Analysis

  • max time kernel
    406s
  • max time network
    469s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08-11-2024 23:43

General

  • Target

    GbzzvH9bwAI8gEC.jpg

  • Size

    50KB

  • MD5

    0a377a3b32363c1590c9462b3c02cf68

  • SHA1

    d40852727460f977e31cf2ce530fec79a8137cee

  • SHA256

    f0640d8f08579e40d072e5bc685136ac37a3b2cbca120314480a40fd3ecb16c8

  • SHA512

    409b2cef08253c59ce7f3c89d841e8df15f1919190f6faf40db42aca250518049ff321326e6c816cf2fc869941f056d7cb293bbeb03ea1949a5813770fb50a33

  • SSDEEP

    1536:+lp7qIJp1xMxxD6PGWNwvFr1MHeIJ2f17:wR9ExMJuvF++IJ2fp

Score
8/10

Malware Config

Signatures

  • Possible privilege escalation attempt 2 IoCs
  • Modifies file permissions 1 TTPs 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 4 IoCs
  • Opens file in notepad (likely ransom note) 2 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\GbzzvH9bwAI8gEC.jpg
    1⤵
      PID:2008
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2308
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\delsys32.txt
        1⤵
        • Opens file in notepad (likely ransom note)
        PID:4928
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\delsys32.bat" "
        1⤵
          PID:2028
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\delsys32.bat" "
          1⤵
            PID:4480
          • C:\Windows\System32\cmd.exe
            "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\delsys32.bat"
            1⤵
              PID:2200
            • C:\Windows\system32\NOTEPAD.EXE
              "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\delsys32.txt
              1⤵
              • Opens file in notepad (likely ransom note)
              PID:4492
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\delsys32.bat" "
              1⤵
                PID:3380
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\delsys32.bat" "
                1⤵
                  PID:4848
                • C:\Windows\System32\cmd.exe
                  "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\delsys32.bat"
                  1⤵
                    PID:1492
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe"
                    1⤵
                    • Suspicious use of WriteProcessMemory
                    PID:4780
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe"
                      2⤵
                      • Checks processor information in registry
                      • Modifies registry class
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SetWindowsHookEx
                      • Suspicious use of WriteProcessMemory
                      PID:4384
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9a39d2e-e0b6-47ad-960f-28e99d09f48a} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" gpu
                        3⤵
                          PID:1656
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2304 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0d71576-cfd3-4caa-95c2-cb676404fab0} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" socket
                          3⤵
                            PID:1780
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3224 -childID 1 -isForBrowser -prefsHandle 1460 -prefMapHandle 1352 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcfbec87-a2db-41f0-aa3d-7645ab861b9c} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" tab
                            3⤵
                              PID:1088
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3884 -childID 2 -isForBrowser -prefsHandle 3876 -prefMapHandle 3872 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ad2ea58-bf88-48b5-82bf-c7a4343aa96e} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" tab
                              3⤵
                                PID:3052
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4892 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4900 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c77ac1c2-96aa-449c-99e5-20472b0fc681} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" utility
                                3⤵
                                • Checks processor information in registry
                                PID:4848
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5316 -childID 3 -isForBrowser -prefsHandle 5288 -prefMapHandle 5252 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2319e067-b376-4e58-9bff-8283da2987e5} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" tab
                                3⤵
                                  PID:1800
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5548 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28d0a5aa-a432-4db1-ba1c-7dca2c4f0c90} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" tab
                                  3⤵
                                    PID:3548
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5720 -childID 5 -isForBrowser -prefsHandle 5640 -prefMapHandle 5648 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1cf06db-11aa-4eed-a464-142d32da0e85} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" tab
                                    3⤵
                                      PID:2040
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 6 -isForBrowser -prefsHandle 6128 -prefMapHandle 6072 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35b05a95-6a03-4260-b234-7c41267d129e} 4384 "\\.\pipe\gecko-crash-server-pipe.4384" tab
                                      3⤵
                                        PID:2496
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                    1⤵
                                    • Enumerates system info in registry
                                    • NTFS ADS
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                    • Suspicious use of FindShellTrayWindow
                                    • Suspicious use of SendNotifyMessage
                                    PID:4184
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8df5c3cb8,0x7ff8df5c3cc8,0x7ff8df5c3cd8
                                      2⤵
                                        PID:2828
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
                                        2⤵
                                          PID:784
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:1400
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
                                          2⤵
                                            PID:3316
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
                                            2⤵
                                              PID:5044
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
                                              2⤵
                                                PID:4068
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
                                                2⤵
                                                  PID:5172
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
                                                  2⤵
                                                    PID:5184
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8
                                                    2⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:5320
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
                                                    2⤵
                                                      PID:5536
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
                                                      2⤵
                                                        PID:5696
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
                                                        2⤵
                                                          PID:5340
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
                                                          2⤵
                                                            PID:5456
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
                                                            2⤵
                                                              PID:5708
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
                                                              2⤵
                                                                PID:5716
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5284 /prefetch:8
                                                                2⤵
                                                                  PID:6064
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
                                                                  2⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:1420
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
                                                                  2⤵
                                                                    PID:5696
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6396 /prefetch:8
                                                                    2⤵
                                                                    • NTFS ADS
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:6024
                                                                  • C:\Windows\system32\cmd.exe
                                                                    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\delete.bat" "
                                                                    2⤵
                                                                      PID:3416
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6212 /prefetch:2
                                                                      2⤵
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:5384
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                                                                      2⤵
                                                                        PID:6024
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,13414942040238935522,1956879103818144507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3220 /prefetch:8
                                                                        2⤵
                                                                        • NTFS ADS
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:5372
                                                                      • C:\Windows\system32\cmd.exe
                                                                        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\death.bat" "
                                                                        2⤵
                                                                          PID:3416
                                                                          • C:\Windows\system32\net.exe
                                                                            net session
                                                                            3⤵
                                                                              PID:1684
                                                                              • C:\Windows\system32\net1.exe
                                                                                C:\Windows\system32\net1 session
                                                                                4⤵
                                                                                  PID:240
                                                                              • C:\Windows\system32\takeown.exe
                                                                                takeown /f C:\Windows\System32 /r /d y
                                                                                3⤵
                                                                                • Possible privilege escalation attempt
                                                                                • Modifies file permissions
                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                PID:3712
                                                                              • C:\Windows\system32\icacls.exe
                                                                                icacls C:\Windows\System32 /grant administrators:F /t
                                                                                3⤵
                                                                                • Possible privilege escalation attempt
                                                                                • Modifies file permissions
                                                                                PID:3092
                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                            1⤵
                                                                              PID:2640
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:4644
                                                                              • C:\Windows\System32\cmd.exe
                                                                                "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\delete.bat"
                                                                                1⤵
                                                                                  PID:4880
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:1732

                                                                                  Network

                                                                                  MITRE ATT&CK Enterprise v15

                                                                                  Replay Monitor

                                                                                  Loading Replay Monitor...

                                                                                  Downloads

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                    Filesize

                                                                                    152B

                                                                                    MD5

                                                                                    e11c77d0fa99af6b1b282a22dcb1cf4a

                                                                                    SHA1

                                                                                    2593a41a6a63143d837700d01aa27b1817d17a4d

                                                                                    SHA256

                                                                                    d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

                                                                                    SHA512

                                                                                    c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                    Filesize

                                                                                    152B

                                                                                    MD5

                                                                                    c0a1774f8079fe496e694f35dfdcf8bc

                                                                                    SHA1

                                                                                    da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

                                                                                    SHA256

                                                                                    c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

                                                                                    SHA512

                                                                                    60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                                    Filesize

                                                                                    37KB

                                                                                    MD5

                                                                                    908677684413f5278249c1b08127d6a0

                                                                                    SHA1

                                                                                    df54a142c7eb47537509a54a8519f1c6c82d0965

                                                                                    SHA256

                                                                                    49910739da15aef97cf1b1fab8a1c6817991542d296c3fe6619248258626330b

                                                                                    SHA512

                                                                                    d6458614c8cf209da33129d5672f4eee9923bb56e91692c87a0f82a0e00c0ed0c03bad913e3ebfae7dab32f76465e58289e15e579bc5f8af37845ab250301773

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

                                                                                    Filesize

                                                                                    20KB

                                                                                    MD5

                                                                                    4e786ef6de6d058a7ee21d714b5878f8

                                                                                    SHA1

                                                                                    a25cf3a4ef2c4208064a295fc00bf84be1557e8d

                                                                                    SHA256

                                                                                    fd7a0097dcdb4360e99e3131665aaf1cdddb65f638323d8dcd86832ac1c65b57

                                                                                    SHA512

                                                                                    79f32a2fe5204c324bcdfd5b11b3d7423cb8961e61350ef8b1a40390212bb1f2125be11aa9a8761edb2fd4c760a39c9f18394a8bd8bc55148ff2937b4ea67bac

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                                                    Filesize

                                                                                    38KB

                                                                                    MD5

                                                                                    084a7c45c750134bc52120929e4adfa2

                                                                                    SHA1

                                                                                    7caa207a66cb97095da77cb26bc03c05e3e3e3ef

                                                                                    SHA256

                                                                                    d897e13540624694573d596496a442f317069973a8bd8f9464b2ee91406fb990

                                                                                    SHA512

                                                                                    6aac3796f0435096a86e81ef9bdcd0186ecf74d35a38dbcd9d5c08662fe707c50d015453bf7eef1cbdbade8fca2779aded56bf3a2407a5ae97fb2a6eb1092f2f

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

                                                                                    Filesize

                                                                                    19KB

                                                                                    MD5

                                                                                    46c65c348f90aa174bfc5f9dbacbc3a1

                                                                                    SHA1

                                                                                    f3f1cb408e89e48b14532730632dba27858d2676

                                                                                    SHA256

                                                                                    0b36587fac66193c3e84fc32c4edfecf3b9a8717aafea51178f5480239bfa008

                                                                                    SHA512

                                                                                    e18be3c74e039ff4297313b12abae8719e26eb852724a46f119121d008a7165e249bc17d17b3275a108e6de14b1bc443a7827589bc4fd46d616de699b8294ada

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

                                                                                    Filesize

                                                                                    22KB

                                                                                    MD5

                                                                                    17a3b62be9665b1d0e411a8d87565ecc

                                                                                    SHA1

                                                                                    be09b90a1a121126dab9689f156c51f77bee1ac9

                                                                                    SHA256

                                                                                    038deabc8e304a2d574cfd4ed4aa515f8f174f7b3f8b80b416a4354d60b4f311

                                                                                    SHA512

                                                                                    6de650c1d46b2d19c14f1b8d21c8589ee276caa2a30654436176295dccea7f619c450ff1cbd01fe94d174cb032eebffed18036fbae4e10dcb17fa228d23850fe

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\79904d0900a83e0a_0

                                                                                    Filesize

                                                                                    10KB

                                                                                    MD5

                                                                                    b1939c393246d97c909b2fec0a55b3da

                                                                                    SHA1

                                                                                    0c7f01bec122ad76fb4f959605b2b4fa13a8dd24

                                                                                    SHA256

                                                                                    79d5926d5e5c873e9e182bd85aa070990b68ec76a375f8820b432a7bc5a3f7ab

                                                                                    SHA512

                                                                                    530ff756b9fd41481f29011d309220cf6abf78f10d634e7506e6d884a390f91518313edba2bffcb00d99cc7b7fe13ba5037bb92f47bb17f45aeef9ec9d0fa9f8

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f299668f7f337ff0_0

                                                                                    Filesize

                                                                                    20KB

                                                                                    MD5

                                                                                    8495d0a3b5bfe3671baf5b7320702b68

                                                                                    SHA1

                                                                                    a69398b809a87db7cea5bfa4f7792ee5e9bd9516

                                                                                    SHA256

                                                                                    b7f9b17a917eba56b9da40cbc2164a8d5c39207673a82a7fe772bbc126639827

                                                                                    SHA512

                                                                                    627d51e75f3e660855a60ac2a19e85863ffd57e59bb10caf52791f4881cc9b0349428fc6beb0ebaf65fdb358140034e33d0235f34e59baeae322ec5e598b0f32

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f3228217b39896be_0

                                                                                    Filesize

                                                                                    57KB

                                                                                    MD5

                                                                                    ff21b732b9170c12fc34e52e152aafd3

                                                                                    SHA1

                                                                                    47e38e60669391afde31f90561cfe1da8b71739f

                                                                                    SHA256

                                                                                    b308244bdac3cb95c18d8de962a49479016c48fa357e2d51d4c9da2ecd146770

                                                                                    SHA512

                                                                                    929bf64ec6a10ac22bbbf18b0325c955a064151aa1f442bac15f0d9deb1ee22d352892b0e7be025bb42fb9055bdda643f97e14d29b366844d1317386d6f3c26d

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                    Filesize

                                                                                    2KB

                                                                                    MD5

                                                                                    f279f6b1b298e562eb9a4183037bfe50

                                                                                    SHA1

                                                                                    5d4fd6accfe0db822aaa1429855385039facbd99

                                                                                    SHA256

                                                                                    8fb308c3435fa5ecad1e07f335f8228d2bfb99253bd51b2ea190ed84fb14f253

                                                                                    SHA512

                                                                                    c5d3e6f7b102b7bf775264a925fe354d7b8ca9daa130b5e87439ebb6617780314e440cfcc400b2f32912db98270c24fd69b4e9494721260ebe5aad5671aa60fa

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                    Filesize

                                                                                    2KB

                                                                                    MD5

                                                                                    17e30a39b00093b5aeb67be507f778a2

                                                                                    SHA1

                                                                                    b43b016dce1a308103df49815bc2836095897d29

                                                                                    SHA256

                                                                                    19bbfdf986f1888c066b3b64b9eb58036b51238affe25aec9da92f6f96ca0036

                                                                                    SHA512

                                                                                    5ff8ba54b2b34959b44dad811946308bf0aebc5d142b05e5362568ead9413637d2a351485182ce30cf7f2851ade5cc7e5fa287fdf15355987f9dcbe9f7f5fcd3

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                    Filesize

                                                                                    649B

                                                                                    MD5

                                                                                    8a1277dd0a75abfd6885cb9f4f7a1a97

                                                                                    SHA1

                                                                                    7db995f8453103fc37c6ee4da7f9396aa364c242

                                                                                    SHA256

                                                                                    a59d87897b3a2b50dc012edf8c4a13d84e7ca64a205d32ceb83de9c2099e37f5

                                                                                    SHA512

                                                                                    9a9d8806b7308cfd40e8f4a39cc64cc2bc42ffee78db58adf44295fea00ff76de55af5f1e80ae82596d1c774efd1ca224febb5cabfae4e272a59b8357e244c72

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    0306bcd0daa8466e42d2adb33c4c03b2

                                                                                    SHA1

                                                                                    ab708ebf6bdc238b317e3602beff1893a5413a85

                                                                                    SHA256

                                                                                    f887efe6fdbeee5d7b0a2bf1187061218d1d23a8b69518812410e62640e13145

                                                                                    SHA512

                                                                                    5cd1fe7ac5feed6fe4f54492296e01e07eb166e065da9ed4d2a4aee0e39ec4127d51317e8f57e9f6d7735489a377cc31f8ed498d98f08aaeefeeb795c12d1a7f

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    5KB

                                                                                    MD5

                                                                                    2f60386ec960a66edad732cf6c3eee0e

                                                                                    SHA1

                                                                                    b579a17d9c3cb019de211416d375c922b6599269

                                                                                    SHA256

                                                                                    3718094746d72dec92bf60dee27e05516f58c7a8d93fc4a7326c8a474c1f616f

                                                                                    SHA512

                                                                                    d104d1b5e1155d903f78a1e4626ec0cc31eb489f99ae5b8877d5c7ccefef17e22a49d0049b11e094a68d36ee76dccfb754f717adb86d67d82ec6fdc513008a36

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    35e1bf2683b41aae43ced71bc9187d37

                                                                                    SHA1

                                                                                    d68ac97edf57adbef39d7f3c25c9a53288da38bf

                                                                                    SHA256

                                                                                    fbbd8fad3d8f77efac0042334da2f3f32eea42e929a9c077f1c0bab8cac6efb7

                                                                                    SHA512

                                                                                    83b192016dfc1f0e202182b5f9d513e6c401cee2d1bbc3aa1f29a0d73e4936c8e59cba44725ffb5ccfd64049c3cc1cc50c0ae2314e8f1143a827594aa627c051

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    5KB

                                                                                    MD5

                                                                                    49f17e38843b2139dbea6a920237efdc

                                                                                    SHA1

                                                                                    e0a1c8abc01a4136ed19cb5a38392e3fb1edec8d

                                                                                    SHA256

                                                                                    458a00c34b4e1129261a525a8149fefba7960c2037c37e52d9bc93f671994e0f

                                                                                    SHA512

                                                                                    217efbcebad25dd796a0c9dd065465fa31c0bc52bdbca8878e6eb4ba95eccf1f08cc1ae97ecb2da8c24b102558d236e0f0497263260f24a169f007c61bd85f7e

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    197beb9c97eb9622dd27e216988eadd6

                                                                                    SHA1

                                                                                    d8829d36da308e76521b4122d559b554953318da

                                                                                    SHA256

                                                                                    7d9fc44736a9970e6f8d4e0bf1ea0fffd54d0488979e80ab995d079050909bc8

                                                                                    SHA512

                                                                                    07b2d8ab0b8034777eea3731c9f2c7ba632bb6f9e00f2a2f24cb4a2a3081190ae78d69e8b8732205a12f4d3d9f23a03c282eaa191dc4dff9ea8def2992589413

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    a05a9ee1f847471da0cf386b3869078f

                                                                                    SHA1

                                                                                    62e4b88eb7336e604d6cc4201942defa9f5dc7b9

                                                                                    SHA256

                                                                                    5d4a20f86d4a190075eb97bec6c65a7732ae07f328f78512ac90d37108a8a10b

                                                                                    SHA512

                                                                                    22e78bf39b8e2fcd8a9b5376aa79ba01146322624737e948d207fb54609cd6da32d415cd411f16c0afaa7c19082265fa6fdf0dc9c30f357b1fd47d85d0ee8102

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    9459ea7df768bff9ec59705fe986fcf1

                                                                                    SHA1

                                                                                    f64428fb1ab04837e581e7420a0d76bb42a4abe4

                                                                                    SHA256

                                                                                    606e6558e276017fa8251f50b94b8c662f0537e787d24a352d4758c8d259028a

                                                                                    SHA512

                                                                                    a23fc615d8666f816e6b792a49b559589fa834044b85756f17b4a35b1f7b5ba757e626e9c11f4169b6552eff27536748dbfa8e253d4a66ed38f912afc4ff7463

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    1b89f06e499853587a2792b500588e41

                                                                                    SHA1

                                                                                    a85980f9f92e2b959916b72bad20256b6e9add60

                                                                                    SHA256

                                                                                    9beb3192f4ac38011ef42d1c08c7f537887c03dd0004e66edbc14c839ea5ca84

                                                                                    SHA512

                                                                                    7071d4ac5a1d1a148eee3e84b06a409d9b5fc034368afd1e3e1247b765d2fd2a548948f697f6887942d16d34514fc38b0fed48313b216d1f3a0cb7a8e5d0c167

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                    Filesize

                                                                                    874B

                                                                                    MD5

                                                                                    34869d1b8bb1f9c87eb2cb64a43cfc91

                                                                                    SHA1

                                                                                    f779087a5904c9ff6ab6f0f2783b22ba0157a3ca

                                                                                    SHA256

                                                                                    d2882a082567020a670ddc95ab28ea64a0cde9d57d84a5f41258873786ea3f2d

                                                                                    SHA512

                                                                                    c3428d1cb88936c5050b69cead6568424ecb66b3444556c77010e5028311fc4f4fcc2757944e4eaea420e5e06d7de3747e82bbae7204aa486ad4a8edb7e57176

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                    Filesize

                                                                                    874B

                                                                                    MD5

                                                                                    2d3f1c10cba1f8c3bf3ee67d53b026bb

                                                                                    SHA1

                                                                                    8f1c348cdedd6841ce650b6e135143bec71f7883

                                                                                    SHA256

                                                                                    5de7b50966b79695da78d0732080b735cf28d6b3c81ee2f8148a9f09d1549cb3

                                                                                    SHA512

                                                                                    0bd72362d8f56703401f440b97deafdc5707049860f2189f40342d97cec96b1983869e551ed71a35d90c71b70c0719453ed610fdb51c5e4c7db3dd751b693c92

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                    Filesize

                                                                                    874B

                                                                                    MD5

                                                                                    eb05c433e3ad41ae3a1cf5999c7b9e80

                                                                                    SHA1

                                                                                    a89f318aec16b950381f05d6e53331067b399a89

                                                                                    SHA256

                                                                                    cad81cd2840074dd5961e9d8d7fc04cb10ef0468c373f4398f5f648f4355720c

                                                                                    SHA512

                                                                                    1562e2b31231a864291a602805898046c62ac9f526477ca8302851b50c1addde84e21df8f3966f028b29d05df5e022099041dc4ad0aa91101c230369c2c6be20

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bcd30.TMP

                                                                                    Filesize

                                                                                    706B

                                                                                    MD5

                                                                                    a1902faf5a176d6e8057460c17f7e835

                                                                                    SHA1

                                                                                    3b2546c7aec8ef5aa549e572873045bdc5c0e33d

                                                                                    SHA256

                                                                                    daa78e7ac0ee93c06fd834995912b11f9ddbacd521e4c5221b62c7e82663dd4f

                                                                                    SHA512

                                                                                    36e5c1297186ce5f6ee309992af7875b23fdc96412481a55101d9de999e54df954f47064ea3b2297e85254cc1639b2b12695ff1d65de8cf875a024ca980f6386

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                    Filesize

                                                                                    16B

                                                                                    MD5

                                                                                    46295cac801e5d4857d09837238a6394

                                                                                    SHA1

                                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                    SHA256

                                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                    SHA512

                                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                    Filesize

                                                                                    16B

                                                                                    MD5

                                                                                    206702161f94c5cd39fadd03f4014d98

                                                                                    SHA1

                                                                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                    SHA256

                                                                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                    SHA512

                                                                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    ba35f5e6399e48b7ab4c512dc76d3241

                                                                                    SHA1

                                                                                    6209bca509c613de78805bb7006bc9a18e6f5998

                                                                                    SHA256

                                                                                    a157a16794d0071972029c4f0d96a9431532a6c754422afae30d169123694412

                                                                                    SHA512

                                                                                    ee21af545522fe870034b709580947454c5913ea08dfc3de4bbabe65fcfbaa0e14451ef3308937942f9099a8cb8c49bd946e8f918ef0d54f0a86ccad7eadf76c

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    456053aa23ca115ffd3fd092e9479ad9

                                                                                    SHA1

                                                                                    a6bcc38959e16ba89207c3e3cd72a0ebcff1fcd7

                                                                                    SHA256

                                                                                    b50087f870ef973af6f736c83be9c0da4f5b1019ac52a53bfd12089feed97154

                                                                                    SHA512

                                                                                    266758316ea92e93100d81b85e2b594ebf562ddc347eae05f74be71722c21869fe0ab7660907a02153c2a51749b9c9af2e6f393fe71526a528af34e53260a223

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    a27b31cdd95fb6acd455800502c50d7f

                                                                                    SHA1

                                                                                    cdabace314d335ae762ca0d3e6726751662515b9

                                                                                    SHA256

                                                                                    a98ee8a86704bf4c2affbf0da534bb9229755625841712679b84c7e93d74d354

                                                                                    SHA512

                                                                                    1f46a6190e4ec7f62720c2edb79ff38f7f63a17b8f4f55ec7230d8badd0b51920619f6407a247684377136709a4710911dbccdc85a17f164c00728457ff6e3ab

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                    Filesize

                                                                                    10KB

                                                                                    MD5

                                                                                    56ff35ba3f2d32e1a9d35a892db04e9e

                                                                                    SHA1

                                                                                    5f9601a3486182d7b05c5d95bb6e8c243cada385

                                                                                    SHA256

                                                                                    4d384a1551fb1db4f5274868c9ffae09924e13bede161e0b05e5af7e63a7355c

                                                                                    SHA512

                                                                                    7ff11f79016e3c818bc508788e226568de49543d2eb05ae7ce2ac15bf9b4078f24b0a7786e49ae77739d7152928d4f37c587aa0ab9a22f7b83713994698a80ff

                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                    Filesize

                                                                                    10KB

                                                                                    MD5

                                                                                    19791bb3ddb91c6d35aba9442dd4109a

                                                                                    SHA1

                                                                                    9f167af95fa17348d7ae150df15e2e21764afcc5

                                                                                    SHA256

                                                                                    2264847d204c4cf4890863c55572850be3ab0c9a7db3c80c8a268b2abcd30209

                                                                                    SHA512

                                                                                    51530a64124ffee09d2ac43d5fc7800f1907c5a5a5092f0d9f4f299318bffe2098bd194c5f33d3a8881e1c25c3cdf7ca61e328e2d1baf29878105ddadd19319f

                                                                                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\activity-stream.discovery_stream.json

                                                                                    Filesize

                                                                                    19KB

                                                                                    MD5

                                                                                    90131dd5b76dbf8494044ee174ca2108

                                                                                    SHA1

                                                                                    73a933a929fd35f5cf3ac7425d1bba143ccbd153

                                                                                    SHA256

                                                                                    12d440326e7b3adadc51b7fa54fb3b808082ce22931031ee3e6e274a4e432a73

                                                                                    SHA512

                                                                                    6de14fc2f4e32ca6ecfa46d6d3d9b503035426d3af7b6fbb1f74df5fdbef76f6b45306113376a4f8b50b088af27906b9352ea859581f1fc9b311114d8da81b60

                                                                                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                                                    Filesize

                                                                                    479KB

                                                                                    MD5

                                                                                    09372174e83dbbf696ee732fd2e875bb

                                                                                    SHA1

                                                                                    ba360186ba650a769f9303f48b7200fb5eaccee1

                                                                                    SHA256

                                                                                    c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                                                                    SHA512

                                                                                    b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                                                                  • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                                                    Filesize

                                                                                    13.8MB

                                                                                    MD5

                                                                                    0a8747a2ac9ac08ae9508f36c6d75692

                                                                                    SHA1

                                                                                    b287a96fd6cc12433adb42193dfe06111c38eaf0

                                                                                    SHA256

                                                                                    32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                                                                    SHA512

                                                                                    59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                                                                  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4DCB4SHXUOSOAN2JOZO3.temp

                                                                                    Filesize

                                                                                    7KB

                                                                                    MD5

                                                                                    5fcc5111b4480fc62c459a4cfa3d7cb8

                                                                                    SHA1

                                                                                    b987894b7d252f28ec836697d3de9e3014307563

                                                                                    SHA256

                                                                                    62d194637e4dd6f3ef32196bf5066d2e6dce7d533f3d9f99845379a62d6f3b28

                                                                                    SHA512

                                                                                    842f88d820173e44a28159b7a16885fbe1bcc7cb529175d3fcfbf8c51e9b8a97eab1b9435be9be87f42846b5e4c8ea4e73ebe08769aed96dbf80228fd8c20764

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    f02b06929ac5a56adc6bd0d779937de4

                                                                                    SHA1

                                                                                    8fca3f85efd3e60a53c9b545f2c9ef6345607bca

                                                                                    SHA256

                                                                                    f17078e122bcb5e66d5760c331d2bf0d6879825e204a4c23776fee3c3da3c944

                                                                                    SHA512

                                                                                    27b40c5b689d4b8d29b59a61f2d8cbb9e51d5dadfa43a32d0f46eef9faa03fd490d2f2522b107d2f8f9fb4089df614decf73ab4e864a8cabe5bea8dbb14240ca

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    6ec5e4f464d129f213b0c5ad308c897e

                                                                                    SHA1

                                                                                    af81af64c26facb0523be660c48e5f892455303f

                                                                                    SHA256

                                                                                    0ae2c05e76819182e9bec78b62cc6c1b081743e4f35b4f871e44e95e52daebe4

                                                                                    SHA512

                                                                                    40ae3d7a2b38eb39d6d2ede97505175b663a6f5757676ea859e9b0c3a4520f9d99b768046140ae2622f84cae41aee916169ece6073422a29880a21479fafd058

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\AlternateServices.bin

                                                                                    Filesize

                                                                                    8KB

                                                                                    MD5

                                                                                    a1a1107b985476501289d61804eef11a

                                                                                    SHA1

                                                                                    a35a7c692fbca618f0f469a79f4dc4df404052a3

                                                                                    SHA256

                                                                                    73475da721b296a3fe31bae7728582a54c37c1a7923b30fa326510d29c849ebe

                                                                                    SHA512

                                                                                    b0855a5a405ce002b75a65a98231d28eec706c91a760b4a569764adb55765744e5141e2b749282dad8aa8711fa0118f0ad3350fa8b09a73ce923cf116f46e85c

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

                                                                                    Filesize

                                                                                    5KB

                                                                                    MD5

                                                                                    adfa57e6de27b062e95c7e97a0257eaa

                                                                                    SHA1

                                                                                    003691610af59c9736732682052fcd5e43d800aa

                                                                                    SHA256

                                                                                    41406ab281cc74f3e9a0601b649432406c1e406c0953c36f5a2adcd596c1907b

                                                                                    SHA512

                                                                                    4e157968d005a2aa8c05ffaf6dd4b0f0fc181bc1fef9b4c6f87d09c589fe05812c4c5d36a0229b81a8976d795c4d3936b04a389f9c67ed8aa5563c3cd2af8362

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    c7faaae94c3ad070b644554c33b68aaf

                                                                                    SHA1

                                                                                    ba2c3a082c8490197f9d84aa6212ae9f80e9503b

                                                                                    SHA256

                                                                                    3f61fe26eb76012fb4ff1b31936d7fb883b2c69136b6a6f4b5d4bc14c0f755a2

                                                                                    SHA512

                                                                                    1c28dc454ab3c234818301d6c559b28cfb76bf7652bd38c0421080abd8fd7661c04b9b504787333dc30b9c2975ddbe44329f90a2e4db6f55a4243d74035858a3

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\db\data.safe.tmp

                                                                                    Filesize

                                                                                    6KB

                                                                                    MD5

                                                                                    590945ad2bb545bbafe090017af599f5

                                                                                    SHA1

                                                                                    122dd23734a78595d99a8d38d238cb7bb67574e3

                                                                                    SHA256

                                                                                    30fb6bee860cf1dcd43f04ab2cc90b31d65d5427ee0c2cd8ac8e9d84227fba76

                                                                                    SHA512

                                                                                    5cd3ec58b40fe160039aaaf75b26d597f647be9c2ceb84d7c16f423b801e777c7722a79d4a85f1d0ac6b6b6233e1c9760abe912c678dd5fc6ab219c914929d93

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\0e01d9ff-4a14-45ed-bf59-632532de59b3

                                                                                    Filesize

                                                                                    671B

                                                                                    MD5

                                                                                    f69c285f481f83a6efd372612509f4fd

                                                                                    SHA1

                                                                                    ac65d6b89e5de0efdf330620751ba4769278e73a

                                                                                    SHA256

                                                                                    05e7b2ab2b5f813c5667b16581a3e5f82b9c70c0cf651cff01c17394925caae4

                                                                                    SHA512

                                                                                    a1931ae40c6c459ee4ac7d0e4bfd461d9e0e74b90ecbffc3e3d09e0bd654aa08bcb99976ec60ea4d735fef9bd0f0926227c763d4c03042feb03e61f6d47e36dd

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\44bbea4f-422c-4d03-b58a-87d04deff60a

                                                                                    Filesize

                                                                                    982B

                                                                                    MD5

                                                                                    652233cbd4dc0443aac8738c1d363836

                                                                                    SHA1

                                                                                    88d275f3df5a85dbd098442e11bc2246df2eac2a

                                                                                    SHA256

                                                                                    3e1cb7c146d92ad88f68d0a5df8e39601daa6a2a3fa0af3cceecf4c662bd821d

                                                                                    SHA512

                                                                                    ba1a9b9b87e1ff884fee646369a9924de3d95baa2fa43b596870d0a16a5b317e32bf5ccce358014c6a3cb42baa623a20298b138e7cd3b65d7681af230d7f035e

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\datareporting\glean\pending_pings\c3fb2572-79b1-4950-b961-3c01b30e12d9

                                                                                    Filesize

                                                                                    25KB

                                                                                    MD5

                                                                                    867e60544d0bf3706672770f2ce8486a

                                                                                    SHA1

                                                                                    9d093600c5ebd30cca55652d3bbbf3eb750ecc99

                                                                                    SHA256

                                                                                    025df9718f6aa8802e01173727dd0c98e0fb64910952eaca8be4a300be23c8db

                                                                                    SHA512

                                                                                    a9887aebbfcd13cc59c003f8fe9c10e68f26391b6efd9d76734f678fb17f83575a015f42753857438d6a2af614888839415afefbe545e0238f1e0b5bf45da3b5

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                                                                    Filesize

                                                                                    1.1MB

                                                                                    MD5

                                                                                    842039753bf41fa5e11b3a1383061a87

                                                                                    SHA1

                                                                                    3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                                                                    SHA256

                                                                                    d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                                                                    SHA512

                                                                                    d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                                                                    Filesize

                                                                                    116B

                                                                                    MD5

                                                                                    2a461e9eb87fd1955cea740a3444ee7a

                                                                                    SHA1

                                                                                    b10755914c713f5a4677494dbe8a686ed458c3c5

                                                                                    SHA256

                                                                                    4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                                                                    SHA512

                                                                                    34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                                                                    Filesize

                                                                                    372B

                                                                                    MD5

                                                                                    bf957ad58b55f64219ab3f793e374316

                                                                                    SHA1

                                                                                    a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                                                                    SHA256

                                                                                    bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                                                                    SHA512

                                                                                    79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                                                                    Filesize

                                                                                    17.8MB

                                                                                    MD5

                                                                                    daf7ef3acccab478aaa7d6dc1c60f865

                                                                                    SHA1

                                                                                    f8246162b97ce4a945feced27b6ea114366ff2ad

                                                                                    SHA256

                                                                                    bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                                                                    SHA512

                                                                                    5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs-1.js

                                                                                    Filesize

                                                                                    11KB

                                                                                    MD5

                                                                                    bfff1fcb5c7ec22dea8515042449a5b7

                                                                                    SHA1

                                                                                    2c6205317a6b30a2ead3e0a7582209d76d2449e8

                                                                                    SHA256

                                                                                    aec27c9dd4cc0e961217ec42baa1e0ce361b8a35018360ea1b65fec371d1aafc

                                                                                    SHA512

                                                                                    0e0b2c67ed55c510e505e4b204a110b7ab57b296268ecadbae6920977387ff3383812541a102bebe02f32d9df052b4ce3ad53a7bca5ae7de13c0968920b8e973

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\prefs.js

                                                                                    Filesize

                                                                                    10KB

                                                                                    MD5

                                                                                    78402a03f6e0a7f00284ecf895ba5bbd

                                                                                    SHA1

                                                                                    d4dcd6c9e74faaa675c2c7d4ad3d4d7b154abbea

                                                                                    SHA256

                                                                                    2887646df91f56d6b114a5ccf0591a3a326c29a3e93b0a631856b56d11032cbc

                                                                                    SHA512

                                                                                    552438ec89fbad3396147aa416252e9bd5945b6b80a5e3bbf38d4a2175a2a4666f36afcb2054422e0a577fb0093192d160879c276004609d82a2a1b0c5dc75e6

                                                                                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ohbz3gv9.default-release\sessionstore-backups\recovery.baklz4

                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    1e1934db26eeb14c19ebb54dc4331727

                                                                                    SHA1

                                                                                    f0470884997b377de69526ccfb284f3f56539691

                                                                                    SHA256

                                                                                    af57bd768e8828da3929191576cce810f174b63157bfe97ec912c5cae989ad7d

                                                                                    SHA512

                                                                                    4367cd772f7c8f621e3d30104bb9845ef168475c0e9d4b3b53f109ad42af2c7667620483ee5ef7be03990fe77febf426c4ea33517aaf323ff18e5db571a1c0a4

                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 194848.crdownload

                                                                                    Filesize

                                                                                    1KB

                                                                                    MD5

                                                                                    79458fa61b7e5a1d43260d43f1cf6bfd

                                                                                    SHA1

                                                                                    ce6311f4d199ebcaac0d6caba34cded115b04461

                                                                                    SHA256

                                                                                    91d9ddc3ca1de34c47304c6e5490ffcbb8253ab32ba4a1c0c4784bfeed326b50

                                                                                    SHA512

                                                                                    a7d5217aa589d32efb627345005897fd5cc22d80d8953138b79e6c03f7aea683e031b0e24ca160910149720e51a02ee30a9efdb66ac14f6d6870dfeefcfcbf2a

                                                                                  • C:\Users\Admin\Downloads\Unconfirmed 606051.crdownload

                                                                                    Filesize

                                                                                    34B

                                                                                    MD5

                                                                                    29e02aa5d8ad5248c24f2ca22632e911

                                                                                    SHA1

                                                                                    2fc3f7b5e390e858d3f633c49656ad91abce2f42

                                                                                    SHA256

                                                                                    7165fb9ffb5e283af11952690b8b74956027723103d49690b0df27b317bc824e

                                                                                    SHA512

                                                                                    4e13f787209d203b1ca81dc1493802eedfafa8c4f26cbf9060d9ab366bccb485b7a54b37d5d6ee9b5a68d3492806f9fe4f9fee7b65680fe237b40e8667afcae8

                                                                                  • C:\Users\Admin\Downloads\delete.bat:Zone.Identifier

                                                                                    Filesize

                                                                                    55B

                                                                                    MD5

                                                                                    0f98a5550abe0fb880568b1480c96a1c

                                                                                    SHA1

                                                                                    d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                                    SHA256

                                                                                    2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                                    SHA512

                                                                                    dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                                  • C:\Users\Admin\Downloads\delsys32.bat

                                                                                    Filesize

                                                                                    33B

                                                                                    MD5

                                                                                    fae862d57f8907e997642377fe7156fa

                                                                                    SHA1

                                                                                    9cbd0dfe12003f1fba088f88e86cee7083be0b15

                                                                                    SHA256

                                                                                    8d217d80b841b6c28a3bfc7ffbbb3b85e336f7ef71e79c5c41175eaf172ba839

                                                                                    SHA512

                                                                                    6641bbd7fae441831f8efcf4d721e4d444c4ab640110d1bf68180b4b9c689ce4f5809cc299a4f7742f7451a33598bdc80113abc81182f682a269b42bc47e0fe4

                                                                                  • C:\Users\Admin\Downloads\delsys32.bat

                                                                                    Filesize

                                                                                    42B

                                                                                    MD5

                                                                                    fff79d7820e583ae0f34a18833ef999c

                                                                                    SHA1

                                                                                    0b69a6741f9bc5d42014f260a1ce2aa3571be3ac

                                                                                    SHA256

                                                                                    a8453086caaa2c8873cec23fa224f6a7aaa8af425b8bbf1a2dd629ed27084da9

                                                                                    SHA512

                                                                                    29014498a595a2ee7292d547211704d3054688b163bf448ebad8780e18f755bbb3080927bd02787ae726f1b7f61e8c99eb26aeccb093f732dfbdd074ef8c35e1

                                                                                  • \??\pipe\LOCAL\crashpad_4184_IHYPEVBZHFWQDXXV

                                                                                    MD5

                                                                                    d41d8cd98f00b204e9800998ecf8427e

                                                                                    SHA1

                                                                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                    SHA256

                                                                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                    SHA512

                                                                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                  • memory/1732-1358-0x00007FF9016A0000-0x00007FF90178A000-memory.dmp

                                                                                    Filesize

                                                                                    936KB

                                                                                  • memory/1732-1351-0x00007FF901BE0000-0x00007FF901C9D000-memory.dmp

                                                                                    Filesize

                                                                                    756KB

                                                                                  • memory/1732-1355-0x00007FF900F30000-0x00007FF9012A8000-memory.dmp

                                                                                    Filesize

                                                                                    3.5MB

                                                                                  • memory/1732-1360-0x00007FF901CA0000-0x00007FF901D43000-memory.dmp

                                                                                    Filesize

                                                                                    652KB

                                                                                  • memory/1732-1352-0x00007FF900590000-0x00007FF900904000-memory.dmp

                                                                                    Filesize

                                                                                    3.5MB

                                                                                  • memory/1732-1356-0x00007FF901500000-0x00007FF901620000-memory.dmp

                                                                                    Filesize

                                                                                    1.1MB

                                                                                  • memory/1732-1357-0x00007FF901420000-0x00007FF9014F6000-memory.dmp

                                                                                    Filesize

                                                                                    856KB

                                                                                  • memory/1732-1354-0x00007FF900A20000-0x00007FF900B31000-memory.dmp

                                                                                    Filesize

                                                                                    1.1MB

                                                                                  • memory/1732-1365-0x00007FF901320000-0x00007FF901349000-memory.dmp

                                                                                    Filesize

                                                                                    164KB

                                                                                  • memory/1732-1350-0x00007FF902FE0000-0x00007FF9031E9000-memory.dmp

                                                                                    Filesize

                                                                                    2.0MB

                                                                                  • memory/1732-1353-0x00007FF900910000-0x00007FF9009AD000-memory.dmp

                                                                                    Filesize

                                                                                    628KB

                                                                                  • memory/1732-1362-0x00007FF902E40000-0x00007FF902E9D000-memory.dmp

                                                                                    Filesize

                                                                                    372KB

                                                                                  • memory/1732-1361-0x00007FF901790000-0x00007FF90182E000-memory.dmp

                                                                                    Filesize

                                                                                    632KB

                                                                                  • memory/1732-1367-0x00007FF902240000-0x00007FF9029EE000-memory.dmp

                                                                                    Filesize

                                                                                    7.7MB

                                                                                  • memory/1732-1364-0x00007FF900E50000-0x00007FF900E76000-memory.dmp

                                                                                    Filesize

                                                                                    152KB

                                                                                  • memory/1732-1363-0x00007FF9029F0000-0x00007FF902B9C000-memory.dmp

                                                                                    Filesize

                                                                                    1.7MB

                                                                                  • memory/1732-1366-0x00007FF900D30000-0x00007FF900E42000-memory.dmp

                                                                                    Filesize

                                                                                    1.1MB

                                                                                  • memory/1732-1359-0x00007FF901B30000-0x00007FF901BDE000-memory.dmp

                                                                                    Filesize

                                                                                    696KB

                                                                                  • memory/3416-1308-0x00007FF902FE0000-0x00007FF9031E9000-memory.dmp

                                                                                    Filesize

                                                                                    2.0MB

                                                                                  • memory/3416-1307-0x00007FF70C500000-0x00007FF70C56C000-memory.dmp

                                                                                    Filesize

                                                                                    432KB

                                                                                  • memory/3416-1296-0x00007FF70C500000-0x00007FF70C56C000-memory.dmp

                                                                                    Filesize

                                                                                    432KB

                                                                                  • memory/3416-1318-0x00007FF70C500000-0x00007FF70C56C000-memory.dmp

                                                                                    Filesize

                                                                                    432KB

                                                                                  • memory/3416-1319-0x00007FF902FE0000-0x00007FF9031E9000-memory.dmp

                                                                                    Filesize

                                                                                    2.0MB

                                                                                  • memory/3416-1322-0x00007FF901CA0000-0x00007FF901D43000-memory.dmp

                                                                                    Filesize

                                                                                    652KB

                                                                                  • memory/3416-1324-0x00007FF900A20000-0x00007FF900B31000-memory.dmp

                                                                                    Filesize

                                                                                    1.1MB

                                                                                  • memory/3416-1323-0x00007FF900F30000-0x00007FF9012A8000-memory.dmp

                                                                                    Filesize

                                                                                    3.5MB

                                                                                  • memory/3416-1326-0x00007FF8F3980000-0x00007FF8F3991000-memory.dmp

                                                                                    Filesize

                                                                                    68KB

                                                                                  • memory/3416-1328-0x00007FF901790000-0x00007FF90182E000-memory.dmp

                                                                                    Filesize

                                                                                    632KB

                                                                                  • memory/3416-1321-0x00007FF900590000-0x00007FF900904000-memory.dmp

                                                                                    Filesize

                                                                                    3.5MB

                                                                                  • memory/3416-1297-0x00007FF902FE0000-0x00007FF9031E9000-memory.dmp

                                                                                    Filesize

                                                                                    2.0MB

                                                                                  • memory/3416-1298-0x00007FF901BE0000-0x00007FF901C9D000-memory.dmp

                                                                                    Filesize

                                                                                    756KB

                                                                                  • memory/3416-1311-0x00007FF901CA0000-0x00007FF901D43000-memory.dmp

                                                                                    Filesize

                                                                                    652KB

                                                                                  • memory/3416-1299-0x00007FF900590000-0x00007FF900904000-memory.dmp

                                                                                    Filesize

                                                                                    3.5MB

                                                                                  • memory/3416-1302-0x00007FF900A20000-0x00007FF900B31000-memory.dmp

                                                                                    Filesize

                                                                                    1.1MB

                                                                                  • memory/3416-1303-0x00007FF901500000-0x00007FF901620000-memory.dmp

                                                                                    Filesize

                                                                                    1.1MB

                                                                                  • memory/3416-1305-0x00007FF901B30000-0x00007FF901BDE000-memory.dmp

                                                                                    Filesize

                                                                                    696KB

                                                                                  • memory/3416-1306-0x00007FF901790000-0x00007FF90182E000-memory.dmp

                                                                                    Filesize

                                                                                    632KB

                                                                                  • memory/3416-1301-0x00007FF900F30000-0x00007FF9012A8000-memory.dmp

                                                                                    Filesize

                                                                                    3.5MB

                                                                                  • memory/3416-1304-0x00007FF8F3980000-0x00007FF8F3991000-memory.dmp

                                                                                    Filesize

                                                                                    68KB

                                                                                  • memory/3416-1300-0x00007FF901CA0000-0x00007FF901D43000-memory.dmp

                                                                                    Filesize

                                                                                    652KB