mystic | 78044ff8f74edccd5579136ba1d670ce4f382444735c3885ab0542dd2b77ce63

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9e4d940a325e9b72d46353fc864673d69a691a5708c222a2124623dbb1d29056.exe
Size

877KB
MD5

cdffd489744085d274dadb4d6b409596
SHA1

e0fdec58945fe1e8f058541a8b5d9e38a5da42c4
SHA256

9e4d940a325e9b72d46353fc864673d69a691a5708c222a2124623dbb1d29056
SHA512

61e648ec1e8efe66ca7abc10ee9f599a10a0bb83a34f9365040ce0b573418c76ae598043a818fe771b837d308659fdf2a15093a59db7e386f33fa4cad2d63f54
SSDEEP

12288:PMray90PmjjOxp0NldHCDaex4IC5ipCPHGkiPLvTMXiYQ5DJQqYQF0lZ6VEvFOi8:Zy9+I5caeuIseC/GRLYDDomZ6Yjw

Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer

Malware Config

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Signatures

Detect Mystic stealer payload 3 IoCs

Processes:

resource	yara_rule
behavioral11/memory/6808-177-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral11/memory/6808-181-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral11/memory/6808-179-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

Processes:

resource	yara_rule
behavioral11/memory/7132-198-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline

Executes dropped EXE 4 IoCs

Processes:

jh3wX50.exe3Xu909VH.exe4Td1EW6.exe5MW64vc.exe

pid process

4668 jh3wX50.exe
3932 3Xu909VH.exe
6508 4Td1EW6.exe
6944 5MW64vc.exe

pid	process
4668	jh3wX50.exe
3932	3Xu909VH.exe
6508	4Td1EW6.exe
6944	5MW64vc.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

9e4d940a325e9b72d46353fc864673d69a691a5708c222a2124623dbb1d29056.exejh3wX50.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	9e4d940a325e9b72d46353fc864673d69a691a5708c222a2124623dbb1d29056.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	jh3wX50.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Xu909VH.exe	autoit_exe

Detected potential entity reuse from brand paypal.
phishing paypal

Suspicious use of SetThreadContext 2 IoCs

Processes:

4Td1EW6.exe5MW64vc.exe

description	pid	process	target process
PID 6508 set thread context of 6808	6508	4Td1EW6.exe	AppLaunch.exe
PID 6944 set thread context of 7132	6944	5MW64vc.exe	AppLaunch.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3880	msedge.exe
3880	msedge.exe
1148	msedge.exe
1148	msedge.exe
1784	msedge.exe
1784	msedge.exe
5384	msedge.exe
5384	msedge.exe
5752	msedge.exe
5752	msedge.exe
6076	msedge.exe
6076	msedge.exe
6916	identity_helper.exe
6916	identity_helper.exe
6640	msedge.exe
6640	msedge.exe
6640	msedge.exe
6640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

Processes:

msedge.exe

pid	process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

3Xu909VH.exemsedge.exe

pid	process
3932	3Xu909VH.exe
3932	3Xu909VH.exe
3932	3Xu909VH.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
3932	3Xu909VH.exe
3932	3Xu909VH.exe
3932	3Xu909VH.exe

Suspicious use of SendNotifyMessage 30 IoCs

Processes:

3Xu909VH.exemsedge.exe

pid	process
3932	3Xu909VH.exe
3932	3Xu909VH.exe
3932	3Xu909VH.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
3932	3Xu909VH.exe
3932	3Xu909VH.exe
3932	3Xu909VH.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9e4d940a325e9b72d46353fc864673d69a691a5708c222a2124623dbb1d29056.exejh3wX50.exe3Xu909VH.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	pid	process	target process
PID 3748 wrote to memory of 4668	3748	9e4d940a325e9b72d46353fc864673d69a691a5708c222a2124623dbb1d29056.exe	jh3wX50.exe
PID 3748 wrote to memory of 4668	3748	9e4d940a325e9b72d46353fc864673d69a691a5708c222a2124623dbb1d29056.exe	jh3wX50.exe
PID 3748 wrote to memory of 4668	3748	9e4d940a325e9b72d46353fc864673d69a691a5708c222a2124623dbb1d29056.exe	jh3wX50.exe
PID 4668 wrote to memory of 3932	4668	jh3wX50.exe	3Xu909VH.exe
PID 4668 wrote to memory of 3932	4668	jh3wX50.exe	3Xu909VH.exe
PID 4668 wrote to memory of 3932	4668	jh3wX50.exe	3Xu909VH.exe
PID 3932 wrote to memory of 3016	3932	3Xu909VH.exe	msedge.exe
PID 3932 wrote to memory of 3016	3932	3Xu909VH.exe	msedge.exe
PID 3016 wrote to memory of 4324	3016	msedge.exe	msedge.exe
PID 3016 wrote to memory of 4324	3016	msedge.exe	msedge.exe
PID 3932 wrote to memory of 1148	3932	3Xu909VH.exe	msedge.exe
PID 3932 wrote to memory of 1148	3932	3Xu909VH.exe	msedge.exe
PID 1148 wrote to memory of 2120	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2120	1148	msedge.exe	msedge.exe
PID 3932 wrote to memory of 1040	3932	3Xu909VH.exe	msedge.exe
PID 3932 wrote to memory of 1040	3932	3Xu909VH.exe	msedge.exe
PID 1040 wrote to memory of 4800	1040	msedge.exe	msedge.exe
PID 1040 wrote to memory of 4800	1040	msedge.exe	msedge.exe
PID 3932 wrote to memory of 2320	3932	3Xu909VH.exe	msedge.exe
PID 3932 wrote to memory of 2320	3932	3Xu909VH.exe	msedge.exe
PID 2320 wrote to memory of 5020	2320	msedge.exe	msedge.exe
PID 2320 wrote to memory of 5020	2320	msedge.exe	msedge.exe
PID 3932 wrote to memory of 1436	3932	3Xu909VH.exe	msedge.exe
PID 3932 wrote to memory of 1436	3932	3Xu909VH.exe	msedge.exe
PID 1436 wrote to memory of 2272	1436	msedge.exe	msedge.exe
PID 1436 wrote to memory of 2272	1436	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe
PID 1148 wrote to memory of 2664	1148	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\9e4d940a325e9b72d46353fc864673d69a691a5708c222a2124623dbb1d29056.exe
"C:\Users\Admin\AppData\Local\Temp\9e4d940a325e9b72d46353fc864673d69a691a5708c222a2124623dbb1d29056.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3748

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\jh3wX50.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\jh3wX50.exe
2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4668

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Xu909VH.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Xu909VH.exe
3⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
4⤵
- Suspicious use of WriteProcessMemory
PID:3016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffaeedf46f8,0x7ffaeedf4708,0x7ffaeedf4718
5⤵
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,16403995945187582869,13449439933346528788,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
5⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,16403995945187582869,13449439933346528788,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:1784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
4⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaeedf46f8,0x7ffaeedf4708,0x7ffaeedf4718
5⤵
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
5⤵
PID:2664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
5⤵
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
5⤵
PID:3084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
5⤵
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
5⤵
PID:5212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
5⤵
PID:5376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
5⤵
PID:5412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
5⤵
PID:5788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
5⤵
PID:1004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
5⤵
PID:5356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
5⤵
PID:6088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
5⤵
PID:6188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
5⤵
PID:6208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
5⤵
PID:6464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
5⤵
PID:6664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
5⤵
PID:6992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
5⤵
PID:7116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
5⤵
PID:6484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
5⤵
PID:7104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
5⤵
PID:5468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
5⤵
PID:116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:1
5⤵
PID:6932

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8184 /prefetch:8
5⤵
PID:6536

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8184 /prefetch:8
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:6916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
5⤵
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:1
5⤵
PID:5300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
5⤵
PID:5640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8048 /prefetch:8
5⤵
PID:812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
5⤵
PID:5240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
5⤵
PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
5⤵
PID:5192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9087465321140668936,18361348524758987742,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8792 /prefetch:2
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:6640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
4⤵
- Suspicious use of WriteProcessMemory
PID:1040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffaeedf46f8,0x7ffaeedf4708,0x7ffaeedf4718
5⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9673261623660145514,17600944509295311596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:5384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
4⤵
- Suspicious use of WriteProcessMemory
PID:2320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffaeedf46f8,0x7ffaeedf4708,0x7ffaeedf4718
5⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,9675478787422899325,14072367586101298747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:5752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
4⤵
- Suspicious use of WriteProcessMemory
PID:1436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x70,0x16c,0x7ffaeedf46f8,0x7ffaeedf4708,0x7ffaeedf4718
5⤵
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,3216593443503845655,4504847938063008814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
5⤵
- Suspicious behavior: EnumeratesProcesses
PID:6076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
4⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffaeedf46f8,0x7ffaeedf4708,0x7ffaeedf4718
5⤵
PID:3040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
4⤵
PID:5404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffaeedf46f8,0x7ffaeedf4708,0x7ffaeedf4718
5⤵
PID:5552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
4⤵
PID:5524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffaeedf46f8,0x7ffaeedf4708,0x7ffaeedf4718
5⤵
PID:5424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
4⤵
PID:5420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffaeedf46f8,0x7ffaeedf4708,0x7ffaeedf4718
5⤵
PID:5528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
4⤵
PID:6328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffaeedf46f8,0x7ffaeedf4708,0x7ffaeedf4718
5⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Td1EW6.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Td1EW6.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:6508

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
4⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5MW64vc.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5MW64vc.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:6944

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
3⤵
PID:7132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4d0bebf7-a989-4785-9455-c49e39012cf8.tmp

Filesize
4KB

MD5
c2657d9380b0f97322eb2ac1cc15bc70

SHA1
67928f3e4f83e237e1cca44645a67984dea165a6

SHA256
ba79387e3fac2ca45014697cd7fe2c5542ed648c3af9ecb08b674c070b2b3dad

SHA512
4fb8f7699ca2cd9b7478702b03d9d2d49bcc1b9108726da73abe2ef60c9ac42a6447ee0c6f95a20a5b373a4db0470b1eb698d1ce2d3572e6a35460588e74409d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7c74250c-4514-4e99-a949-73f7b88d59fd.tmp

Filesize
6KB

MD5
4816b0bcd38e9efbcb142f51f8f0686e

SHA1
aa19c1ac14994dcd4391b5cfe3cd522f9cd0e967

SHA256
f894b59d27d7070998919cdc1798ec3f2b3812076cfd44b709d2b9c54b773be8

SHA512
7171aa24b79b30f9ebad013f2293cc99c77c8bf131e7620f7a6de22d1d39d0c120db1594cc01a46ce7512bf40906407a3d1fa0755ccd36b447ed3af113053676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
34KB

MD5
64af5e859cd411f58ba7ade44f5a8c26

SHA1
c1ccd85a8209e2bbb58c662f1b621d2cdf7d3565

SHA256
7d3be672a50529d4ed208efdb7a90fa467eea5adca9bf877e18b167a4511cc24

SHA512
61ec83ff7512bd438f0c7112111af73b1a6eedd1dbf515dfd19c41dc46e58ea4b998f0faee85e7fc75bbc2d142bbf6b337e52e76aec01f4c6725e9d733765240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
223KB

MD5
253130eaad29f6b3a8d8e7815c0bd494

SHA1
a4f9c43a0a8bfdea2abb714a89628d9ab53911f1

SHA256
100b51f83c1ebf8717d0b03fbf1752724877a6c3828b30d24dbd649e1d70de23

SHA512
aec0c1d01c6d5c934091913bac199ec1bcfb87297a02237ebb71659dda8040f64217fc21d535efff9ef994085d74c12a7ee6e8ebf711a83f5afa61d765b257d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
b10bc77d471cebbb9e0e447c9fe4bb98

SHA1
a8e9c52426e2c8f0b17873410db50ad74386ff72

SHA256
b6ffa04d538610efab4950a1862b1390955fdf4b58106ca3ebbcdbe3cb63fafe

SHA512
c0b018e8f2e9a324342768c88db79ca0dd14f1a7cd756589943c494ba06b40685f82199aad1f5f7f6d51a3ebffe0f173dda70d10e7ff967479a9479327af8d03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
ec8f0e78b1cac798f78837e7da91aa2e

SHA1
22a2dff81ea31a8f6efe78f6bd443c0273013edf

SHA256
7e0c2cd65f31ab787e20d71f4c649257d82b0a07fac1ed32cf41bd496173ebfa

SHA512
28c7394254a993cf6d9bc18b6551901250a8e1a667fa406ed9225a846f896410e2da6700c5ab8982c349b8755fe51a76b66e86c992346f5c09d2ad44f8491f11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
32daa79560218a108812d1eb6fe03105

SHA1
6e53532d056ccdf266f1f1370e28b419e3b1d886

SHA256
c84c36edb6e6727ae2c95b950b4854a14737114dd7a59b8ab1f1a3e1854851c7

SHA512
b0112b3ce2d32ce16f96ef00787251522acf875915ca77a2c4eeb2131dc82811df69b249dcddbcbc66d3a77c65a4649ecf138d5612d35f8e07f4b34542f4b837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ac23e058b534896eb9b906907e8f2cfa

SHA1
67f92f7e3dbcc09f4a466b9ff96fa2d0696fa9a8

SHA256
c6bd0044e533b572f3ca2a49cf96d7ab42a1b38da71d7107fff61e3d53c81c9b

SHA512
61286d0a2ba3b4fa7487f22b0cdc10d72a4510956daf5b82b2160293b8193e656781459d46c76d4af55ecca774d67a969f78e0654cbb7b1b2297ad55933afe78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3be8d6cff57cc27fcf14e0bb97cb22d0

SHA1
0f9f3a2993cd05cfe4bcbc5cf6918824f8ddcc33

SHA256
52db887085d581bc38255e9e7ff4c8143f9fdaa76064374380b1720a7053d675

SHA512
e085b0f6f689c89c0578daf5538a4715d9df9dd813dcfbaf2da65badef041241f89a38f00909b0c107b33093c467e1df23cdb881d243eaeb80a18260276dc3ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
e73e2762b6063a98ed8d4ec176a22e84

SHA1
70a90a0d3dd850974e9f3aa5e5a822176fa41c19

SHA256
d898f5dc3f16b1fb9e54fed8e23e03681132f232748b20882595b00c57254c86

SHA512
f4fe4eeb3d557b20cd1609e8295354ec9c2a868154e624777ff494e117ce486a052cfd5a8bd4ea0b7b0617cb8600e572a7fbe3f3d69c62971a11ac64bfeeeccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
ce21e0565a4a7ea82221c7dc71ff6eb2

SHA1
d662f168668bc540b69b2909a3f577b663a352bf

SHA256
953e4353d11c68944ae824248bce0f60774e5edc49a2dbf6d1696ea60f51fe1a

SHA512
baa981e4703ecb29bada6af4f8ec0ab45703410daa0ff9efed6b013eb0c5952215f3b304d076f02aa1d09ef64a8f200ef29d70cad3df583e04df00e51fb4cdc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
670900306650e62118c3a0baca049505

SHA1
d38baeece03f0184db8fccc9759339843c42d968

SHA256
aa5c7e55f0ef25abd19fa53323f4d45768134d39b4769ac17aec4bf715947ee4

SHA512
c9e9390af794b75c287bc79fa7eddfb1a8f0f0b3658b9ee9b327d9c7940a73e63cc15eec8cfeb1e1b543b8e06d6fdc266682c2770c54a0536b4f06d51b5c3bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6eddf6f14afae67414e00c86e4da92e6

SHA1
6d144dc1860bd7c50d8b86898e8d7645955097a9

SHA256
3b805645ddb52876a10650ca3b556f5ccb5d394cbc57417581f0330d58abec82

SHA512
87f9662942c0368de26c1287b79098711f5dc5096fdbfa220ca26dc2d07df58dd6460d9c292a31e563b7bdb068bf7d0d49c267638242a92ade4ea911bf07ada9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe588c4d.TMP

Filesize
48B

MD5
2491bebd710ec42af593cab1ad855fc8

SHA1
5c195a545076cb2ff759d0968dbf405aa7f5a6fe

SHA256
cf13c77aabc92c696f3686448f85a7324bc6b0266e3d968dfcf3e70654cf1940

SHA512
735d3ff7a31fc86c04840f9e0605dfa2cb800277ae414a51ba0ca9297d24b4eff16304099626761865d53c667b9fbca44a7fe83d107621f7cfe1cf67b5dd5339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1997a513e0cf99ca1dd2bb73dfa48504

SHA1
724260a4f20fefc709183df99ea95d64353abb8c

SHA256
07f24841db86895d9db10dff80cebeb70a16ade2507e0c84f168cb48aa39231e

SHA512
15e8bc9bf7f2a29da84463a5fd9afef8120f76bb255a4320a3a06cf4ae93c97c48cc0934c738e264eac11ddbdfdd01f56673d34f39902fec79626bd075626e1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6c9ed6d13528eeacaf2e59383f879aa8

SHA1
5ceec8d44a49c0ee8bce883cbd5d03085e7f3fa5

SHA256
586cb63374735aa7bc773a18b8cd041ec816093d328f0d1e1868b758c10701aa

SHA512
554f8b9defe4d615023850dfc587cad9035ab5efa9f7e6d4a72f4f23ee2556a4c4bdf7a8157cf11d6f925b891c20e58e00c917976b574af209a347b8b71c0073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b881f68553bd9a0500b8729dea7d7f7b

SHA1
03b862ebc9b55ba1a8c7ba7408093519e131b0a9

SHA256
313e25e54c7b073e40bda4ec2d7e7ba38024f9355347dcd5bc10e80209a2dacb

SHA512
e3069edcf0d53bbfd21f3cc42131f305c745198821628cd3c9fc9d15538b6e8cc09c8625de215e9d77df69bdafb3b5b71dabe530d093acb1ecd9e39725602e58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d2d1.TMP

Filesize
2KB

MD5
d3a1d64de7b606a3e93bf3ff53f378cf

SHA1
4d60bb8bea7ea9c7e3de4f823e1a7709417443d4

SHA256
ec619124326c3ef20a45651332c89fd0790298f1108f0869da225c85f4071643

SHA512
43cf0b5edfcd4418ba1372ecb49707c55622a2d991ec5d06dc58f74d61cd2870e9e8013a06cf466e0d7350e331ec7ddbf017e821d287bda3d13815e5588f1a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b769b08a-fb77-46be-8c6e-64b709e2503d.tmp

Filesize
10KB

MD5
a5e5619f4d6d41f62c46b0d5df03cb68

SHA1
80f6ddc2ddf500cdfd1f6baa7bbb1073f9380172

SHA256
2bfc39b017726629090c12db947b6acd8cbcf6cc330bdceb76e6c2c17442890b

SHA512
8d938dfdccf174e9e3aba32355087a36713467d2ac0697e3603e30248b6d6033b2e6e0b1742ec4fd44b8a0399bd69103331b2329eca8946a835614e7490ca398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7c86eb02efe9b110855ca45252418527

SHA1
9c5d7808b1ea8b9e660a54bdfecd298234800d0f

SHA256
881aa2a8cb6abd805e55706fc40b9833ee24f0c90a20873feb352891fa0398b1

SHA512
d5ac21b194a0f5bef302c517a3c9a53ff2a4e4290c8c1c326b94807451fa3f1523e466f08675af4a43330ad94dd95a245f429490a3ccc908a58c824701d05fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
f735a65f9681c5dd325e6bdae6605ac0

SHA1
5f58183ddd92a1d4b31866149305207d919c2a7d

SHA256
51f6cdd18d9ff501bb9c3d480e796c8fdba33c97eed46e4fa38ed7aef8a46f4a

SHA512
13b789ac797f7057e476ae2fb8fcad2b563853b9d5b43a611b9049bd9da8fe45e187ba792161ffba548f9017869d85272d9a2d2e867881217206512e5a249bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aa8b9f36f877bdefb9ad7f70ee0a6cc7

SHA1
320e644486f4ea95301543e1a061b630736ee036

SHA256
c00adc8ccea77901e8119708be9e3b953df9eda838fba1a2d29da59805e7191a

SHA512
244e4d08ec5469f23a3ec87e6382368a5898613cdaa409e8a34e255bf415535b300d725361ef5651c7bd22b714aec8aaa03a9b54abeb56a31283302f1b72fd5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
2c09238c40fb198e8de3c749c134a06a

SHA1
af1eaac31bc6de67b7f1a829668aa0e3ad927853

SHA256
cca822226aef08c020a4b95c3f46bea116089bec55b973326aca525b35668e50

SHA512
d35018657094e5f8ad383184c267b94ade2cce2c42057a65b68150b46626767321b7bd7ad41941331f1146c13945f6c3246fe5bcf473d962cdd6ba594466b9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
0a504118ad998e17c351393222f5b3d2

SHA1
3efc5f5410a08f53aab3582a9698f7fcb234f9db

SHA256
0da12d33fc07a57ecb318125375347b85031da85ce2b50ca702636460d4863f7

SHA512
0befb885cbcac677393280303933b59a7b59604a7dc47efb8debbece19017d68c52309bca617dbcf2e6efb7a21c7abcb55350eaaf9e669fc6e591dfc0b5b2b4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\5MW64vc.exe

Filesize
315KB

MD5
6c48bad9513b4947a240db2a32d3063a

SHA1
a5b9b870ce2d3451572d88ff078f7527bd3a954a

SHA256
984ae46ad062442c543fcdb20b1a763001e7df08eb0ab24fc490cbf1ab4e54c8

SHA512
7ae5c7bce222cfeb9e0fae2524fd634fa323282811e97a61c6d1e9680d025e49b968e72ca8ce2a2ceca650fa73bc05b7cf578277944305ed5fae2322ef7d496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\jh3wX50.exe

Filesize
656KB

MD5
e6678ffb5e2576ffbb5adb2b0a615715

SHA1
09a9ea7fe7172efc9965dd9f1baa1c8d5965d390

SHA256
f743d4a02501efbe81a994f9a0e33ce3fa1d7ceffa8f440fe908e6423b1373d8

SHA512
cf2718fba41b7d33cf73c7be2181e7e770a5f0d4cbe020a36e3b20eba9cc014cb872e9664559847e45d76a9e813eca911fc08037fa239e2c627f3d8e2145c369

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Xu909VH.exe

Filesize
895KB

MD5
c5b37fb1f475734224f7e7163939165a

SHA1
4a3adc3df899fa38a9711d7b62207a458239caac

SHA256
75c06a328709225ea8edf951040e92c41da51d92d16a67eeb11edab3b6ca8b64

SHA512
6f6345b0b94cf4b8f4a1a92c3bd83a3f97acfdadb7c0307d3d7759cb52ac250e50b9f65eb904e82c041abf6e1c9ff090b3a54b1240960c053ed8d5f05c1bd088

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Td1EW6.exe

Filesize
276KB

MD5
6faec323ec516bea59330a5d4b237804

SHA1
aa3768d8b8d9a339f178f3d7e43e614c15489a55

SHA256
7c414a250dd6392aeea893accf314d76ca92df3d1e26e718e48fecff802a9f69

SHA512
b4aff52ff9948d14b1aa6c372818af76e272f6d7797fc8081b3f5d081f614d8bdca1c3a3e190bf34bf3bd7544e11c51e8e6ce41c6610fc1fed8f9433a6593e4b

Download Submit
\??\pipe\LOCAL\crashpad_1148_SSQKPHHZKEAUVMVT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/6808-177-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6808-179-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6808-181-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/7132-226-0x00000000079E0000-0x0000000007A2C000-memory.dmp

Filesize
304KB

Download
memory/7132-223-0x0000000007870000-0x00000000078AC000-memory.dmp

Filesize
240KB

Download
memory/7132-222-0x0000000007800000-0x0000000007812000-memory.dmp

Filesize
72KB

Download
memory/7132-216-0x0000000008160000-0x000000000826A000-memory.dmp

Filesize
1.0MB

Download
memory/7132-213-0x0000000008780000-0x0000000008D98000-memory.dmp

Filesize
6.1MB

Download
memory/7132-207-0x0000000002C90000-0x0000000002C9A000-memory.dmp

Filesize
40KB

Download
memory/7132-202-0x00000000076E0000-0x0000000007772000-memory.dmp

Filesize
584KB

Download
memory/7132-201-0x0000000007BB0000-0x0000000008154000-memory.dmp

Filesize
5.6MB

Download
memory/7132-198-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download