hxxps://cdn[.]discordapp[.]com/attachments/1261405626748371025/1287153282405367818/botnet2[.]0[.]exe?ex=66f51fa8&is=66f3ce28&hm=a6a2228d7d54be2495f4109d4fd17e2d4f5b70fbecc8964ee9e9298b5ec9fb92&

Analysis

max time kernel
305s
max time network
308s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
25-09-2024 16:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1261405626748371025/1287153282405367818/botnet2.0.exe?ex=66f51fa8&is=66f3ce28&hm=a6a2228d7d54be2495f4109d4fd17e2d4f5b70fbecc8964ee9e9298b5ec9fb92&

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
1428	botnet2.0.exe
2648	botnet2.0.exe
2300	botnet2.0.exe
4080	botnet2.0.exe
3932	botnet2.0.exe
2512	botnet2.0.exe
5032	botnet2.0.exe
3432	botnet2.0.exe

Loads dropped DLL 64 IoCs

pid	Process
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
2648	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
4080	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
2512	botnet2.0.exe
3432	botnet2.0.exe
3432	botnet2.0.exe
3432	botnet2.0.exe
3432	botnet2.0.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
20	pastebin.com
21	pastebin.com
47	pastebin.com
48	pastebin.com
50	pastebin.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\botnet2.0.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-131918955-2378418313-883382443-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-131918955-2378418313-883382443-1000\{8193B661-F46B-41D8-A720-70A998BD8B45}	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\botnet2.0.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 284749.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1600	msedge.exe
1600	msedge.exe
4624	msedge.exe
4624	msedge.exe
3112	msedge.exe
3112	msedge.exe
4804	identity_helper.exe
4804	identity_helper.exe
3892	msedge.exe
3892	msedge.exe
2268	msedge.exe
2268	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 4516	4624	msedge.exe	78
PID 4624 wrote to memory of 4516	4624	msedge.exe	78
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1360	4624	msedge.exe	79
PID 4624 wrote to memory of 1600	4624	msedge.exe	80
PID 4624 wrote to memory of 1600	4624	msedge.exe	80
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81
PID 4624 wrote to memory of 2812	4624	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1261405626748371025/1287153282405367818/botnet2.0.exe?ex=66f51fa8&is=66f3ce28&hm=a6a2228d7d54be2495f4109d4fd17e2d4f5b70fbecc8964ee9e9298b5ec9fb92&
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9e4d13cb8,0x7ff9e4d13cc8,0x7ff9e4d13cd8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6532 /prefetch:8
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6524 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2712 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7128 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2372 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,13152435156964589872,2479593696022301640,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3892

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1292

C:\Users\Admin\Downloads\botnet2.0.exe
"C:\Users\Admin\Downloads\botnet2.0.exe"
1⤵
- Executes dropped EXE
PID:1428
- C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\botnet2.0.exe
  C:\Users\Admin\Downloads\botnet2.0.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c
    3⤵
    PID:4112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title botnet
    3⤵
    PID:1196

C:\Users\Admin\Downloads\botnet2.0.exe
"C:\Users\Admin\Downloads\botnet2.0.exe"
1⤵
- Executes dropped EXE
PID:2300
- C:\Users\Admin\AppData\Local\Temp\onefile_2300_133717543255639576\botnet2.0.exe
  C:\Users\Admin\Downloads\botnet2.0.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c
    3⤵
    PID:1188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title botnet
    3⤵
    PID:2012

C:\Users\Admin\Downloads\botnet2.0.exe
"C:\Users\Admin\Downloads\botnet2.0.exe"
1⤵
- Executes dropped EXE
PID:3932
- C:\Users\Admin\AppData\Local\Temp\onefile_3932_133717543379472126\botnet2.0.exe
  C:\Users\Admin\Downloads\botnet2.0.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c
    3⤵
    PID:1000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title botnet
    3⤵
    PID:2484

C:\Users\Admin\Downloads\botnet2.0.exe
"C:\Users\Admin\Downloads\botnet2.0.exe"
1⤵
- Executes dropped EXE
PID:5032
- C:\Users\Admin\AppData\Local\Temp\onefile_5032_133717543793491186\botnet2.0.exe
  C:\Users\Admin\Downloads\botnet2.0.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c
    3⤵
    PID:2188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c title botnet
    3⤵
    PID:4148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e681bda746d695b173a54033103efa8

SHA1
ae07be487e65914bb068174b99660fb8deb11a1d

SHA256
fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2

SHA512
0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f081a02d8bbd5d800828ed8c769f5d9

SHA1
978d807096b7e7a4962a001b7bba6b2e77ce419a

SHA256
a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e

SHA512
7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
41KB

MD5
3fa3fda65e1e29312e0a0eb8a939d0e8

SHA1
8d98d28790074ad68d2715d0c323e985b9f3240e

SHA256
ee5d25df51e5903841b499f56845b2860e848f9551bb1e9499d71b2719312c1b

SHA512
4e63a0659d891b55952b427444c243cb2cb6339de91e60eb133ca783499261e333eaf3d04fb24886c718b1a15b79e52f50ef9e3920d6cfa0b9e6185693372cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.3MB

MD5
99909144f10e3a09393719c20e482a2e

SHA1
83c5796401209e03f0f3760aed1b8d450cd121ab

SHA256
213110b94c9d1dd35fce360afc80174fa88a8e708454ee17df8d833ec62ed4bc

SHA512
e071212deabdc742b45db19bf16bc0018c1e19dea8d6ac39b99faf890851667fdce056c658d0331d1183bb4ad5dd46bcf27544d5a8ee73d679fcc439bb79a3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
4165560a1c354caedfcd37244fcdd0a0

SHA1
67c9b902e53c20235b036738886a44d12f0b05fd

SHA256
c6016bb5a94b15bc1b1fd867e79be6435fd6d5f98c2ce9f6ec9548b47de760cd

SHA512
f6bbe5211874ed73cc13802eaab9fcfea7b0e86071fce06c9755a86aaf9c62c8267af92ab656b9da3c53d3e23a9ed3352a1c18d85f02f1124480de6f45af717b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8da87a2174d4b171466ea652fa6fb639

SHA1
ecab13eca863c367004573c3cf79f6854e369162

SHA256
1bfc2d896fbdb578d764163363c188aa27f8e151cb1c2bb2d8366c1dc3d3f68b

SHA512
67913e915ca537a63720afbd0171e15132a6f5e5622941799d6710220b5fbd3cd40b9a66fe572e3324cdfcb87c55e5e0872cd1cf8f8c9cb42d0aecc42bdaab52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5dcff079c7ecd275b2fd20ce7d32c87b

SHA1
f3601f9a2aeda31fa24d296e9b1ded194dcbeed2

SHA256
2eb62d2f10d4ac5924834566809fe0c68ada88be9ee767a931e987abc9c12d7a

SHA512
feca2339484657cf66aaa3a145b880d123bfb00d808681ddda679da799e188eabbe0ddce9b0be17819e31769b5873a5b8078fee453bbf2e22f30a5367682aab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
891B

MD5
9d8b0734731d8ceb5341aaf5b7650fc5

SHA1
0c1efc592f51dd38696580e8dfa6a0a0a6f4cd62

SHA256
20fafa89f71d632b913c80aac43e1d54f10a601d1a687e429fac0ad4a380a990

SHA512
b5a3f366d3250c285c0d020c5e9dcf211710a39bd1163072e3fb25735b571a5abfb259ff82a24ea7368e853f4f5b6094f1b15e0fb27459c07b586d77051e18fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
924B

MD5
78e49ca57d52252e62350ee2230b41e4

SHA1
915b74cfe307c7d873f8e345323016534c3d1d5a

SHA256
e5268d91202bf02e2671c2ec136f27a393462dfe7e1de8040694fd776b843c3f

SHA512
e6340d5170a55dd4bef84469fbd1e781963189f08d68aa61069d1a95b1f69dce57a57bdba15241a0bf7477c4cce91a6f0c85899a0bb71b15efa6fb18e9265c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
557B

MD5
762473714cc0eed7df0733ea820dafed

SHA1
4ce4c1a04f7db2688398633b6a3efbc42d73e2aa

SHA256
45641f0be09cd8e3cf5824101e79ef766881d9bd168206f71b0e9251874f37bc

SHA512
47e3e6f6fe45db11507db3b9e86df14969ead21281a68b795ac392a19d6fd1f6a7f552fe0471e19a21bc255a05b4421bdb7af0ab17d15230b9e25c0f0bc2ec19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a948a7434f01965d9d5ec009a0acb554

SHA1
f977c22ad529cd82199151d4dda06d2929194daa

SHA256
b574e11f68ffb1a2b3666cc59c374487c50f5a563203fb3b26b13cdba1a0267b

SHA512
1173efb7e68a3d403651a11a5dffc75994883697c03bd461d125a7238fbe2c74be5df37568fdd82e6bdb44903b70c01df30e621143542bb50a3250eb7ec79083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b7ae1d7cf9df9fa344785f18e7fdbaf

SHA1
cbe744d7b685f3b6c986c4172cfbfc56e0d55f17

SHA256
18f205db75018d47c5c0681e6d26aa06aa859383d8bfd256affa148e84f3969a

SHA512
46aa5e1502f9050270252cfb4bdc7bfbd8cf6515f63f88d4a4c968275cd06ae1ddcd69471f598ce6156b45d4cdbf1ba9826e8b69fcfee1bf0cd5acb335b4efda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9bc52c6827d4b974d50ecdc332d895f9

SHA1
0fc7f3e4bf11fd8610a967ee9df0d4ccbb4f4f7b

SHA256
b4c40023c7551d0d16502a3a57a808c865452a4b18320584d463573bbd46875f

SHA512
02df64c2f8680339a14cfa9a4d8c642cc2c89dfbb6849adbe2bd0e2460e958a17cd957995058c3b9048dabc978726f163bae171da8369b77fe3b6191ce950f29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2f812af08a9df39bfdae9cb7d930e1e

SHA1
89751f3f2dcfa12545078bd55fbc5106e9c13303

SHA256
715960aeb1600743ff68129e21c4930e1eba7ed546035fea0ee12db3f062dc5b

SHA512
9d4a03c9dc84f24190940e320b24a4853b7bc76093743de34a68ca664f774a3fbf96f24fd7a52df5f88f4b7ca411f7e2e21100f5998109f0d33724ca3a39465e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
18679193a98848dc603860a743b9f254

SHA1
7c77eea48525cd7843ad6c8c257d145a501d5b5d

SHA256
e928a7340af24b97f6ddd50af57c6d61a51990f6548ce1183724ed00fb6864b0

SHA512
952f1a081ac6376009ade2a529996de5c229ac113f432a421e18ad5f31e64d7da84e187f1b731b0ad675572ece2fc03760de7b3dd5f41fac9ef6a71144495ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ec323d59f89f5263af00e6f54635732

SHA1
5da700c632f7dccd4b46ce0d9aa19a0c1fc1a250

SHA256
d8762a6ef260ee4c47e9d1bb9d6315ef44e08a7cf59468ec72da1d81688d4fe5

SHA512
dd1fd3f900aa89c396b157a99e43b0596debdbd7494455286ef733ce3e5eb627712c874870d0854a88a83725c01cf3b9b6c5af815f544535d452a780f1d64f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b8ce17968d1b6db59cdc596eae9043ad

SHA1
3faf3ae964e6651b11e63aafb4a51445222c2a6a

SHA256
9d164898440b8671ad6e3af381cf0f09a25fa32f6b4b03ec97c5240b41e05159

SHA512
bd9beb5caa0743fa5a3eaa6d913f89b1116f92feaeef8b71acb48117ac53f0069cfbd8f0b677e23dd9268cf9ae6dae0f1032db07bd4fc184b0c06873bc64ae7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3dc3bb578e1141a79dd003ae2b121706

SHA1
0506b1e8e8de797d3db8c23389c35c6f8517d9a9

SHA256
e2261f0a4c5e1cc70495a403eff5a7eac631a429b07efc2821145188acd6bed7

SHA512
ed4f8db68a056557fd0f93ec24d11b31dc9112784fd01274bc7db12ab518a0597f6a00090840d7254c0dda9d8455378ccd60e8b195b796675c117aa3d7a2bf9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
44e59119543430e40ee263b1312fd403

SHA1
3d9101ec86c42fad010497c9cc41b0f968cca9a3

SHA256
0dc4fed6126fff52e9c22e95e7e591525256e7b09bd58be495787e486e7f1be9

SHA512
5a3163ba62173975f9b26789d560da9dd295be5347a823b43942b9f01098d7383d3b6447112a8bf40a4888b05fe2a1cc36e1d02ef38a7562e366912c4f2654c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595d87.TMP

Filesize
536B

MD5
3396b23e630e132fd6bf77bb2bcb6001

SHA1
fdf8b8c91195288356fd529c934dcea1c9475784

SHA256
ef1a032acb54bf1d0fcc1646e294da56ee8500b01b46c3d958f468e38467ee85

SHA512
00836da08c1922afea9fc5dc482226f47cda32350e2ebf3304ab6d591e31002e95025aa41c8f4f630bca3ea195bfe894cebb4557751277428c9e19083da65d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4c948b6f5d3331c5d09926bd4d59c919

SHA1
5f7dcf4f9b6e20176fe9fc7396b5b5cc4a5218ce

SHA256
e1bc925584c0de4b42d7fc88d4dcff45d1bde8f2f3b9fcf9154aece9456eba66

SHA512
55f2eb169243783bc3bd24026a6e40ca39aee05e46b4e5c56538de94a2446cf74c8f41707dc5031b98336f268820933570103b2349ae72e120b078cacb22ec92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2687ffc49674990526fcf24f9ce1f3c5

SHA1
d1bbcbf016b16e64c9b119174f00eecb5f933f02

SHA256
0d4cbfea9d8f252e119860b8ff18f93c57b34817f9d81ce8b49fef0958660c06

SHA512
42483be9599b7d214fa811077908a980967869bca86310b9d65af5f81061e9e66a446903013f0975bf84755825a89571d2a38509032b99e844f55ebe37fcc699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ebbbfba7b5110fc966339b967021d8e2

SHA1
2b53cf8f4096b470e9d12df5bdd5da5195abf65c

SHA256
d1c6004a775907a12eeedace0f5973b9c220d22b1dc3b291afb9d93df212a5f5

SHA512
6eab87a5940c6b9477bfb70d24f3bb6a4459f0082c0e82a850c0b34cca8ea95212bc93a42701c9edbdc1e78ea960588f20d2dbaa72999b3ec0d3d9d0d62b30aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ssl.pyd

Filesize
174KB

MD5
6a2b0f8f50b47d05f96deff7883c1270

SHA1
2b1aeb6fe9a12e0d527b042512fc8890eedb10d8

SHA256
68dad60ff6fb36c88ef1c47d1855517bfe8de0f5ddea0f630b65b622a645d53a

SHA512
a080190d4e7e1abb186776ae6e83dab4b21a77093a88fca59ce1f63c683f549a28d094818a0ee44186ddea2095111f1879008c0d631fc4a8d69dd596ef76ca37

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\certifi\cacert.pem

Filesize
284KB

MD5
181ac9a809b1a8f1bc39c1c5c777cf2a

SHA1
9341e715cea2e6207329e7034365749fca1f37dc

SHA256
488ba960602bf07cc63f4ef7aec108692fec41820fc3328a8e3f3de038149aee

SHA512
e19a92b94aedcf1282b3ef561bd471ea19ed361334092c55d72425f9183ebd1d30a619e493841b6f75c629f26f28dc682960977941b486c59475f21cf86fff85

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\charset_normalizer\md__mypyc.pyd

Filesize
120KB

MD5
bf9a9da1cf3c98346002648c3eae6dcf

SHA1
db16c09fdc1722631a7a9c465bfe173d94eb5d8b

SHA256
4107b1d6f11d842074a9f21323290bbe97e8eed4aa778fbc348ee09cc4fa4637

SHA512
7371407d12e632fc8fb031393838d36e6a1fe1e978ced36ff750d84e183cde6dd20f75074f4597742c9f8d6f87af12794c589d596a81b920c6c62ee2ba2e5654

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\zstandard\backend_c.pyd

Filesize
508KB

MD5
0fc69d380fadbd787403e03a1539a24a

SHA1
77f067f6d50f1ec97dfed6fae31a9b801632ef17

SHA256
641e0b0fa75764812fff544c174f7c4838b57f6272eaae246eb7c483a0a35afc

SHA512
e63e200baf817717bdcde53ad664296a448123ffd055d477050b8c7efcab8e4403d525ea3c8181a609c00313f7b390edbb754f0a9278232ade7cfb685270aaf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\_bz2.pyd

Filesize
83KB

MD5
dd26ed92888de9c57660a7ad631bb916

SHA1
77d479d44d9e04f0a1355569332233459b69a154

SHA256
324268786921ec940cbd4b5e2f71dafd08e578a12e373a715658527e5b211697

SHA512
d693367565005c1b87823e781dc5925146512182c8d8a3a2201e712c88df1c0e66e65ecaec9af22037f0a8f8b3fb3f511ea47cfd5774651d71673fab612d2897

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\_ctypes.pyd

Filesize
122KB

MD5
c8afa1ebb28828e1115c110313d2a810

SHA1
1d0d28799a5dbe313b6f4ddfdb7986d2902fa97a

SHA256
8978972cf341ccd0edf8435d63909a739df7ef29ec7dd57ed5cab64b342891f0

SHA512
4d9f41bd23b62600d1eb097d1578ba656b5e13fd2f31ef74202aa511111969bb8cfc2a8e903de73bd6e63fadaa59b078714885b8c5b8ecc5c4128ff9d06c1e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\_hashlib.pyd

Filesize
64KB

MD5
d19cb5ca144ae1fd29b6395b0225cf40

SHA1
5b9ec6e656261ce179dfcfd5c6a3cfe07c2dfeb4

SHA256
f95ec2562a3c70fb1a6e44d72f4223ce3c7a0f0038159d09dce629f59591d5aa

SHA512
9ac3a8a4dbdb09be3760e7ccb11269f82a47b24c03d10d289bcdded9a43e57d3cd656f8d060d66b810382ecac3a62f101f83ea626b58cd0b5a3cca25b67b1519

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\_lzma.pyd

Filesize
156KB

MD5
8cfbafe65d6e38dde8e2e8006b66bb3e

SHA1
cb63addd102e47c777d55753c00c29c547e2243c

SHA256
6d548db0ab73291f82cf0f4ca9ec0c81460185319c8965e829faeacae19444ff

SHA512
fa021615d5c080aadcd5b84fd221900054eb763a7af8638f70cf6cd49bd92773074f1ac6884f3ce1d8a15d59439f554381377faee4842ed5beb13ff3e1b510f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\_queue.pyd

Filesize
31KB

MD5
7d91dd8e5f1dbc3058ea399f5f31c1e6

SHA1
b983653b9f2df66e721ece95f086c2f933d303fc

SHA256
76bba42b1392dc57a867aef385b990fa302a4f1dcf453705ac119c9c98a36e8d

SHA512
b8e7369da79255a4bb2ed91ba0c313b4578ee45c94e6bc74582fc14f8b2984ed8fcda0434a5bd3b72ea704e6e8fd8cbf1901f325e774475e4f28961483d6c7cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\_socket.pyd

Filesize
81KB

MD5
e43aed7d6a8bcd9ddfc59c2d1a2c4b02

SHA1
36f367f68fb9868412246725b604b27b5019d747

SHA256
2c2a6a6ba360e38f0c2b5a53b4626f833a3111844d95615ebf35be0e76b1ef7a

SHA512
d92e26eb88db891de389a464f850a8da0a39af8a4d86d9894768cb97182b8351817ce14fe1eb8301b18b80d1d5d8876a48ba66eb7b874c7c3d7b009fcdbc8c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\_wmi.pyd

Filesize
36KB

MD5
bed7b0ced98fa065a9b8fe62e328713f

SHA1
e329ebca2df8889b78ce666e3fb909b4690d2daa

SHA256
5818679010bb536a3d463eeee8ce203e880a8cd1c06bf1cb6c416ab0dc024d94

SHA512
c95f7bb6ca9afba50bf0727e971dff7326ce0e23a4bfa44d62f2ed67ed5fede1b018519dbfa0ed3091d485ed0ace68b52dd0bb2921c9c1e3bc1fa875cd3d2366

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\botnet2.0.exe

Filesize
13.3MB

MD5
759a81f16e7dee88ae71556c344b5cc9

SHA1
4ece1dc2ec36d4d02a9ba33e683b60d7e5e69df5

SHA256
f3bc79fc5cbd1d5dc2ae94856bbdc68402fb98dc9cafe712665201cf3d37a6bb

SHA512
959c68768300afb272722b58b215da1c1496b6b5f5f56d85fe0e5f527279dda237358c0909ddfc08806e958f08b3d89326f03f9ad83924236297d7fd2fa3b817

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\charset_normalizer\md.pyd

Filesize
10KB

MD5
d9e0217a89d9b9d1d778f7e197e0c191

SHA1
ec692661fcc0b89e0c3bde1773a6168d285b4f0d

SHA256
ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0

SHA512
3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\select.pyd

Filesize
30KB

MD5
79ce1ae3a23dff6ed5fc66e6416600cd

SHA1
6204374d99144b0a26fd1d61940ff4f0d17c2212

SHA256
678e09ad44be42fa9bc9c7a18c25dbe995a59b6c36a13eecc09c0f02a647b6f0

SHA512
a4e48696788798a7d061c0ef620d40187850741c2bec357db0e37a2dd94d3a50f9f55ba75dc4d95e50946cbab78b84ba1fc42d51fd498640a231321566613daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\unicodedata.pyd

Filesize
1.1MB

MD5
b848e259fabaf32b4b3c980a0a12488d

SHA1
da2e864e18521c86c7d8968db74bb2b28e4c23e2

SHA256
c65073b65f107e471c9be3c699fb11f774e9a07581f41229582f7b2154b6fc3c

SHA512
4c6953504d1401fe0c74435bceebc5ec7bf8991fd42b659867a3529cee5cc64da54f1ab404e88160e747887a7409098f1a85a546bc40f12f0dde0025408f9e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1428_133717541843881812\vcruntime140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3932_133717543379472126\_decimal.pyd

Filesize
251KB

MD5
cea3b419c7ca87140a157629c6dbd299

SHA1
7dbff775235b1937b150ae70302b3208833dc9be

SHA256
95b9850e6fb335b235589dd1348e007507c6b28e332c9abb111f2a0035c358e5

SHA512
6e3a6781c0f05bb5182073cca1e69b6df55f05ff7cdcea394bacf50f88605e2241b7387f1d8ba9f40a96832d04f55edb80003f0cf1e537a26f99408ee9312f5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3932_133717543379472126\python3.dll

Filesize
66KB

MD5
8dbe9bbf7118f4862e02cd2aaf43f1ab

SHA1
935bc8c5cea4502d0facf0c49c5f2b9c138608ed

SHA256
29f173e0147390a99f541ba0c0231fdd7dfbca84d0e2e561ef352bf1ec72f5db

SHA512
938f8387dcc356012ac4a952d371664700b110f7111fcc24f5df7d79791ae95bad0dbaf77d2d6c86c820bfd48a6bdbe8858b7e7ae1a77df88e596556c7135ed4

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3932_133717543379472126\zstandard\_cffi.pyd

Filesize
635KB

MD5
afa2b9e9c7153750794acfdf4bd0e416

SHA1
19c521d35dcf6bc1546e11ece12904043be16fdb

SHA256
14db1d573f7ba8f41563bbc7cda6f1a46e5f86c1b7096d298593971a0b1c6c60

SHA512
38e2ec7f45c6ac7cbc0d5ab7ca94ddf47fc72067507d699fa32f42aa8a4187579724645e45042929140c832c83457011ef83914e397d6f8713a6e018b2823c6b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 284749.crdownload

Filesize
8.5MB

MD5
9726aa0623906fc131af497e573e7230

SHA1
bd26ce98a85a4ecc982642e2fd50ab28cbb9b97d

SHA256
e57278c82a101036e1516791346484a1afc18493aca46c21c4d8a2f9f423c91a

SHA512
013f2987bcb686c5add6a18b1b6ff70dc76399d725a5ef38a49969309b6803cc37ca6d97526487156a5fe75cac1a819f555039e2c76c5c52983fdb316428dcc0

Download Submit
memory/1428-479-0x00007FF78D550000-0x00007FF78DDF6000-memory.dmp

Filesize
8.6MB

Download
memory/1428-168-0x00007FF78D550000-0x00007FF78DDF6000-memory.dmp

Filesize
8.6MB

Download
memory/2300-509-0x00007FF78D550000-0x00007FF78DDF6000-memory.dmp

Filesize
8.6MB

Download
memory/2512-550-0x00007FF7EECB0000-0x00007FF7EFA1F000-memory.dmp

Filesize
13.4MB

Download
memory/2512-549-0x00007FF7EECB0000-0x00007FF7EFA1F000-memory.dmp

Filesize
13.4MB

Download
memory/2512-536-0x00007FF7EECB0000-0x00007FF7EFA1F000-memory.dmp

Filesize
13.4MB

Download
memory/2648-472-0x00007FF74F9C0000-0x00007FF75072F000-memory.dmp

Filesize
13.4MB

Download
memory/2648-474-0x00007FF74F9C0000-0x00007FF75072F000-memory.dmp

Filesize
13.4MB

Download
memory/2648-461-0x00007FF74F9C0000-0x00007FF75072F000-memory.dmp

Filesize
13.4MB

Download
memory/2648-180-0x00007FF74F9C0000-0x00007FF75072F000-memory.dmp

Filesize
13.4MB

Download
memory/2648-169-0x00007FF74F9C0000-0x00007FF75072F000-memory.dmp

Filesize
13.4MB

Download
memory/2648-182-0x00007FF74F9C0000-0x00007FF75072F000-memory.dmp

Filesize
13.4MB

Download
memory/2648-475-0x00007FF74F9C0000-0x00007FF75072F000-memory.dmp

Filesize
13.4MB

Download
memory/3432-587-0x00007FF79AA70000-0x00007FF79B7DF000-memory.dmp

Filesize
13.4MB

Download
memory/3432-589-0x00007FF79AA70000-0x00007FF79B7DF000-memory.dmp

Filesize
13.4MB

Download
memory/3432-581-0x00007FF79AA70000-0x00007FF79B7DF000-memory.dmp

Filesize
13.4MB

Download
memory/3432-967-0x00007FF79AA70000-0x00007FF79B7DF000-memory.dmp

Filesize
13.4MB

Download
memory/3932-554-0x00007FF78D550000-0x00007FF78DDF6000-memory.dmp

Filesize
8.6MB

Download
memory/3932-535-0x00007FF78D550000-0x00007FF78DDF6000-memory.dmp

Filesize
8.6MB

Download
memory/4080-505-0x00007FF712410000-0x00007FF71317F000-memory.dmp

Filesize
13.4MB

Download
memory/5032-580-0x00007FF78D550000-0x00007FF78DDF6000-memory.dmp

Filesize
8.6MB

Download