53.exe
2648	10gS63DA.exe
6752	11Lb0025.exe
5260	12yn975.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	15dbe47ffc282036b5b74c9775a05b1985197b01705a5e5240936b02f6f8c2c2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	gz4Yd53.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000800000002341d-12.dat	autoit_exe

Detected potential entity reuse from brand paypal.
phishing paypal

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 6752 set thread context of 6532	6752	11Lb0025.exe	136
PID 5260 set thread context of 6816	5260	12yn975.exe	140

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3552	msedge.exe
3552	msedge.exe
2288	msedge.exe
2288	msedge.exe
2972	msedge.exe
2972	msedge.exe
1620	msedge.exe
1620	msedge.exe
3236	msedge.exe
3236	msedge.exe
3512	msedge.exe
3512	msedge.exe
6252	msedge.exe
6252	msedge.exe
7616	identity_helper.exe
7616	identity_helper.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
2648	10gS63DA.exe
2648	10gS63DA.exe
2648	10gS63DA.exe
2648	10gS63DA.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
2648	10gS63DA.exe
2648	10gS63DA.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
2648	10gS63DA.exe
2648	10gS63DA.exe
2648	10gS63DA.exe
2648	10gS63DA.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
2648	10gS63DA.exe
2648	10gS63DA.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5728 wrote to memory of 5920	5728	15dbe47ffc282036b5b74c9775a05b1985197b01705a5e5240936b02f6f8c2c2.exe	84
PID 5728 wrote to memory of 5920	5728	15dbe47ffc282036b5b74c9775a05b1985197b01705a5e5240936b02f6f8c2c2.exe	84
PID 5728 wrote to memory of 5920	5728	15dbe47ffc282036b5b74c9775a05b1985197b01705a5e5240936b02f6f8c2c2.exe	84
PID 5920 wrote to memory of 2648	5920	gz4Yd53.exe	85
PID 5920 wrote to memory of 2648	5920	gz4Yd53.exe	85
PID 5920 wrote to memory of 2648	5920	gz4Yd53.exe	85
PID 2648 wrote to memory of 6128	2648	10gS63DA.exe	88
PID 2648 wrote to memory of 6128	2648	10gS63DA.exe	88
PID 2648 wrote to memory of 368	2648	10gS63DA.exe	90
PID 2648 wrote to memory of 368	2648	10gS63DA.exe	90
PID 2648 wrote to memory of 1620	2648	10gS63DA.exe	91
PID 2648 wrote to memory of 1620	2648	10gS63DA.exe	91
PID 368 wrote to memory of 4988	368	msedge.exe	92
PID 368 wrote to memory of 4988	368	msedge.exe	92
PID 6128 wrote to memory of 5660	6128	msedge.exe	93
PID 6128 wrote to memory of 5660	6128	msedge.exe	93
PID 1620 wrote to memory of 3860	1620	msedge.exe	94
PID 1620 wrote to memory of 3860	1620	msedge.exe	94
PID 2648 wrote to memory of 3188	2648	10gS63DA.exe	95
PID 2648 wrote to memory of 3188	2648	10gS63DA.exe	95
PID 3188 wrote to memory of 4652	3188	msedge.exe	96
PID 3188 wrote to memory of 4652	3188	msedge.exe	96
PID 2648 wrote to memory of 3428	2648	10gS63DA.exe	97
PID 2648 wrote to memory of 3428	2648	10gS63DA.exe	97
PID 3428 wrote to memory of 4092	3428	msedge.exe	98
PID 3428 wrote to memory of 4092	3428	msedge.exe	98
PID 2648 wrote to memory of 5580	2648	10gS63DA.exe	99
PID 2648 wrote to memory of 5580	2648	10gS63DA.exe	99
PID 5580 wrote to memory of 2852	5580	msedge.exe	100
PID 5580 wrote to memory of 2852	5580	msedge.exe	100
PID 2648 wrote to memory of 460	2648	10gS63DA.exe	101
PID 2648 wrote to memory of 460	2648	10gS63DA.exe	101
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102
PID 1620 wrote to memory of 5760	1620	msedge.exe	102

C:\Users\Admin\AppData\Local\Temp\15dbe47ffc282036b5b74c9775a05b1985197b01705a5e5240936b02f6f8c2c2.exe
"C:\Users\Admin\AppData\Local\Temp\15dbe47ffc282036b5b74c9775a05b1985197b01705a5e5240936b02f6f8c2c2.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:5728
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\gz4Yd53.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\gz4Yd53.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:5920
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10gS63DA.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10gS63DA.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:6128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa125846f8,0x7ffa12584708,0x7ffa12584718
        5⤵
        
        PID:5660
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9191404190856160986,17590386357103132136,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        5⤵
        
        PID:5520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9191404190856160986,17590386357103132136,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
      4⤵
      Suspicious use of WriteProcessMemory
      PID:368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffa125846f8,0x7ffa12584708,0x7ffa12584718
        5⤵
        
        PID:4988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10053892104308010105,514203956291616400,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
        5⤵
        
        PID:4780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,10053892104308010105,514203956291616400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:1620
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa125846f8,0x7ffa12584708,0x7ffa12584718
        5⤵
        
        PID:3860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
        5⤵
        
        PID:5760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
        5⤵
        
        PID:4944
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
        5⤵
        
        PID:1496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
        5⤵
        
        PID:5700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
        5⤵
        
        PID:3804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
        5⤵
        
        PID:2080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
        5⤵
        
        PID:1128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
        5⤵
        
        PID:6188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
        5⤵
        
        PID:6380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
        5⤵
        
        PID:6512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
        5⤵
        
        PID:6696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
        5⤵
        
        PID:6888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
        5⤵
        
        PID:7104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2872 /prefetch:1
        5⤵
        
        PID:6060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
        5⤵
        
        PID:3372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
        5⤵
        
        PID:7064
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
        5⤵
        
        PID:7100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
        5⤵
        
        PID:3108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
        5⤵
        
        PID:6604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7616 /prefetch:8
        5⤵
        
        PID:7332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7616 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:7616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
        5⤵
        
        PID:7636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
        5⤵
        
        PID:7644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
        5⤵
        
        PID:7804
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
        5⤵
        
        PID:8048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7148 /prefetch:1
        5⤵
        
        PID:8056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
        5⤵
        
        PID:6560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6548 /prefetch:8
        5⤵
        
        PID:3336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
        5⤵
        
        PID:872
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3535648844940683671,16979512577315861225,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6260 /prefetch:2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa125846f8,0x7ffa12584708,0x7ffa12584718
        5⤵
        
        PID:4652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2976571789477216272,14026113290463690080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
        5⤵
        
        PID:3812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2976571789477216272,14026113290463690080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa125846f8,0x7ffa12584708,0x7ffa12584718
        5⤵
        
        PID:4092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1460,16316329279087147317,12527418281654886369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:5580
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa125846f8,0x7ffa12584708,0x7ffa12584718
        5⤵
        
        PID:2852
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,9989713209269907235,11208897348512879584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
      4⤵
      PID:460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa125846f8,0x7ffa12584708,0x7ffa12584718
        5⤵
        
        PID:3700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
      4⤵
      PID:4312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa125846f8,0x7ffa12584708,0x7ffa12584718
        5⤵
        
        PID:4220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
      4⤵
      PID:6236
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa125846f8,0x7ffa12584708,0x7ffa12584718
        5⤵
        
        PID:6320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      PID:6520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa125846f8,0x7ffa12584708,0x7ffa12584718
        5⤵
        
        PID:6592
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11Lb0025.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11Lb0025.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:6752
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:6532
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12yn975.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12yn975.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:5260
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:6816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
34KB

MD5
64af5e859cd411f58ba7ade44f5a8c26

SHA1
c1ccd85a8209e2bbb58c662f1b621d2cdf7d3565

SHA256
7d3be672a50529d4ed208efdb7a90fa467eea5adca9bf877e18b167a4511cc24

SHA512
61ec83ff7512bd438f0c7112111af73b1a6eedd1dbf515dfd19c41dc46e58ea4b998f0faee85e7fc75bbc2d142bbf6b337e52e76aec01f4c6725e9d733765240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
223KB

MD5
253130eaad29f6b3a8d8e7815c0bd494

SHA1
a4f9c43a0a8bfdea2abb714a89628d9ab53911f1

SHA256
100b51f83c1ebf8717d0b03fbf1752724877a6c3828b30d24dbd649e1d70de23

SHA512
aec0c1d01c6d5c934091913bac199ec1bcfb87297a02237ebb71659dda8040f64217fc21d535efff9ef994085d74c12a7ee6e8ebf711a83f5afa61d765b257d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3d5c69a0e2883ce53f8defe198994f81

SHA1
c8a9a62072fdb2c577f785713a452ce95616e174

SHA256
e339926cfd20e1d52451521c04c6d55ccf71bd4a478df83e71c85e041232b7fd

SHA512
125993128ffdddb5ef458d293d8c3e66ea3d2d6274ea8ca11d7bd45e61fa586dc9bf405fb74729cd8c0232eb0ddac9f9be14865bf949069a2c743508cd432cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
23eb23fa7e4b4cb8ea48004b6e751454

SHA1
42563cf28bca090926566f9fbdeb85d079cfbc10

SHA256
3e0b97013da56777c017ef2a1946a1751bd47fd8bb690cfe0ee315dd20f8d533

SHA512
491acd523ea4abaedc9b0b11a483841aead731e55300715517a6ef0f95bb9f52bec9d18b53800d2243284b73636beda104c9a7b721d2f1166abbfe2fb945fceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9b6ce1e3d64a5d5659d5f217cfcb9ae9

SHA1
86696416b867cb79dfbc53afa2bcb27718b70d33

SHA256
2646eb14e9dd35df8aa2613ee747c3757fdbd9470972d110c069b1a15a13163f

SHA512
55fbde16f3dfd7dfae9acbfe49505e6a66dd5c9d578829375949c3d3f7f606bb4e11bb7489f2d5caa9e6bc2a12ce0f38fa0fe9f132d5e4fd2121c39cfa52c8f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51cc9bb1b22b444cfb66f67716de2d59

SHA1
6f9320004126ab725473e8695a03eaa2fb02626f

SHA256
a0573eb28533f4989f75ea6309cc16eca660f79ddc4e3faa8c4fea5986644538

SHA512
f42fb9d432a8580f0c65b07d6aa1934009702f4f5109c3b021ec1d939941e6f45c4d3a165e813f8790943f9f0e497fce7ae67660e7d1c49458a66373fd2250ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4c26b81130ba1c562af75175a96ad792

SHA1
19f7f42532f99b342f33c478ae03c8ce819a47ce

SHA256
9b54c2a7bea9498e68525db2620f2a1f9a68788470e7c839cd46e1cb19c0d0ee

SHA512
12f0fd36b3312421f243b0130d34f61bbcc13c83c0cd526c87e29ad8189ca0c3572727eacfff925847c45250e2feae6b25b1aec1cb93cad8cf9acd232af24ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
0ad400e8910ed883a5f86fc292384ed4

SHA1
46bdd47aa7fcee9a53e783d03b970135b85dd860

SHA256
a613445f6c0a39548a9c81077151774c01fdd727bb58ae5112e89e26c532cc40

SHA512
ee8ffbb8c6ff91d72ca006c89e6ad16e4f38ef32d18bfdc9acb8455b893d636b931606f5d26cda68ef5018f278a1ff3165fad61fc45cc06455cb81fd510a49ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
cd4c4431d5fb43638c255ae9e1e9a4f5

SHA1
cca5da0f1c67d115f88d0913354be2554219db30

SHA256
3b7655d12b8093cea968bde9e6a21a4d055074d6a8634b1858ba84c5f584ba96

SHA512
053aae6bfb630ec9abe4ca2ea1f7667d62c00bb40fb8fe0323582240df60d0e2a0215e476483e23323cddd4cadc4a9d73cb3ce7c353bc919980f13fa9d8b82eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
f35b45bfb847c2ef0b36d984673e69ba

SHA1
ad24acb17e1d223e55b05b5d63cee0cc1840653e

SHA256
c51ba2bb13fcff24ae6104b89e259afe7c041cc54d284df48dcaf965c546b94b

SHA512
0f3597afd270ede5a466dcabaf541592067a933c3c6630c649a1d041e36d95e0e13bd3b74d96926952f9f693770385593834186ff89e2a29f57f9f4e6f7468fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
f7ffc3bcbca90318e2f41083953cbdf8

SHA1
44dde9537dcc0671ed3f9a649bb977597968dd7a

SHA256
4921bf10d0cdf36f77d3d351dbcf5b90814e0a9af43be572fa05d2653098ecb9

SHA512
87fd78c2a05f50fa741d21cc6aa7da51cae72a1a5cee7c47e5a79b895dc053d471326e8856e06a96a8cdb31f506855074c37ca48d8c11995ccbe618fe7f624af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dd0077bff084b626ab13d2916579e17c

SHA1
3ff5e933f1b53cfcc9976638369b3e2dc5a3c827

SHA256
a37623fd9c4c510c9f6b0c919e8295254ab911701aa49b9ce8cffe90ea49061c

SHA512
17d5a067e96951a6a2301e3b3e135c442b2953ac8b5feb7317e3890010b73ec02d0c25837636e5501320b6dd4fb04a346e676c69af464e755ee43977c06db182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ffdc.TMP

Filesize
48B

MD5
949d5c3cabc541a7c34bd4ff61100412

SHA1
b6aa14c6bca342d6ba9a1a73c6365a4980db9419

SHA256
c15adabd9fa12a6df164ed65c427a6ad5e4af9bb0f9d0d5118f7f8f34828505a

SHA512
9157f709fe2bb6eda58d6e092b141b88b9cede132f84eadaa75ba31eade17850c2c611cdeaade27b786fd37516ac9661b70e7feedf2cba2cc9c90ef001f1c446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bb12fa5bca381071ab268683ca3829cc

SHA1
d2463c5d99e05c2c0fe4453e47672594088d8d52

SHA256
2d54b066c6138bd06d006d705578cb7f8dd2e6a32f5173d95d70cedf96eaf98c

SHA512
c10feb7679c728a59a795bf391aaaae6fc25a6c77ca5fe4e9e6bc5e080ededb6d8c31a7fb29a75fa30da1879cec633d3e37e1cd70d9ff077e38b847ee751e9a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
abaed33201e1849a3a3aecff4c9d312a

SHA1
62dbf704a944dcdc526c0571cd44838b7fe4b760

SHA256
07f862e4823d211e791f69766e6799137fb89b0f9fb9258157aa71cd3a159060

SHA512
322da966217f98d33cd66b9a19547bff77914af8a932b68c362c72aa6c3b0ad961bd1d0681308f4a9813a7d625d328fb55731e31c1b22c5433041e09ef636f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
cc4a1f5564d31285ab1d82a7756cf8ec

SHA1
5da415eb4570be3435eeb5e7c0e9f5e993054e30

SHA256
6ac14421a0b914720d840b0d003eafffff61b77614d81e527f7965f8acf13228

SHA512
1e748b5e72e012a8d3047bebaca0c6d4ea2a17ff6a2755014c54ad04d7eb3fb94f704d3431328cd14e6c3fe78e99b40d03201893f1be5aa21eef08fffac07c9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
00b3d8d5daa4970182919a3f7b463b5f

SHA1
a0d672fa27b9971a9e52ea10253489a0c1a262df

SHA256
f08a6fd19ecae77590c23c0e47c55575bfe3bfa00e5772d538a94547bb284a4c

SHA512
ef607ac97905c060518507f924f04603b04fca6f9b2d43006e8d08c3b7f0018f20fa9998f4a236acd92b21b4dd7a3816f99d0a0decdea1ce7742110c075265f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a7f8.TMP

Filesize
2KB

MD5
d979919219b193d38813ad0257206c1a

SHA1
3ce67fdb37ad34e8d59fcf5e38dfc3178eb3f413

SHA256
d6f3a63036fddb4caae5923d78483909581dd5e27148e35b1080a9dfdf5b2946

SHA512
1c90c0b3616b469b6778c53c85fc1452a9916cad51af22184f16a74dec85f589e24f99a11970e2b63802f0dd388891319be9a5c407048c2f8f8e04b7e39baf2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b38ec0626d396dadd334f96f1b47cd96

SHA1
13e682ad62975a4b03ebff75eaf2227e3e729872

SHA256
f5076db4a4f57a856ba6f359345ef668188b95c3a1b37105f2a8a39626c72aeb

SHA512
d9def69b68f31436483321db96e2ae87f6417fced8fa088d4d80329dbf2aa13e524c42c1398d180d099b07669816201e6ba4df0dac717791bb326f391e85b2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c1db65dd1c17f10e08c36b605c72478a

SHA1
2d6942a0968bc1b89b34ae3c8d69b11576d12e4b

SHA256
317ad29299ac57065f568dc6883e5fbe373ae3121999d01ecaed6f64b70ed125

SHA512
f74eacdda2890b3d9a6c4f89ec39eb330406527c9bde34c58e4f23a5927a4294c56e0e768542cd6646395599ae2941290197b4989aa6762b643f9b5d0923cbe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
2d39d0f0762b4d5340cd39617e71a185

SHA1
2273f18fc7fb21e57b9d76ce818a2971adf6c29c

SHA256
531db77ffa478bd3868745b285ada347345df9728dfd10af9f40d4ed9313b13e

SHA512
49ad1bae426e520337c523787aa0a09c1b9b7e74862b8b3147961ebf53cb03a44a1d424da5391fabd9503db39cdfb2f46a557f8cb18c70de3ba2fdbdf31079ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a43a9af0148cf5737bda00d95bc39d0e

SHA1
a64543a8d899c368d74c18c1a2e4e42532c4ce02

SHA256
a82e103c792e753d5f39e0a9e106f9bf4f425270ade65723522d4ded566f305f

SHA512
6769e15c5f5e094748566c8812a7fe09049bbe57fbca06b0b988f1935b0d94533fd9ba38f59f46370b6b2c250d88b93f1d43e05a0129645d7e06f8f48b8a68d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
42b290e132155444ec890094fc84e9df

SHA1
e01401a668f6222b908659ec019ffbb944eb6d25

SHA256
442d17a377ec19484198f40a3f09dd3529c3c3949a7333ba48492a344c4f42b6

SHA512
ea2ae7789070b6134bc06a15d097227da5860e1e5c58ae32ff4417ca368963b9ad8de9c222e51ccab92a787ab939624054a74a0667e0a99f9ca89d81ef12fa66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
0efa32e19e4fa7bad73064a088bf4370

SHA1
6e83db740e48d988f699942d4c7608e773f0d9b5

SHA256
703fd69ff9aacde6cca56128a588413787ab14632548f92dbdeb511dd8072a1b

SHA512
4ebee2051247d78780364b66a03cafa295ec19de43b3c137e100c1c7382fe52888763710abe67295f07fdc1d9cd1e41c00b0a21fe169e7d7b3e055f232c645ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\12yn975.exe

Filesize
315KB

MD5
6c48bad9513b4947a240db2a32d3063a

SHA1
a5b9b870ce2d3451572d88ff078f7527bd3a954a

SHA256
984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8

SHA512
7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\gz4Yd53.exe

Filesize
657KB

MD5
a888504bf62a175a0fbc88271cdce152

SHA1
72f08981eb7a2c3be19f31a419613f349d5d845e

SHA256
5d88d8310501851af171f608c9ae45aebbe80b4a42426cfe40526d7185021135

SHA512
ccd6f5ebcb2f72042e7f0c2929c8328bf1eee6033f10787ed5026fd515bb542f8a10aecd938a2f359e601dfeebb6d7cc5ac0034872ba42f9b2c1c7ad0a2e3386

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\10gS63DA.exe

Filesize
895KB

MD5
078fe3121971ac3ecf0930cad0a48294

SHA1
bf97b5c77087b961761d4483c75729b033d2e65b

SHA256
98302c968b5c3156bbab7274de3d4cc24b8e387ae7cf36221ad8fdea5b2c3bf8

SHA512
70acf4b2afd858e04901a24a698da9ca857430140d54b485bf232b3050568165c011f023b23d6367efcbbc65d41ad8a2bc36855db45b659a02945ec6cfc7f564

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\11Lb0025.exe

Filesize
276KB

MD5
1f4994346c66b9a9d983de6c779938c5

SHA1
00bb24c634a57af5b1b5982b3121112f938a7970

SHA256
5de7891fbd33c7d23b3c9e6afec94b301a95371bffab3240290fc8d61f3624fd

SHA512
3078c328af8a1c2095f0d147630e9b9ef468a9431bdabb9c1ef8e04d49d68c01a8119ad8470c3520b9c4a80e1a37a6bb8af51f8f7c3459782f4744edb3b89ab7

Download Submit
memory/6532-183-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6532-192-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6532-190-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6816-226-0x0000000008F50000-0x0000000009568000-memory.dmp

Filesize
6.1MB

Download
memory/6816-214-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/6816-217-0x0000000008380000-0x0000000008924000-memory.dmp

Filesize
5.6MB

Download
memory/6816-218-0x0000000007DD0000-0x0000000007E62000-memory.dmp

Filesize
584KB

Download
memory/6816-219-0x0000000003210000-0x000000000321A000-memory.dmp

Filesize
40KB

Download
memory/6816-236-0x0000000008000000-0x000000000804C000-memory.dmp

Filesize
304KB

Download
memory/6816-227-0x0000000008070000-0x000000000817A000-memory.dmp

Filesize
1.0MB

Download
memory/6816-228-0x0000000007F60000-0x0000000007F72000-memory.dmp

Filesize
72KB

Download
memory/6816-233-0x0000000007FC0000-0x0000000007FFC000-memory.dmp

Filesize
240KB

Download