mystic | 8f1630bc8eac64cd06bd503a82b737a5f82d3a748f9021ad1d4babb30749eb84

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

823d46bb2009cf2d0669fdc864873d4184fbb02cc2836de9d352750179eec13e.exe
Size

781KB
MD5

0c10c76a41a07f1fe704b9a7bc5e61aa
SHA1

ecf53f7d496d65ac8f5b111c6e225737ab923b9c
SHA256

823d46bb2009cf2d0669fdc864873d4184fbb02cc2836de9d352750179eec13e
SHA512

48efef7e7fa3d0962d440ab7b5e703dd95c8040d4f33c208d14b8562f9e7b5224888d105d09c0e8f7af488e172237d6bd0ed8dec57ed176dfe4c78c7156751bf
SSDEEP

12288:TMryy9050e3KMPyav6kJgaex4IC5KpCPHG9PPLvTMXiYQXDXYO9nt/QH5/3lTAMd:tyaiygaeuIsWC/GZLYDE9eRWg

Score

10^/10

mystic smokeloader backdoor paypal persistence phishing stealer trojan

Malware Config

Signatures

Detect Mystic stealer payload 3 IoCs

resource	yara_rule
behavioral12/memory/1576-170-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral12/memory/1576-173-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral12/memory/1576-171-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Mystic
Mystic is an infostealer written in C++.
stealer mystic
SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader

Executes dropped EXE 4 IoCs

pid	Process
3568	It7rq44.exe
1576	1Po48wh2.exe
6792	2so8469.exe
6836	7ac43pQ.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	823d46bb2009cf2d0669fdc864873d4184fbb02cc2836de9d352750179eec13e.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	It7rq44.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral12/files/0x0008000000023470-12.dat	autoit_exe

Detected potential entity reuse from brand paypal.
phishing paypal

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 6792 set thread context of 1576	6792	2so8469.exe	138

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	7ac43pQ.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	7ac43pQ.exe
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	7ac43pQ.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4644	msedge.exe
4644	msedge.exe
4284	msedge.exe
4284	msedge.exe
2576	msedge.exe
2576	msedge.exe
5396	msedge.exe
5396	msedge.exe
1128	msedge.exe
1128	msedge.exe
5632	msedge.exe
5632	msedge.exe
6316	msedge.exe
6316	msedge.exe
1508	identity_helper.exe
1508	identity_helper.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe
5616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious use of FindShellTrayWindow 31 IoCs

pid	Process
1576	1Po48wh2.exe
1576	1Po48wh2.exe
1576	1Po48wh2.exe
1576	1Po48wh2.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1576	1Po48wh2.exe
1576	1Po48wh2.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
1576	1Po48wh2.exe
1576	1Po48wh2.exe
1576	1Po48wh2.exe
1576	1Po48wh2.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1576	1Po48wh2.exe
1576	1Po48wh2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4380 wrote to memory of 3568	4380	823d46bb2009cf2d0669fdc864873d4184fbb02cc2836de9d352750179eec13e.exe	84
PID 4380 wrote to memory of 3568	4380	823d46bb2009cf2d0669fdc864873d4184fbb02cc2836de9d352750179eec13e.exe	84
PID 4380 wrote to memory of 3568	4380	823d46bb2009cf2d0669fdc864873d4184fbb02cc2836de9d352750179eec13e.exe	84
PID 3568 wrote to memory of 1576	3568	It7rq44.exe	138
PID 3568 wrote to memory of 1576	3568	It7rq44.exe	138
PID 3568 wrote to memory of 1576	3568	It7rq44.exe	138
PID 1576 wrote to memory of 4908	1576	1Po48wh2.exe	88
PID 1576 wrote to memory of 4908	1576	1Po48wh2.exe	88
PID 1576 wrote to memory of 1128	1576	1Po48wh2.exe	90
PID 1576 wrote to memory of 1128	1576	1Po48wh2.exe	90
PID 1576 wrote to memory of 4900	1576	1Po48wh2.exe	91
PID 1576 wrote to memory of 4900	1576	1Po48wh2.exe	91
PID 1128 wrote to memory of 2308	1128	msedge.exe	92
PID 1128 wrote to memory of 2308	1128	msedge.exe	92
PID 4900 wrote to memory of 3948	4900	msedge.exe	95
PID 4900 wrote to memory of 3948	4900	msedge.exe	95
PID 1576 wrote to memory of 3908	1576	1Po48wh2.exe	94
PID 1576 wrote to memory of 3908	1576	1Po48wh2.exe	94
PID 4908 wrote to memory of 2256	4908	msedge.exe	93
PID 4908 wrote to memory of 2256	4908	msedge.exe	93
PID 3908 wrote to memory of 2312	3908	msedge.exe	96
PID 3908 wrote to memory of 2312	3908	msedge.exe	96
PID 1576 wrote to memory of 1540	1576	1Po48wh2.exe	97
PID 1576 wrote to memory of 1540	1576	1Po48wh2.exe	97
PID 1540 wrote to memory of 1912	1540	msedge.exe	98
PID 1540 wrote to memory of 1912	1540	msedge.exe	98
PID 1576 wrote to memory of 1120	1576	1Po48wh2.exe	100
PID 1576 wrote to memory of 1120	1576	1Po48wh2.exe	100
PID 1120 wrote to memory of 3272	1120	msedge.exe	101
PID 1120 wrote to memory of 3272	1120	msedge.exe	101
PID 1576 wrote to memory of 3944	1576	1Po48wh2.exe	102
PID 1576 wrote to memory of 3944	1576	1Po48wh2.exe	102
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104
PID 1128 wrote to memory of 2364	1128	msedge.exe	104

C:\Users\Admin\AppData\Local\Temp\823d46bb2009cf2d0669fdc864873d4184fbb02cc2836de9d352750179eec13e.exe
"C:\Users\Admin\AppData\Local\Temp\823d46bb2009cf2d0669fdc864873d4184fbb02cc2836de9d352750179eec13e.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4380
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\It7rq44.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\It7rq44.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:3568
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Po48wh2.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Po48wh2.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffd6eab46f8,0x7ffd6eab4708,0x7ffd6eab4718
        5⤵
        
        PID:2256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,982684293198886814,7562308274812457553,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        5⤵
        
        PID:5492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,982684293198886814,7562308274812457553,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:1128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd6eab46f8,0x7ffd6eab4708,0x7ffd6eab4718
        5⤵
        
        PID:2308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
        5⤵
        
        PID:2364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
        5⤵
        
        PID:3228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
        5⤵
        
        PID:5360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
        5⤵
        
        PID:5372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
        5⤵
        
        PID:5296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
        5⤵
        
        PID:5988
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
        5⤵
        
        PID:6188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
        5⤵
        
        PID:6296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
        5⤵
        
        PID:6548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
        5⤵
        
        PID:6720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
        5⤵
        
        PID:6800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
        5⤵
        
        PID:7024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
        5⤵
        
        PID:7088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
        5⤵
        
        PID:6456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
        5⤵
        
        PID:6796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
        5⤵
        
        PID:6528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
        5⤵
        
        PID:5092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
        5⤵
        
        PID:2148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8
        5⤵
        
        PID:5624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
        5⤵
        
        PID:2020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
        5⤵
        
        PID:5796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
        5⤵
        
        PID:6104
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
        5⤵
        
        PID:6052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
        5⤵
        
        PID:1612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:1
        5⤵
        
        PID:2684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1
        5⤵
        
        PID:5576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=164 /prefetch:8
        5⤵
        
        PID:7116
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
        5⤵
        
        PID:2444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,4826658830789251790,18397052214324744426,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 /prefetch:2
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd6eab46f8,0x7ffd6eab4708,0x7ffd6eab4718
        5⤵
        
        PID:3948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,4289498964981176061,2706658149611911318,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1844 /prefetch:2
        5⤵
        
        PID:1372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,4289498964981176061,2706658149611911318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd6eab46f8,0x7ffd6eab4708,0x7ffd6eab4718
        5⤵
        
        PID:2312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4828801023781865205,8159086281720028388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
        5⤵
        
        PID:2332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,4828801023781865205,8159086281720028388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd6eab46f8,0x7ffd6eab4708,0x7ffd6eab4718
        5⤵
        
        PID:1912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16191839908735147384,16451598571696111287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
        5⤵
        
        PID:5384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,16191839908735147384,16451598571696111287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd6eab46f8,0x7ffd6eab4708,0x7ffd6eab4718
        5⤵
        
        PID:3272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,2789314610101442037,6432966952278677246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
      4⤵
      PID:3944
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x40,0x7ffd6eab46f8,0x7ffd6eab4708,0x7ffd6eab4718
        5⤵
        
        PID:3628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
      4⤵
      PID:5580
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd6eab46f8,0x7ffd6eab4708,0x7ffd6eab4718
        5⤵
        
        PID:5900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
      4⤵
      PID:6288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd6eab46f8,0x7ffd6eab4708,0x7ffd6eab4718
        5⤵
        
        PID:6476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      PID:6604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd6eab46f8,0x7ffd6eab4708,0x7ffd6eab4718
        5⤵
        
        PID:6652
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2so8469.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2so8469.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    PID:6792
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:1576
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7ac43pQ.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7ac43pQ.exe
  2⤵
  - Executes dropped EXE
  - Checks SCSI registry key(s)
  PID:6836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
5517b4241f3e94bd76c986f8aad99f03

SHA1
92b5c573617b3c7d1cf4fedf0ff2a0f8b3746b56

SHA256
790e04210bc13d13310ce93621df09540f914287bfaa68eeb32032de83850a76

SHA512
3e37b9761e10ec30ba36107a1d018f860ccc3640dd53b854c3e0adb7c76756e215fc497291a70678fd1b631c2774e1a31131808fcb63517298749ea4626cb145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
44bd9ddef38092ac6b824ca4a2704e28

SHA1
1c173b496a7ea40cc9bec93f1f2aa269909a60e9

SHA256
40ac145b39d542aee8c05ae28c83f97285716a96e022987a89b63d87129e5d14

SHA512
afa669a3f950b95af403079399d574744b9360f27bea699d1b639d5968d4047344ec83a4c0ff54a3a2ea209e44cbfa0426701c6151e88eae9afe7dedb7e177ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
aa6506094fcbe51ce6ca14d6b94c22a3

SHA1
0077613dd606ddaa5b65a9b2c72a93b697372fc3

SHA256
0ab00e607dadcc754cdf13aa768ee2b7428215e11f1a940f9479eca6d1540238

SHA512
5a37026b7a6a2c1196187e2f2d81ebbfada93d0e6d07af53f062e2bed5ef52d28ee2ffd96f9922d93b303d7b6363cabb644ee646ef94bbf5774659110dfc3367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f45f923d7f6012f50512aacfea737a63

SHA1
13135207c065ca76dc5a58317b65fb1423b97548

SHA256
bd5878408a072d4d11983c65954fcbf00beadd9c84587ccbb29b989404930871

SHA512
3ab27eaba674ea9364693dbec120e8a328bb4734aa79f21f4d8e522ddc9ca80ad386ccce9b50b51c2dadb06d2bca5b02e928f74e25e9dee360924bce5ee5e9ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
708880813576cd03248955bcc22b57e4

SHA1
bc15d577331e7d56371bdec22f21a7efa6125f2c

SHA256
3ea67a2dfb469dc9426f4f959c7c2bf40fe0c52bcf36d6c7df6cc28f28920695

SHA512
02657fee9a35bcdbf5d34a887823783f071948e614a6d5ac2f449da2fade4e81d0436927a9d6d02b4d9c52617d1de3278125bfb9c0d2ae070393104d83ccf448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ed4467d693941d1f94ff30c738f470a6

SHA1
a32bff2201616f9154559ac3c955f2098e66552e

SHA256
878cee4a0b0806a9bb204fa96d9da9140155cd7567432338f94d8602fa9a7e0b

SHA512
b424030a9afb54833f4bfba8ab854f4e2565cf18545533013260748e6d139133dd2974a67e234e707d261fc0d73bb6a1a5aacc926a3d8dc6a0d006834abebcef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ad817ab970d8f1fc7080d743ef9aec9c

SHA1
012b28b7e8ea537abe5bcaaa406983227729afd3

SHA256
4743f6826489bdc16f59b99e34ca99ca6981a1e07656a641b6476e96cf738679

SHA512
7300c0cf68655bdd32b56a4c7361e238afed42609a06253f280e34dc81b45bdb30d887dd0db5b8a4c87dba134ee22a0646544b84322b1ad8852603b5e04114fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
4e9be2a88be9d0e6491342bf91b462e0

SHA1
22b37c4c93cc092bf8ffee2e685f07a67ac55e67

SHA256
ade02ff7b0fe7b04e3d1217bd1a739511f1791215c8fcf064c835e954b5ab622

SHA512
fa4423bbe349f98d913e2a57de8f210764c4374791d153e414f3131c3657248626ee6b08064163dfe28153ff3721d366cdf26a24f47a9ebb9dc8e4a650d3206f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
21ec864e14d8d747b514c91e28d274a3

SHA1
11a7d87bcd4ecc4874865f9a249cec24d067eb6e

SHA256
b5bb79fccd5264177fa7acf117193c13fcf2d6b9ac088315d43d8a9930fed59f

SHA512
dc1bef8ff5e569d3cbf04c9c85e979fbc2397487d118cbe35611edc64d171f2e626dffa3b403a52695717ad7cb7202b5e0cbdaaedb91b970353187857d6b80f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
c5be60d87c2aef1b93c0924ce4289a6c

SHA1
9b5152466febde741951454389840fd136449623

SHA256
9be8b24238273f177f516deadece363483f0710c51d68bd19688597b2e5b851a

SHA512
6e84c54eacd09d8e130fc04b6f1984aa22d6b738f958500caf8088dfbff4abd29030e76dc511eca18528bef1c15cf627b386819b3fad618c5bebde7d769e8ebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
67ca6e98243512589301fccc3fb816cc

SHA1
0287bea909a90a036d299397967d7f6629c37b48

SHA256
ac64e3b6cf3f7dfa9fb8a19c06f2b0a984ca8c69d18d21b2e03ab789c47e343f

SHA512
ac6cb702feafd51cc31c8514b7bab9324607f013b6fcd0981cce946bf4ee50dbb6851f01dcc265f09b79ce323e3b48deb00d88a5af27beb80c48153cfac7f494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57eb0c.TMP

Filesize
48B

MD5
0768047d3c5854c934dd5e595cf6d045

SHA1
998ee46f4c9bba006456a6d6005053e3be984d42

SHA256
3219784ae621c2316be7c37e54f94a3b129b5e90497fb968a9c1bdfac8d359a8

SHA512
d9bf1cd7651175ce9d4b1e347d5d21d5a54191d2b3cf754dbe9e384a205df30ac736e0104602ec4201f18f412fa8fe229ad200a40bbcbecb86303ed4d2a024c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8881f9693a04def77769f27cbeeb93b9

SHA1
8fb93fa3f08b638b595c0715b9c81061b25e23e0

SHA256
7f32f2c0931ffaec9e7f04c70d4c5c286f306a2b4944902741f52e83fa1adaac

SHA512
36b48d58059679a0674cde37ff57d2032ed387cc9e3000dd12f9d19ee0edb3baf6691359f59a5a0abc8db0cc92201a32074c4979ae281b7b39a63173c70f301c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
4ed61eb53ff1a6f18588523441690e92

SHA1
be1a5e26ce0c1dbe4069f5baf990fae23bdc904d

SHA256
efa017aa3a059fc6198d3451232d38309cbe309cc839ed8cac42ef14b7b96ebd

SHA512
70c4877888a392169a18abab4f3e815002332c4f3cd20039a53b68e92f747363f25a4ff71c81e198b95a72d4543291e1ca200dc777d414a29f69572a99de4f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f71db60c86c6b3fed34f569e52c217d3

SHA1
51b6d1c216a78264272a2d43f1fdee51f060ab49

SHA256
cbccd8e55be7978ffc99aecd6255ffb567301c04f4f29790b9c317bde88f60fc

SHA512
f1910d1c7551fe7dece20175898a5296d32787681d09b5420c73f53aab6518b8406f5a1ca541343d1ac93c77512ef7604650f5c4aff381393d33804ad7b17d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ab63.TMP

Filesize
2KB

MD5
e51cbeee463a36fcab563773bd2419b0

SHA1
65be03c74848849743c9035572731b08c99221e3

SHA256
3d2b896dd01287732f331a2dc4655e00a6e9d7d60ec35da4677ef5a50521aa55

SHA512
e103273e0f45be9829314e56095352a720f2845fdba8329f33825e49b42eddb2c370433f664d44275fdc8fd5c321da605118d8e0f5643d192fd91d891c31c6ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
fa66c6fd98303a96c776ce560eb76c83

SHA1
ce8e7d70aaa38b91867010582fe37b4b0b557d04

SHA256
2dac716ecc1dd25bcf316eb9ffda72883b2da62198e8a3842e011e0eedaa1066

SHA512
3fa3a6eda627318e7c6573250a5ab8a91c9fd2437bc7e6fd0ce1e2b9e15c403ff053ad468e164de439d999af509eda110664aee1579c4a21910d4d4e7e1fbacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
15c4d88b2891354f15dc1479e28a450b

SHA1
07ed99908af6b133296dddf8fb4a5957da9b1773

SHA256
dcb505f23b4f0b1bf692f92ad01b3c89afa8ecab3854df51cfcac2a455ce64f3

SHA512
d59c5c40b79a00b68e07d3e346cb6ccb483af7d7e5e635d1d2252f582062199b916dd99d43ffb1a75298d9146ecb0cde4ac3753c28bfb5fde58565c387985b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
85066cbee611105807bdf0a37b015668

SHA1
21efdf83550d5b2c8f2518960b9d57d84c8b17d4

SHA256
78d596fa27d42641d7858aa4be7c6fe98eadda47ced43c9671ecb548a95ad7cc

SHA512
16df2fbf07fa8633cfe1bc32cbcfa249336a0af5a95337def7760bd29145b86712ce35aa4518cff0e4e85d0a10b83a81d6ed37064611a1c48654961ced47dc89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7eb84a55c831941748b32abf9e8b77f3

SHA1
4f8e5f767a93efb7365cc47921f82a84d5381dfc

SHA256
033fdad6858809de416c5c4a6e963bbb62f3a0fa27725fe5786d72ed0a4cbfb8

SHA512
d7da1cf1e76e057f6db6c9015518d08dacf71733d2469e0b4cb316aa8bb2d4ef04396302f3324200e047d1202cf55cd81825a686eecd019f7e194a789bb4f242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f2a72b53c7ff191795f6dd369ba846ec

SHA1
263c5c7ab527ae505942bd9327aa8d52ce520289

SHA256
3fd65d8479782646ee983933044cc9ebadae77409f61a9bb391857154054d452

SHA512
44dd6630eefad49b184cdbdc20ffeea0637e5fadad149f2182625ebfbbf9ca2198605f269c9631b12ecc4d8bb53b572168254dcada60aa07d04165f551ba2be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
0530be34e343367635d3622fbeac24a1

SHA1
962a2282f0f7ee84e2c13ba5cdb753395c307277

SHA256
4a88e9f9f637cd549de214dd335ce05995c9a465201346a64609c11a129a3783

SHA512
c65296bb82079e36471eb4ff652d0452b4f5607fdc2fe8479f7afc1d9cbde34ff3d54f91010004d3fa031647fc5adc36c91e43da2c4b2feae2589152fb3073ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7ac43pQ.exe

Filesize
37KB

MD5
b938034561ab089d7047093d46deea8f

SHA1
d778c32cc46be09b107fa47cf3505ba5b748853d

SHA256
260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161

SHA512
4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\It7rq44.exe

Filesize
656KB

MD5
6d5a0a92fb2e25d38b196c259f27120f

SHA1
3f590207bfe10ede2ad4707e3c076f9346004fb7

SHA256
9f0fbb1894cad22bfc754ea7b4a93fa8e5427baba7d10d8b4b63741540ef999b

SHA512
ef95f666b558ef434fd0cb4589e2e4ecae89aa7a0d9f4b2126cb743276b376a6bd5cfe309b9a97dbb16eab22a58479f33508a3afc420c3380e45c777ca0ba879

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Po48wh2.exe

Filesize
895KB

MD5
76a67a97499b6efeb8a3be8d4ab7db61

SHA1
beef4202d33d7e1f59d0e2ea43ca01e57db769fe

SHA256
81c454dbc7ec4fcead4488da6b57d4f1eb90f31d9762abb69c0a228d0cecc843

SHA512
757822aa13f725a116fb11ab2b2f27777b090412c7efaef0830caf4d815c89fab490860755531432957b663876a90a06e6775588ec50af42af128c05957a9607

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2so8469.exe

Filesize
276KB

MD5
c7685ab467a9a707b36bfc6926e113e2

SHA1
03351ce28f4e38d162ca8c9a969a600020494586

SHA256
0a524e8e36e7e1ffb2439bff2b3c79c91f4cfdf4aadf89d39c9dedccad7bb746

SHA512
edb2fdc6a8b25ab5299d0e92d260ec685dfd0ba3275f428dcad9a7a9b5957de0fe32341a1a145a693dd4539d650b9bcd4452860e8fae9e32897b2fa25d9b4ef9

Download Submit
memory/1576-173-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1576-170-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1576-171-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6836-178-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/6836-177-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download