78044ff8f74edccd5579136ba1d670ce4f382444735c3885ab0542dd2b77ce63

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46054179cb2d9b509f8a1029b4d1b357f32a91ab0af933d26deeaaae266db1c6.exe
Size

634KB
MD5

5d66d2aba93fc12ea57807cdfde0f9bd
SHA1

b3a4709c059137a8f99cfdca6d379435d5e74f73
SHA256

46054179cb2d9b509f8a1029b4d1b357f32a91ab0af933d26deeaaae266db1c6
SHA512

7eb64d383e338e028e7fc46b7705e02610fed7ae12d7a3b9a0eb63952a9ebc3aebed949b277bb10e1d94b5d3ffb482dbff16a926deb0a36defb012e3d7fbd4b9
SSDEEP

12288:hMrXy90BkujYvPGmnqc3JQSo61S9WeQy1INqfJ+PVIRCOQ:SyMkujY7nV3Gkc9n1EqwVIJQ

Score

7^/10

paypal persistence phishing

Malware Config

Signatures

.NET Reactor proctector 2 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral2/memory/6652-166-0x0000000002460000-0x000000000247C000-memory.dmp	net_reactor
behavioral2/memory/6652-172-0x00000000049B0000-0x00000000049CA000-memory.dmp	net_reactor

Executes dropped EXE 2 IoCs

pid	Process
532	1AN83PG7.exe
6652	2FB2882.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	46054179cb2d9b509f8a1029b4d1b357f32a91ab0af933d26deeaaae266db1c6.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/files/0x000a00000002347e-5.dat	autoit_exe

Detected potential entity reuse from brand paypal.
phishing paypal
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2600	msedge.exe
2600	msedge.exe
2412	msedge.exe
2412	msedge.exe
776	msedge.exe
776	msedge.exe
2188	msedge.exe
2188	msedge.exe
5140	msedge.exe
5140	msedge.exe
6024	msedge.exe
6024	msedge.exe
6360	identity_helper.exe
6360	identity_helper.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe
2412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
532	1AN83PG7.exe
532	1AN83PG7.exe
532	1AN83PG7.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
532	1AN83PG7.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
532	1AN83PG7.exe
532	1AN83PG7.exe
532	1AN83PG7.exe

Suspicious use of SendNotifyMessage 31 IoCs

pid	Process
532	1AN83PG7.exe
532	1AN83PG7.exe
532	1AN83PG7.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
532	1AN83PG7.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
2188	msedge.exe
532	1AN83PG7.exe
532	1AN83PG7.exe
532	1AN83PG7.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 532	2468	46054179cb2d9b509f8a1029b4d1b357f32a91ab0af933d26deeaaae266db1c6.exe	83
PID 2468 wrote to memory of 532	2468	46054179cb2d9b509f8a1029b4d1b357f32a91ab0af933d26deeaaae266db1c6.exe	83
PID 2468 wrote to memory of 532	2468	46054179cb2d9b509f8a1029b4d1b357f32a91ab0af933d26deeaaae266db1c6.exe	83
PID 532 wrote to memory of 3084	532	1AN83PG7.exe	86
PID 532 wrote to memory of 3084	532	1AN83PG7.exe	86
PID 532 wrote to memory of 2188	532	1AN83PG7.exe	89
PID 532 wrote to memory of 2188	532	1AN83PG7.exe	89
PID 3084 wrote to memory of 700	3084	msedge.exe	90
PID 3084 wrote to memory of 700	3084	msedge.exe	90
PID 2188 wrote to memory of 2552	2188	msedge.exe	91
PID 2188 wrote to memory of 2552	2188	msedge.exe	91
PID 532 wrote to memory of 1956	532	1AN83PG7.exe	92
PID 532 wrote to memory of 1956	532	1AN83PG7.exe	92
PID 1956 wrote to memory of 5044	1956	msedge.exe	93
PID 1956 wrote to memory of 5044	1956	msedge.exe	93
PID 532 wrote to memory of 4012	532	1AN83PG7.exe	94
PID 532 wrote to memory of 4012	532	1AN83PG7.exe	94
PID 4012 wrote to memory of 1800	4012	msedge.exe	95
PID 4012 wrote to memory of 1800	4012	msedge.exe	95
PID 532 wrote to memory of 2856	532	1AN83PG7.exe	96
PID 532 wrote to memory of 2856	532	1AN83PG7.exe	96
PID 2856 wrote to memory of 1248	2856	msedge.exe	97
PID 2856 wrote to memory of 1248	2856	msedge.exe	97
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 3540	3084	msedge.exe	98
PID 3084 wrote to memory of 2412	3084	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\46054179cb2d9b509f8a1029b4d1b357f32a91ab0af933d26deeaaae266db1c6.exe
"C:\Users\Admin\AppData\Local\Temp\46054179cb2d9b509f8a1029b4d1b357f32a91ab0af933d26deeaaae266db1c6.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1AN83PG7.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1AN83PG7.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffab1b946f8,0x7ffab1b94708,0x7ffab1b94718
      4⤵
      PID:700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,15527266698343373821,3158786123684609522,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
      4⤵
      PID:3540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,15527266698343373821,3158786123684609522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffab1b946f8,0x7ffab1b94708,0x7ffab1b94718
      4⤵
      PID:2552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
      4⤵
      PID:1940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
      4⤵
      PID:2656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
      4⤵
      PID:1900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
      4⤵
      PID:5000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
      4⤵
      PID:5552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
      4⤵
      PID:5744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
      4⤵
      PID:5976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
      4⤵
      PID:6052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
      4⤵
      PID:5724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
      4⤵
      PID:6260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
      4⤵
      PID:6360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
      4⤵
      PID:6420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
      4⤵
      PID:6748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
      4⤵
      PID:6816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
      4⤵
      PID:6904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
      4⤵
      PID:6576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
      4⤵
      PID:6720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
      4⤵
      PID:1528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
      4⤵
      PID:4064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
      4⤵
      PID:2228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
      4⤵
      PID:1996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
      4⤵
      PID:1924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6644 /prefetch:8
      4⤵
      PID:3972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6644 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
      4⤵
      PID:3408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
      4⤵
      PID:1308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:1
      4⤵
      PID:5700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1
      4⤵
      PID:6164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
      4⤵
      PID:6240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 /prefetch:8
      4⤵
      PID:2288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:1
      4⤵
      PID:6744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,12344741672907439653,11069173826944053881,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6004 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffab1b946f8,0x7ffab1b94708,0x7ffab1b94718
      4⤵
      PID:5044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10549015179060947903,14317636117135146504,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
      4⤵
      PID:4016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10549015179060947903,14317636117135146504,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffab1b946f8,0x7ffab1b94708,0x7ffab1b94718
      4⤵
      PID:1800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1472,18124328119801377003,14734049030018184217,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
      4⤵
      PID:5132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1472,18124328119801377003,14734049030018184217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffab1b946f8,0x7ffab1b94708,0x7ffab1b94718
      4⤵
      PID:1248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12717760748615274062,3021172750040367079,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
      4⤵
      PID:6016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,12717760748615274062,3021172750040367079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
    3⤵
    PID:4804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffab1b946f8,0x7ffab1b94708,0x7ffab1b94718
      4⤵
      PID:216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
    3⤵
    PID:4388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffab1b946f8,0x7ffab1b94708,0x7ffab1b94718
      4⤵
      PID:332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
    3⤵
    PID:5760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffab1b946f8,0x7ffab1b94708,0x7ffab1b94718
      4⤵
      PID:5784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
    3⤵
    PID:5388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffab1b946f8,0x7ffab1b94708,0x7ffab1b94718
      4⤵
      PID:5296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
    3⤵
    PID:6508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffab1b946f8,0x7ffab1b94708,0x7ffab1b94718
      4⤵
      PID:6536
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2FB2882.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2FB2882.exe
  2⤵
  - Executes dropped EXE
  PID:6652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
223KB

MD5
253130eaad29f6b3a8d8e7815c0bd494

SHA1
a4f9c43a0a8bfdea2abb714a89628d9ab53911f1

SHA256
100b51f83c1ebf8717d0b03fbf1752724877a6c3828b30d24dbd649e1d70de23

SHA512
aec0c1d01c6d5c934091913bac199ec1bcfb87297a02237ebb71659dda8040f64217fc21d535efff9ef994085d74c12a7ee6e8ebf711a83f5afa61d765b257d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
34KB

MD5
64af5e859cd411f58ba7ade44f5a8c26

SHA1
c1ccd85a8209e2bbb58c662f1b621d2cdf7d3565

SHA256
7d3be672a50529d4ed208efdb7a90fa467eea5adca9bf877e18b167a4511cc24

SHA512
61ec83ff7512bd438f0c7112111af73b1a6eedd1dbf515dfd19c41dc46e58ea4b998f0faee85e7fc75bbc2d142bbf6b337e52e76aec01f4c6725e9d733765240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
f1842ddc0a70124efaff581931b5b7bf

SHA1
b19de81b52d65e786a3e3b3f022b86e8105adece

SHA256
0ead49e3a09a8aefe29f1e305ea4b0643111d5ae28cd1289bcf6b131df81efea

SHA512
81ed741e3caecaef0b2b075af2c45c221d928856e165955b487c3a579bb385569511ea459e8f012303d0cf3b142827fa06f0333dab43a1f90dec4d45510ee161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
5df68626f7c12a64d0e5a1fa4ca4ef52

SHA1
1f5883a434dbe44ef576e062ac9157bf519d1d4e

SHA256
6653dec4f3051925122960bb91175b7a1514cb0e7421e71fc2d2d16f46bbca24

SHA512
e58ba113b649a1e99498bf827863ffff246b06bf1c439850d005ac8ef0c4a445f4b262d13569c41fddc664dd8dff4e14cb43f4013340665c183728b5d6f46c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
6acc85b7468efc3f811e853bfe283f9e

SHA1
52d4b834566e9936b36704f378dfa009d492a760

SHA256
617391749fdbc57d6293ed6d3bfa4d9e1826fdbdfb15ef8483129f1dda39ce50

SHA512
0e2b5a5c2f447566815d51ae4ee98d201018042cc20a14463e3d667b6e25ee4907ac914a32afb76ca5ac23296b4f8e973b726320c3c2ef264318c26fc260a5e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7d60ac84e3c61540748d6db7569d7e83

SHA1
6720e7836e749c01bc88fa4ebeaeaf3e0fcd0201

SHA256
a6b2c539fe7afdf0ffe22522bab5100f0c9fdbdb2b1c2dca49798e4afb3a6f4a

SHA512
77b5b80e52dd97dc0ca59a25f90af0ae198652d2b53fd29e81e8c3c2b91772ced68443e2551c8ab40105ef4f1c7fb657fb0bbec574a3ce115da1408e4ead7dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ca0f692bbab9891d60561e5edf60998b

SHA1
8a5661665f4825a519970607cff0b082029848fc

SHA256
266329e46ccf2761d5488749e9896e36559bbb37ab77de2aa4baa674ca4f338a

SHA512
412eb6b7f5841a3683b572bc5e477dce2dd5f4aaaa2d0e9665e610027be49a8077c2dbf136c3f3bfd31a6182af41d8a96b3b1b5414bed28e8ab0d84cded028b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02f1193977d0bcb9ae0d38862b531339

SHA1
e19f6b9ef0a3e91c93c366500e68aab7f1b93427

SHA256
e8c9045658ca43f3b5d98085a97837350144cc833aff687e1e49d4e03beab711

SHA512
95915bc6aa2e3df5b3126a8b8a1d9955df05ff6e401acdc1e5051021562f363fd87926f65ac4b1077a84a031a9250e3713ab48d3f4921eb037077b121b507fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b5ed74eede9c9913225a4f9a3afa66b5

SHA1
48d57ae1ddee3dc1d239910f2ad81853c68825c8

SHA256
dd8f81af16ef3d8c27bc9276b793ab637b489f33a66780e9a459afb45b07e84a

SHA512
aaa2ede3c538a4df5e9532089e135ed7baaec9efb86ab2ec8b7e9e5b86aa187afb1e24836d8cc7cd95664a8bed07127a1730458a3a6de68e46faa198c5438ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9eb96207c033ae702a6341756850ce1f

SHA1
210b755fbbf97b05f878a15f280dff2788030b53

SHA256
41e6c291c931d067609fc24fd6cc115cd59baeec3f801f223a6ea5add4c8ba7a

SHA512
7b20f3a413b3b7b1f085503785d2de9d1440801bb4127a23310ade949f4f625e35cfe78cd274e44aa6470843c6b42fcd9d2df9a5db9996ae9bca980bcf86e0a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
86083fe4997933bc27c029e04b438337

SHA1
f14aab5de4e8178d9d52f582ece09c19fcd251f0

SHA256
53555425339b2fd82385f63f5216359de2f92e825c48310aa1aee01a917ff411

SHA512
b8489ad9112d3a1a2faf5db5ab5666a60e3790e0221cfaf3971a6f7056fcca1cab450dd1b9ea40330253216b60cbbcd79f55bf79bb6d0ee8918f861cc5aa7e35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
340156b8910b2c8939a9c4c0ec534ba9

SHA1
8981afbabde1947b851f94eb0b83c66087eb3e94

SHA256
7b5c35925474da21915771aaafea9c992df84e8ed634bce547f504ffb9320753

SHA512
d696817ab0b42541bd81cc334e10da84e830cf0ea0d3cb1c856a2f28464fa9c5493dd18d0557a460fc6a49c57dee5881cf04b9184e9dcfbead459c86d3c32ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
52283dc2028451f832a4b2c09c9fdde6

SHA1
f043f6c335d9a110b8c3603f459e2dc6a1d37c5e

SHA256
d0d4c82cff7e0b574bec8e5ccbe46d35eb88ec60fbb2c142bbbd7a5013138298

SHA512
516f2650a095aa16e36e8aa915ae6b9161de677ce35f94bc33ec6177511867c114a75e3dc2ce90e361977197071a59efd0a7e89de2674bdc34c77f90c46dbf25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b82cf190d7f25b9834b290860ddad1ab

SHA1
8a1fe20f60b113ae70f231d9a5ccdbff9cba787c

SHA256
abfaa95a7171379a464a398a018eab2530ded34ab29712b36b0ff65d6766ed63

SHA512
82d339ddc082693b969b325da549d9ed750c1bf853bfe7e6cb82725d2ccada2e0bee2156725a0258cfaf842191535aa370f79fea29b374d3cfe09138ef06d06c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581383.TMP

Filesize
48B

MD5
577727ed2974fd2d0520d29afbf2e09d

SHA1
90e15a8774b9acc804b3b360a1f50fc995bcd06b

SHA256
fcd9765585a712a6fb94657c142ac5786247490164ffe960c8e682ddc76fb7b6

SHA512
b5d783558989748309b2bb27cdac43bf8f3abcea04e3354f95df57e02fabb275c6947b79c4e4e550b26f31cc3e4d9847245b38aa59a9dc070d7aeade68759887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a0c9a0f53d3845309818a0c3ff9fe199

SHA1
74b92bae841c12a30c101111af5343579d327c00

SHA256
25a72b54228f62542431213075237abf5643d9436737141785fc95d32399186f

SHA512
3b678169b042020c83023a52d89636984d8594e46b8a5d79276b70287fb3567434c2db837dc9f7c8b4129edd63371e91f988ecdf359099d7d0fc6843371c62c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
06d2e09a014ab4bf0f94b6250a935862

SHA1
584f59aeb678e1aa8fbf8c1e675a77fbf9535ac7

SHA256
bd0db8c638bb8a87cc08610a919a93af882a45be3a21d4913c50d7091e3085d2

SHA512
23b186bd4fd70dc0ff4bf7ce4ce19217cb9745f805ab0b3884e2f873777cd875ae4bd000a1ae7d6f115a3a87bfe74c64013597969212ab571fa87253c0c22e05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0bf70cf9498dfc586bc66be52f3e9121

SHA1
9a6bd87765830846ed339e5c8ca96022579cb9a2

SHA256
7b14cc034d3cd32f05f1cc3909e891442dc74b4595e7871ae287bfb0a030b217

SHA512
3779e0c1f74b22ff6a87f3ae78bf59879a6d9c30f917056f7a440a1bc3d51f32942485e730821bbb190718ea6c48a89e582ec4666879721380db762aa932b862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
452b68ab9e53540e1af7c3dc3f1788b0

SHA1
849cdf99209c2ebd9e9534130acd719da1e7cf19

SHA256
54736ace708b7cf22e0967028d81b656d1181f221d7d5f492dee7cc321f395ca

SHA512
7b5e8f3c62cf2e444961baa9ec59142dfec3759dfcc13eb2a43292737760697d34abc9cd1ecc4a16b44b0e1ca847ec6e2ff1be03d0d2d853a6ab1bb280859d72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8138341904ec9c7cd14b13ea2a7e2804

SHA1
7f8cb6e864849a306b999ad6a1757a1dd68a0f54

SHA256
f02de46cb617139369d1878d10aa0f4e03f7e4ce7d7ce6043103d3bfccc780ce

SHA512
a34f5ba5f868af3864a028d3c8b1711db31d668bb7615c8b8352591e7ccdc160ef3357402f0b085a89f24a8f80fe3b3743dc9403ee2aadd3c9dc5f31c9d794f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b9ea.TMP

Filesize
2KB

MD5
895615709d74af1d73a1176f780872de

SHA1
7728ca4fce350db539d1815ce62476f92bbf926a

SHA256
7bc4fe4f6c8ad7b8896bfcdc58281cc4e2166ba7d899c2809dc7cfb4da4afe89

SHA512
f403bc85d787e1a110d63bee3f693936c4e00ee5013b58909c9a09d3cfe9bbc02b8740b58bd0edd6fd5cb3894acdfa8357d88e35095065197053614c5003124b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b5b35748e8ef33f91ed2756bded8e7b2

SHA1
66be40e616a824b5ebcf275f1d7d1eef646e2b71

SHA256
db0450d86453cb6bb18dc1683adfbd6cf156280a352157c1a7adcff0e94685d4

SHA512
30c56d9a8a2e59cddadf77b5e6705142ed373e5deca85bc4cbabb3bdf8937cec0daa0daae168c09888d7953bee3fd53bdf802af52b977e37e5559a6506d3f227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
379a4c23abb5a74eca8105c900e09f87

SHA1
00e7d2778bf6c9b04cfbe5bbccd5478c43312ceb

SHA256
8ee1faeb9b5088eb015c0844423b0901c1eda6ecf64974cab18874a3c255c56b

SHA512
1dd2d7946a0cf003be9e43700510e8c3ccf2a36f3b5202126a26f3f4cac42ef480d27dce45be276c093024bbab5cb2c35962e08c389c1894564a13a282ac4f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
765d055a4955de972b28c17aadae743f

SHA1
cdaa6aeee4533559dd9c45c4d547ef7cb6e7ce83

SHA256
92f00dcbcfc8bf94a715752fdcb68e95a44a5e5d67b232efa5441a4bef9309c6

SHA512
bd23322fff1637a5e4400b2894e6dc3e34b41b0f4bbd8e9f5515e5628e553127279c5ebc6c259f83fbe9fc4d0c5164f156faaee9d5e40cdabef5d6384aeade3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
05ea0db99fa8bb64acd2941166b73bee

SHA1
bf109f0a244f0796436e0ef3cd6a1c244f018991

SHA256
2357e44ddf3d030702e611efb2e695b7dc9db2810d3c7b68737bfcde1492585c

SHA512
1f7702eb8a7af4abaee404e8e7221f9fb673dd5d86580c21537e2a20d79cd01067e6ccede8f572e650e82ca65c9cc04bb8a2255ce3e9063fcf09cee6f40649cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\de99de8a-8485-4be3-9229-1a1a1f76a5f0.tmp

Filesize
11KB

MD5
3fec3957a8879577324423d81986a180

SHA1
23ea0e8cf67ab65f43c9aaad4bf78e9c7ad7c6ec

SHA256
fc6504721f906a3bd223b708872c7f65b867469f5b72165acf8ff716ee28c51e

SHA512
4aee23f7dc1c56931b76740101486a40ef2e6afb99af685c631c5110be180b9d93f0ec349967532b60e677a37fb14108956528963162f7a6e9e8b18f9af4de61

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\1AN83PG7.exe

Filesize
898KB

MD5
124ec74e0538ff2e1554adeb3067adab

SHA1
43d5a3500b3da684767d3dd2b5e07be8cafd99d0

SHA256
9b857b4f8314a44f72ff6be61bbaf35a9d3a065365b788110c6b7655e2ab1841

SHA512
92bf6aa9cd3b88c15191fbaa0863a03ccb57880fabd5502d0480c27f7efb117ca590c4a3d5cc90dcfd5d184ddb5abcd901af66fb729977ca506381511889b52f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\2FB2882.exe

Filesize
182KB

MD5
a847e74636951c79a42395dc824cd8ef

SHA1
4c64887bd74c9bb0884b1b6d7bb2da4f230a4b9b

SHA256
6f01b2a805420e727ff9c35fa08285c0a50cbac9c6bdf0ddaa51011ff81ee354

SHA512
163a4f23e9be0aa214957be0e7f342cd0a4248ca350f44a2818789b63755c518489bc3ac9a5b5b4302f3f1aea14eadb0e32ca68ada7abd46fbc3191aec98bcd5

Download Submit
memory/6652-172-0x00000000049B0000-0x00000000049CA000-memory.dmp

Filesize
104KB

Download
memory/6652-166-0x0000000002460000-0x000000000247C000-memory.dmp

Filesize
112KB

Download
memory/6652-171-0x0000000004A40000-0x0000000004FE4000-memory.dmp

Filesize
5.6MB

Download
memory/6652-173-0x0000000004FF0000-0x0000000005082000-memory.dmp

Filesize
584KB

Download