asyncrat | cd6b375afc5bc9712d70713c229efe8d51084675ca7e06d77c673cff01b6c69a

Analysis

max time kernel
759s
max time network
769s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
16-11-2024 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

juepta.exe
Size

45KB
MD5

f5f5c83965ddca843cc1aaf6e8a708b9
SHA1

491eddac26eeb7d9ea491cbf16ba241fcbd60ba8
SHA256

cd6b375afc5bc9712d70713c229efe8d51084675ca7e06d77c673cff01b6c69a
SHA512

f1243de2f0b7ce3f559e090ebf441143ac3642114b753d27bb0d9648d07c67480ddebe9ac458c302b8c90a94ae48a4869e5f90141444de5ec444ac9ec8eab12b
SSDEEP

768:9u50dTtQpVBTWU/fShmo2qgQZo3TMtPIQWjbBgX3i512BZuGdit3iqCBDZXx:9u50dTt0y28U3QabuXS512BZuGQ2dXx

Score

10^/10

asyncrat default discovery phishing rat spyware stealer

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808

127.0.0.1:4782

127.0.0.1:3425

Cristopher11sa-62565.portmap.host:6606

Cristopher11sa-62565.portmap.host:7707

Cristopher11sa-62565.portmap.host:8808

Cristopher11sa-62565.portmap.host:4782

Cristopher11sa-62565.portmap.host:3425

190.104.116.8:6606

190.104.116.8:7707

190.104.116.8:8808

190.104.116.8:4782

190.104.116.8:3425

azxq0ap.localto.net:6606

azxq0ap.localto.net:7707

azxq0ap.localto.net:8808

azxq0ap.localto.net:4782

azxq0ap.localto.net:3425

Mutex

E2qgtjRHaRSi

Attributes

delay
3
install
false
install_file
Java updater.exe
install_folder
%AppData%

aes.plain

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
A potential corporate email address has been identified in the URL: [email protected]
phishing
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\2a74938e-8228-476e-858a-51fd0fc67bdc.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241116225953.pma	setup.exe

Drops file in Windows directory 2 IoCs

Processes:

chrome.exemspaint.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

cvtres.execvtres.exejuepta.execvtres.execsc.exewhoami.execvtres.execsc.execvtres.execsc.execsc.execsc.execsc.execvtres.execmd.execsc.execvtres.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	juepta.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	whoami.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	csc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cvtres.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exechrome.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133762716672482690"	chrome.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

Processes:

juepta.exe

pid process

3980 juepta.exe
3980 juepta.exe
3980 juepta.exe

pid	process
3980	juepta.exe
3980	juepta.exe
3980	juepta.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exechrome.exemspaint.exejuepta.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1088	msedge.exe
1088	msedge.exe
3920	msedge.exe
3920	msedge.exe
1900	msedge.exe
1900	msedge.exe
4772	identity_helper.exe
4772	identity_helper.exe
1968	msedge.exe
1968	msedge.exe
1992	msedge.exe
1992	msedge.exe
3328	msedge.exe
3328	msedge.exe
5528	msedge.exe
5528	msedge.exe
5900	msedge.exe
5900	msedge.exe
5644	msedge.exe
5644	msedge.exe
7924	identity_helper.exe
7924	identity_helper.exe
3544	chrome.exe
3544	chrome.exe
5176	mspaint.exe
5176	mspaint.exe
3980	juepta.exe
3980	juepta.exe
3980	juepta.exe
3980	juepta.exe
2096	msedge.exe
2096	msedge.exe
6268	msedge.exe
6268	msedge.exe
3988	msedge.exe
3988	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

juepta.exe

pid process

3980 juepta.exe

pid	process
3980	juepta.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

Processes:

msedge.exemsedge.exechrome.exemsedge.exemsedge.exe

pid	process
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3328	msedge.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
6268	msedge.exe
6268	msedge.exe
6268	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

juepta.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	3980	juepta.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe
Token: SeCreatePagefilePrivilege	3544	chrome.exe
Token: SeShutdownPrivilege	3544	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

msedge.exemsedge.exechrome.exemsedge.exemsedge.exe

pid	process
1900	msedge.exe
1900	msedge.exe
3328	msedge.exe
3328	msedge.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
6268	msedge.exe
6268	msedge.exe
4864	msedge.exe
4864	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe
3544	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

juepta.exemspaint.exe

pid process

3980 juepta.exe
3980 juepta.exe
3980 juepta.exe
5176 mspaint.exe
5176 mspaint.exe
5176 mspaint.exe
5176 mspaint.exe

pid	process
3980	juepta.exe
3980	juepta.exe
3980	juepta.exe
5176	mspaint.exe
5176	mspaint.exe
5176	mspaint.exe
5176	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

juepta.execsc.execsc.exemsedge.exemsedge.exe

description	pid	process	target process
PID 3980 wrote to memory of 4200	3980	juepta.exe	csc.exe
PID 3980 wrote to memory of 4200	3980	juepta.exe	csc.exe
PID 3980 wrote to memory of 4200	3980	juepta.exe	csc.exe
PID 4200 wrote to memory of 3468	4200	csc.exe	cvtres.exe
PID 4200 wrote to memory of 3468	4200	csc.exe	cvtres.exe
PID 4200 wrote to memory of 3468	4200	csc.exe	cvtres.exe
PID 3980 wrote to memory of 2252	3980	juepta.exe	csc.exe
PID 3980 wrote to memory of 2252	3980	juepta.exe	csc.exe
PID 3980 wrote to memory of 2252	3980	juepta.exe	csc.exe
PID 2252 wrote to memory of 4128	2252	csc.exe	cvtres.exe
PID 2252 wrote to memory of 4128	2252	csc.exe	cvtres.exe
PID 2252 wrote to memory of 4128	2252	csc.exe	cvtres.exe
PID 3980 wrote to memory of 1900	3980	juepta.exe	msedge.exe
PID 3980 wrote to memory of 1900	3980	juepta.exe	msedge.exe
PID 1900 wrote to memory of 2816	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 2816	1900	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4388	3980	juepta.exe	msedge.exe
PID 3980 wrote to memory of 4388	3980	juepta.exe	msedge.exe
PID 4388 wrote to memory of 3132	4388	msedge.exe	msedge.exe
PID 4388 wrote to memory of 3132	4388	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 436	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1088	1900	msedge.exe	msedge.exe
PID 1900 wrote to memory of 1088	1900	msedge.exe	msedge.exe
PID 4388 wrote to memory of 856	4388	msedge.exe	msedge.exe
PID 4388 wrote to memory of 856	4388	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\juepta.exe
"C:\Users\Admin\AppData\Local\Temp\juepta.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3980
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\f4d0lqqj\f4d0lqqj.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4200
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4E12.tmp" "c:\Users\Admin\AppData\Local\Temp\f4d0lqqj\CSCDBC43F83A24540899065537D2A587AD.TMP"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3468
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ava24lot\ava24lot.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2252
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFD9B.tmp" "c:\Users\Admin\AppData\Local\Temp\ava24lot\CSCDAB91B592D8F4A2298D361388DB9A4D.TMP"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.example.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:2816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,12616516407012792364,12938419879755391400,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
    3⤵
    PID:436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,12616516407012792364,12938419879755391400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,12616516407012792364,12938419879755391400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
    3⤵
    PID:4136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12616516407012792364,12938419879755391400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:2312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12616516407012792364,12938419879755391400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
    3⤵
    PID:4480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12616516407012792364,12938419879755391400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
    3⤵
    PID:1200
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,12616516407012792364,12938419879755391400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
    3⤵
    PID:1776
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:3080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x228,0x254,0x7ff75b635460,0x7ff75b635470,0x7ff75b635480
      4⤵
      PID:1064
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,12616516407012792364,12938419879755391400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.example.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:3132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,13610424637941803555,96680702443645698,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
    3⤵
    PID:856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,13610424637941803555,96680702443645698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3920
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\bb4cl3ei\bb4cl3ei.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:828
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5149.tmp" "c:\Users\Admin\AppData\Local\Temp\bb4cl3ei\CSCFE823CCADAF42DAB97486C51B34119.TMP"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:3328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
    3⤵
    PID:2856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
    3⤵
    PID:3680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
    3⤵
    PID:868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
    3⤵
    PID:3744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
    3⤵
    PID:5472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
    3⤵
    PID:5796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
    3⤵
    PID:5960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
    3⤵
    PID:5512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
    3⤵
    PID:6016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
    3⤵
    PID:5204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
    3⤵
    PID:6224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
    3⤵
    PID:6404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
    3⤵
    PID:6556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
    3⤵
    PID:6716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
    3⤵
    PID:6884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
    3⤵
    PID:7080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
    3⤵
    PID:6220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
    3⤵
    PID:7092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
    3⤵
    PID:7200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
    3⤵
    PID:7376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
    3⤵
    PID:7552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1
    3⤵
    PID:7708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
    3⤵
    PID:7876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
    3⤵
    PID:8056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8364 /prefetch:1
    3⤵
    PID:7252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8564 /prefetch:1
    3⤵
    PID:7888
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7060 /prefetch:8
    3⤵
    PID:5404
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11464385863960387586,4179652114507231325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7060 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:7924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:4220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7884856171250210614,14785067703886896003,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
    3⤵
    PID:3096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7884856171250210614,14785067703886896003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:1720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,9308112426975583425,5983434574790703977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:3920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:1708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7732441897282608276,13744409679036272975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:3952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1428,8740410430880132178,8459153319485760121,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:2560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:5884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:5812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:5820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:6248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:6328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:6384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x114,0x150,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:6432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:6576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:6588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:6736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:6756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:6904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:6960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:7048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:7072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:6372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x84,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:6388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:6200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:6336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:7224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:7240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:7400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:7416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:7568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:7588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:7728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:7756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:7900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:7984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:8076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:8088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/
  2⤵
  PID:6236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:7208
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\rm2yhqqc\rm2yhqqc.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7088
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7C42.tmp" "c:\Users\Admin\AppData\Local\Temp\rm2yhqqc\CSC43768E0970A34E19994FF96A3E5759C9.TMP"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3908
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\x2pzk2ov\x2pzk2ov.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6284
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9A1B.tmp" "c:\Users\Admin\AppData\Local\Temp\x2pzk2ov\CSC4AF3A17081DB409C84D521EB5D8F926.TMP"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5152
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\00vc05vn\00vc05vn.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5748
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCA00.tmp" "c:\Users\Admin\AppData\Local\Temp\00vc05vn\CSCB0C44A2E55014EB5A44FCECCB83AF4A2.TMP"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6140
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\40i31dmr\40i31dmr.cmdline"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1196
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCDA5.tmp" "c:\Users\Admin\AppData\Local\Temp\40i31dmr\CSC2473616860F84C16A1751CE3A499F7C9.TMP"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6392
- C:\Windows\SysWOW64\cmd.exe
  "cmd"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4512
- - C:\Windows\SysWOW64\whoami.exe
    whoami
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.womenass.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:6268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:7844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,17601594177141856102,5936680895407849332,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
    3⤵
    PID:6748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,17601594177141856102,5936680895407849332,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,17601594177141856102,5936680895407849332,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
    3⤵
    PID:5296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17601594177141856102,5936680895407849332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:5248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17601594177141856102,5936680895407849332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
    3⤵
    PID:6652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17601594177141856102,5936680895407849332,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
    3⤵
    PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.seevagina.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:4864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc0b946f8,0x7ffbc0b94708,0x7ffbc0b94718
    3⤵
    PID:3152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,8982477015729556526,8977146356255627328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
    3⤵
    PID:1296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,8982477015729556526,8977146356255627328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,8982477015729556526,8977146356255627328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
    3⤵
    PID:4328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8982477015729556526,8977146356255627328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8982477015729556526,8977146356255627328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
    3⤵
    PID:7924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8982477015729556526,8977146356255627328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
    3⤵
    PID:4664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,8982477015729556526,8977146356255627328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
    3⤵
    PID:2768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffbb8dfcc40,0x7ffbb8dfcc4c,0x7ffbb8dfcc58
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2108,i,13056490622678608890,1077928476594379289,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:5916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1872,i,13056490622678608890,1077928476594379289,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  PID:5576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,13056490622678608890,1077928476594379289,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,13056490622678608890,1077928476594379289,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3176,i,13056490622678608890,1077928476594379289,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3728,i,13056490622678608890,1077928476594379289,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4432,i,13056490622678608890,1077928476594379289,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4956,i,13056490622678608890,1077928476594379289,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4996 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3448,i,13056490622678608890,1077928476594379289,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:8036

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3036

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1432

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3720

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7656

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Documents\Screenshot.png"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5176

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:2568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
e34b3ab4ea53c6d5a01d1b51521eb189

SHA1
3573ab0b32e64e13c5e684f84e81b1795a6f2c01

SHA256
5a42f5ee06afdd9cd1cccda0f21700740e00dd6729424c4581ce4be753fa6a55

SHA512
997b4d68b46a9b51a59bf17884142782d80212d013152d7fe7a7a2faa7b855d40f04da81534f0a018cf0a82a00eb2229bddd2b9ce9317ddb88d37e389c01c8c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
9eb429563d4187b5a6879559645b380a

SHA1
5e559b14662ab3a3d08ca6c4da31f61f3a2b7347

SHA256
3c8ec56b49e7d964bb106de2d34fdea073786a09f607d14ae5fcaeff216d6856

SHA512
b40c0e4d596b4f94f39a31613826d4cf3da6558a8c67549ffee758c16691013c9e31db8a576127f86d922409c4e230f9554cee88675404edf3ef80f8035904e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\50490ba6-d290-41f4-a7ba-a618381d5c2e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
819b361c6fd587d9e7b6e820ce1b059c

SHA1
b6aeaeaf5051ac3a2624b09052d82540f556f0f3

SHA256
aad635e4d2219d6a1fdbd5cd2d55a9c1a2294fb70a17729a2915919b40b74258

SHA512
da9e507b015293f0b8d60b359bb59965fad06826a67a086d76affabe229587773647c4a17827ad6c87ed05e332e716f540d3dc2f0ae52d96bb93ed2ef366b040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
999a0517b2ef198bc0764ccd9513bccf

SHA1
e1a010bcbe9d85d372336d93289fe8c23da95e5b

SHA256
3e1ed5fb325e2f7422449b2bbe53b83e96f4263e5a785d64c17667e62317a61d

SHA512
c2904748fa5a2319d944117b03cb779969b4e33d76a7b2c4663a2a331145c904488b45983b50c1bc5049e3d1bc697efd7d1f95637fbfe2a1ddf8ed695a78a66e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
68cd0bee3773b44792bcb2d51b932529

SHA1
b0787fb22a1945a11da36c980ef363246d632b6b

SHA256
53452cfdc26368e9cc39fae91d9b582b8373e28464a3f8622489a16e8ad07c41

SHA512
55757787ea89b251d20f02fc160e25e088d7cb85426eae0d3aeeef340c49f7d449ef8aa071a5eed33fc5c105b33d905d768020b1aa495c9e3cfd7aa30ec312ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
e207f9ca2592677987ed2a71cfa65d84

SHA1
e6181c40176bf7a18fc260cca1e42906a16c1ef7

SHA256
e2063746a95665fd3cd3a7d567a5f6cdc9a8dfde0cddd3638f6331a2a411e395

SHA512
70c9f68474550a36d9b103578298e13e4718d0a122d3267c91f839a56194af2bc99f719a0eabceceee83adb3b7d4532b50284a23a13684510f56bd240b783e02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ed06a0e7b67f24fef0a19bc60f0a1d2

SHA1
775252249c645e0d779663a320a478d1a15986df

SHA256
fb9c88d198c07cf5ef7fc186730a323f0aa09052ae11e17e1ca58d203b185c7c

SHA512
3aeacd9a19d16fa26c2d1a8a8f9d81bec3e3f2f6ffaa5d50a7dfd56f9d8e6253d87c03c63d35694d2439480f7c96bc620815c955a8c273da440d05d798788c27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d95ed135681eaeec6e4122646706c10c

SHA1
281432bde0a5c262efd21c11d5250ea59d5ef684

SHA256
1de4f95024c4783504c76827276d6f44e7b7dd4b9634b9ee742bc302f22874cb

SHA512
ec055473aba6bda71d3aab0e78a117b392f82bb893159fb8238c8c06c8583591fac583c950ebfb5e901e1934d2fadbc9e8d9ce77639fb6ab793532d1338146fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e129d3eee39373777af530aba2b4a0a6

SHA1
688ccae03f4c5fb7604392a5fa56eb6df2d03991

SHA256
8be5ab8543ea082d2cb0fb71088efa8044ef742ebca9563469c7b2552cf9cc92

SHA512
b25ba07c1067d3dda3195286cc906ebc224d1790b3a48b3eb5f9128310013d2f2e5f0fc977bf5a511267ea429e1a2f958ec9ad35b98a5df76215a81079762b47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5649849a7c847ec4664d5808c6001260

SHA1
d2235fdc10c11b4e4ca17ae82ad90837aa744ec7

SHA256
4e4ce64f27543c6851b440aefd34091d0d460ed390054ac58b9a41cf131e04bc

SHA512
3190d86737e29efb78952012e7fb7290e1559da7d8a7976d96093a7d719a644c51dc2f612ecefd7e04466a7ecfb8c3283af75a3fd7647981c0378cb69ed25ac2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
8ffa31c547f4d5395eeac853a8773bf0

SHA1
4d0fcf12d991cc0a48a2f9e10ad57ef9f770a3fa

SHA256
6987e4ab639f20120693fa2e194b47f60413b2a0d5d521b86a28fe4f9fff2a17

SHA512
182513fcb04d2722f88ea7b62b011b2ec23af41b533b2c58a7410d5f47701d138bf2616cda4c24afd89c2dc99cf54dd259cac91dd00757e3e10ddc922b63604c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
f56bb764cb7916206020d82ab793d0b9

SHA1
097d2937820ec51717ec8d9e429248b28e8ec3af

SHA256
1b78acc23d14664dd0378f10c59f70ee560d84c0e7138a4064d24392eea50bf9

SHA512
660b8bb3c26c85c9c6704875506389bc933f11cba88fa5c1ed5186380b8d0ce897e2523bb7de5c2de65ab8d98339cd544d4b847a51f17b1be92d2ee5cc96c726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
493ced3731df92b7bef2a27c1101577f

SHA1
7e5bedbc289b280e5df944541c5837c4672592e2

SHA256
04f0b5b5ebc54a27ac2732aa2140a7ab028220abad40ad2197066796bbaf0879

SHA512
bba8c5919e44bde9b4fd1989da586612f7b587e25a5781d65a7fcfc147f31aac754b89909c95d93af604a6a228c70d4444582f82e293365587c8d1e45c873f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4d4fecc4f79af09ee9058013a5d0933

SHA1
8c15752d73da3f130079028e435f2daf50f698e3

SHA256
d4bd83a9074665acc707d2572ccaa251aec3af919a325a4914fcf74315b7325d

SHA512
449b0c0203eb1b37f922db5af0a34582a69a500e09daa86cd0a794d717e63588153aabda336401f47690aa3b416c0b69fcaf9ffdc715d61d59357a79cf620e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2d7b8340fd29eeb437b0421ab0a88467

SHA1
23ccc53b3e4c0e97e0eb8963e4538ab55b90c827

SHA256
6c831215a09b6c2274616589849b0c067f59ef8c77487803be9ae2460e42d27c

SHA512
9f64db4622a9d1e2233fd0e1d2cc2c827cece7c79735acdd914abf8009be1550970beef98b8fbe8e3440ae4508dfbad3d3acf6df53ff4f5602bd8a107c37722f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5feff61c76839b5bebe1723919f4e1c5

SHA1
4839ee30f5459c622f3ada81d5f77d87cd2c08fc

SHA256
59600e98fa048729d633494ead58f450e4dcb931af369c8af4f0e7cbffc7e2ca

SHA512
13b035cdd9393579a7e595633ed9fbcccde0498db7c143c73e220b1bfa3138fd62ac1385361416cd9f61629a06bba689edbfb1b1d75dbbde238e190c1b6acc5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28a972e24eef6f7e3924ba37204f9fd

SHA1
56df67c07d6d851756dd408ccb01857ccdfbe414

SHA256
26ba40d2122798635b637009c7d041f149eabdf1d0b075a87a5e65ea203f2821

SHA512
8d3f8e3297dccda92a5222f4007dea5adc04531703c47ab0e626231cdd71ef9dd7fe30566aa989a5e60da4e6427da7af100298d8d64cc848df1a981ee18a3f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0ce0d916dfb3e31f284636e809bb9cbc

SHA1
252164848809993c57009fbd29251c6124548d50

SHA256
e3224446177100c60fdea57d1afcace69aa5aaef79720b361f49662b09bf11ba

SHA512
b038b3be45c15660b05d43438e7600bf08f7a9d4945cd10377f2c9ba87d4704811b532b0894fc25c656ad1915356be8a7d2fb9a240c827068c129efd4c1d6bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5391bd7b113cd90892553d8e903382f

SHA1
2a164e328c5ce2fc41f3225c65ec7e88c8be68a5

SHA256
fd9710650fc6774ce452b01fb37799cd64d3cdc282ac693e918e38322349fe79

SHA512
41957bea3e09c2f69487592df334edc6e3e6de3ab71beb64d9b6d9ce015e02a801b4215344d5d99765abe8ab2396394ac4664fced9f871204453a79463cc7825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2905b2a304443857a2afa4fc0b12fa24

SHA1
6266f131d70f5555e996420f20fa99c425074ec3

SHA256
5298bdb27d48c2c2b5e67bdd435445ef5b06d9b36c11394705b413ff3d0f51f3

SHA512
df85de0c817350d8ca3346def1db8653aaee51705822b4c4484c97e7d31282a2936fa516d68c298dcbbb293b044aa7101b3de0c7852c26e98ac6c91415162b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
18KB

MD5
564c04c5670da8bec7eeb0be9f33b88f

SHA1
f835ec7f773db861fe636ee46b969bc86673669e

SHA256
58e05559de71ec7991e972799e00fb193e3ab1db349d73f437cf47127af70875

SHA512
d197aa1c0342d85e70998fbea9240a08d9d2df365b0f1be0858fb8df8d978d98ff9dde2a421f242f97e653b0ccedd9a45619f68ae50a9f3d96f9a6eeee7d2ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
16KB

MD5
7d7a0cfb8ec9eb548c63bfd8f743181c

SHA1
76cab36d1597e40654951dec1be50c289252caaa

SHA256
49ff798368f6e4367d03a44af687d47609ca4608d02b1a099281f88c910cf1aa

SHA512
f0ac58933ad72ebeddcfbf22bf6fd07c0846e2ca180918d0a1f5973185c86c093865d670c29987b4505da5a74f6655ee88ed00286c7ed299307d340660588aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
262d65b48ab73aa5a0aaa4d4479c7980

SHA1
0a1b10ba34cdbe5065fca67600f6c88ef4894d90

SHA256
584b5388800828089bde9d3f498f2594977308a9c4352e216840352d7ada5305

SHA512
856a6faa866db6d7601e55cdc36aa31041da6860294f01cfd4673037283decd65c2ff54a7524e5d8f8a80bf3346009e00132f176c70103c438003e51bbf7d5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
17KB

MD5
04edbf031e8d958e08efd7bc2b09364e

SHA1
f5637607886d059416b1dee254eca7499c47eb56

SHA256
dcfbc409ca1b05ad66f71d1f455bc8a448ed632e1a3a8fce0f66691aab27912c

SHA512
1642bc8798ae8852bf075c22af4484cf5838ecc72cf0c99fc6336f12726255bcb924c49d6aca7b0a92360d4d5a328bf168a1b8837f0baeca07b174c20e81fc6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
35KB

MD5
ba14136a8495c2d383c644df01ca6d2a

SHA1
05290a1497ce52d03c6e1b0954ebb4164cf0b81d

SHA256
8faf2ad28504bad05fd02ca33dceb0a2569f5c5f89610af664d37bf887ae7f9d

SHA512
7d6322d0f7dc015ac5b8f2ebb317a2762ca06feca2bd46be8a491b23947da515a1bf8d2bdb7a7be197c490b17944fdf52a9bf6e2c5e1cc9c514fb8f30f7de51a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
29KB

MD5
870fd6d040af0dd62e15b28a01d2df60

SHA1
8a69bcd4e55060f968bce0a0d1a58d18f32f039c

SHA256
dda83870d9be4c42c981a1c8db156a92b07b612b30d99d92c0ae5731ab9e1286

SHA512
9e8f13484e8a509b1ac3578fedafa27da63028eaf0e789192d432f870cca650e85379a3f8883c3cfdf35a2b52b538281ca1525879a3ef75e460cc36c4651d600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
28KB

MD5
c78238a422d1b0744e6b5ef074dfd45d

SHA1
2ed3755723cd9f301b18ed7c80615aad828f58b6

SHA256
18228e9e496c26941f60295f13c78361639db08b6bdc2e98664ac54f0e54b22c

SHA512
fe1798e974f08bd0f0b76dcba0f98e83b0b6a748b30cc76819ff04c15e0cad83521f75fb84b59e34d4462743bb32b88520f2754f5fbab7194b6695894720dffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
16KB

MD5
292790c5c789072f2a77ebf94808a4a1

SHA1
2adef93b03fed472aebac92a64cf78f8c3fce34a

SHA256
6f7964dcf126d187ddcbf54c1f40b4b908149cdfaa4175de710f738fa5be2ade

SHA512
7cb9a5719af08a805c4c244dcb0f991bc64b4aa166f12a6dc12676cf23c6f636d01cd8761b9dfe691a887ff090be54de33905ad7f7ed2f96a41ae2eb35fe613f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
17KB

MD5
d94e437a0824aa6535d96a9a005f1d21

SHA1
1fbd155bedd72356f09adcf80de59a1b7476c209

SHA256
1cb68505a3deef03d088e8b95b390e5f13a854110c36a65d180bf28c0fe4772e

SHA512
a593a3b436ce8e7ef266124aae02e775c1d9be78895664324fae425208a2ad82d5652a39f989c7909119b510e3f9d4ae1909469d7136bfe7e0d455e95e93f044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
20KB

MD5
9f8c32a0ace8e400a8ac0c6be9f323a5

SHA1
b09e48a1fe8de3dbb7599046d96ff3b4487fccc5

SHA256
85164f4666fd78c87becc4de769aee0cc53b548d62bf18c98190fbb4c8cd9c95

SHA512
55767adf1acb38c114b59e36fa84fb888a3b6298ea2a2281d28a00900d2e0ecdd68cf8de5f9300ca9060648164e4a9249f12e7c024a28c8070cb1a26af02840b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
18KB

MD5
f917599afce0f0be355ba47287dc031c

SHA1
fe92b15a20ed5e4396ecbec0934dce1c6c332aef

SHA256
29b9bbbd31489dad0d8a31a0c169205709a57ef05a6765d126b6fd3926ff89d1

SHA512
5469d68f879a8df726646437272cdd3877c2583f0f46e62f15ae6b792605b1594a9fdc6fda0097061d6330e4f42fda831ef2565822bbc9279aa7788a1d5f53d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
16KB

MD5
238bdab6b77b57087028d3d4b3bcecc9

SHA1
5cc4c5bd3fb10cd31056482b936c2199ac7549ab

SHA256
893717de65c3cc97ddf4b99ed1d6048a614fdd8402c2d7c91601402c1f8f932f

SHA512
90e50e5095f6c2ef380ab5189c8ae64a21a52fb7e486cff8d2eeb4a865a35461f5674581c75d37e5ef35ce3575eb41ff1e23031c848c622b2bfe3effdebf2573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a067416998be582a_0

Filesize
352B

MD5
f69304299462dfae601ce7d1aace9603

SHA1
100dd0e03597f60e33f0ea1fe57305173e036278

SHA256
63672bd851a27c2a2173d96c4be9e5bc1dbefb9ce85e1b27cc7e8b41546f4767

SHA512
8f1934efe9f5e2a44ba0e411320f7c312a9903bee373694ca01ee2f5fcad48b71b8cc6d06733e9ab4ae154a01cecbcda86434fcfd35898fd8d4db5b9d101885f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
33f31e2b987794bd19879bab4415cba7

SHA1
765ba7bcb8dceee3c504859830ca9e07375392b2

SHA256
e3ef66db4b4301852cefc30383d867d9ec7d8507044fbe633a2d825b1d4a7938

SHA512
ffcf47a614441fd5ea8fe907e6fe8c54ca3ac23b80621f1e107a85f8411c1492788d145791e0a80e46154b18a1f2c93754d149efd37195d2d3aa337d4243fd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
ccc1ea75c10085c27d0a1c605fe3d835

SHA1
b80fbff77e1486efcf820f718954fc6dece48de7

SHA256
5b1e7a7780828d52a1da5abf8e76eb144ca97222878ff21e1006c399815cd28a

SHA512
892c2b0076eaa6c65a8ed21e375aa193c4850903a93206c96f940505fe8132397b6d7d4a6f8a0a8425b1a41f9975f1a6270d7e42b82a2011c90cfb0fca251637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
eb8508efce54cfcb7a4093b86dfdfd4b

SHA1
001310f2e1db3e6613308252bbf4935f871e831f

SHA256
bcf04ac07c5c6f7e5d21d45eabe23152f0bd34a20b8585df397b99da84fc723b

SHA512
cb71f5d51eb88f24c7a4f63759a0340ad4fa4606736783c4cf47498f801bf3c818bd4179aaa6da68aa21b891be602bd971da6417e3be8c87d209d98738ccf79b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
30d68c0e84743ea89595859b10a61939

SHA1
7c9f1048bf14cc8c2d7f8fee3d3c69a4bccb230e

SHA256
0f53cef8750dd8737261e6dd0c53d8d637fe23ec8220b966345bed0983c43f09

SHA512
bdb234c9c5e39438bbbb332e351cf6e285cfb66d516eb9d2c7fe4161d862f93db71e6e57d778a0d91d506c8fde629a5feb3affa32e0ae263994d20c3cd482c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
495B

MD5
65225fd6d35a96252abfa0cef5b4d44a

SHA1
c97c3c56c6af308b1f2074b6d93da5650af57013

SHA256
7bdfb0a4555f638325fe87a4056ebf187d0626d2482f520449536e3af98d394e

SHA512
d44239a002012905d5b2d2ae4d6a5350d27999afa9c83fd07e35974cf4c664fa1cfb9f2ac09564b651f4afeee3aa62c9c81ca0d822fa649b237c4c6205c4de6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
803555de640dc9fd5167c905d5d0ef4c

SHA1
a5419c244a6a9664af8c3e220b88c8f764afc85b

SHA256
fbc5efa7b09d83ce6f52166f39394a32b0ef8d98e02cd81da10b61f16814913a

SHA512
16a41358c17359ec0cb47d3e921b4f17712e6ff896c0f15c196be7fa0f1e41bdc74fd117e3207ddb5368c134f98050b3b0f0c1b51301be205a2f5740294fffb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e0554aad8707b0519ad1f1a3f24b0d14

SHA1
dddf65418601b768034a8bf81e904f07bdeefae5

SHA256
be1c5ad885befd217cd087233c6c2e7709bfff8d43752f725c4ee95a2e32f600

SHA512
d1927cfa04a224b96e821921b4bd650aad81e03c3f9d3dddd07dc0b53316c28afd00ae61c0f90afbe819791231fa083365e4f988c41396f79765b72b41964461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
aab80edacdf4ca7f81598be36e120584

SHA1
107aeeaeff7e42ec4c72d319e9ded1a57b9584ce

SHA256
fc14a813bda0687dc56eb1f4f53db14a38cb3fca870c664ad98503a289d07067

SHA512
30c229d42a9010f42b0a1f2df2daf066d05585660506a74b75ce5b857880d184b19ea162bcd745f64273acbe3a8ce4b2900a6314f77714f596c41f67930c8ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
90d851edb1be46025a78cd35cd20c14a

SHA1
6034ccb47c105bc7d5d82412dfbce2a88a97e6fb

SHA256
90327b9b702f9e4ea4eca5f7d86b6bcdf1ce763f3f8d4109137c55214cedcaa9

SHA512
1cd2411d1d139f57464acf591cfbec08ec4b6a57662ac822cd288a3f61602c75abbe953a8e7a21185627ed3b0d6e3f5c984baf3c6ed230972ad6b57aa9bbaf8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1a9722bebfe172708c5ea818195d696a

SHA1
401896c7dcf2e3cf8a95cc158e3285c1de3d76f3

SHA256
292b44fdc0d0e6fb68da74ee50de69c33865518402c4da599e5a3324ba91ae64

SHA512
812c94faa1c556d14e46404d2aacdbfc067758411b42893a19fecbc38a4d033c9e15c1a09e60e79a5a0665c8a3ee1f0e1a7589018ff1b00165947a5d2169d214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
50f4f5bfe3bd3ffb7761e38ecb5c4ca8

SHA1
2074ae138b0fadab31e05aa3959cc7db0c0a0270

SHA256
ba505bd2275f53e0c0d616c01b35a9ec4fd438dbdf7b62c4abd00d26b6e900e6

SHA512
47c4c37c00e838309427970fd8fc1f091dbf2a4a1187cfdedc9176b85bac4d6f4e94474e65aff4c515099bf22f10c55ec21e9b71438b8c0251a66108185486de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
30266010520ec59052a53a32faf2e0af

SHA1
e9a6b52b66a55456c88a747c9845ce1b218e9a0e

SHA256
4bc13f1b16d605c910deeeea15eb80035f93cb0344efa08049c2bdfc5d404fe5

SHA512
8e375a354597b33bf5e49680a5298dec2b353ac657d655dfb35ca4f2e51d34d99b67ef668bf1f474f6382d31379736e6d238a057e2e43f48f0b466f4bc054b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2d2b5bb73b593eea1179dde0fd6ef05e

SHA1
aa43bb2746ce4361b400b15ecb2e1f876f37b519

SHA256
d43a711af08ab742b1298479b0dadc3507015338774323eb455c272acbd44fca

SHA512
5897cc69b2a8d25c3c20e60dd5a5b8fbbee57e7abb79ce31ddd969537f3e0e1f5e855e08b16acff31ea89c0a5f7da66bd33011340398518a6de430df9afb2bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e263765aada761c47c3fe4395331e77e

SHA1
6d22d0fb2e4e25c719409508fd5e23f81cb403a3

SHA256
713f722b110d95793b84b27b70d3692b23f5f19bb78efeca7ab9e7623c90084c

SHA512
a4bf5782c96d751420f0732a813641c9b19935b5ffa0be6b8538f7a0ea23ea64cd69373202da1bebbc9037e03699bf92b598f565a3f404025bff9c0f3f2a1202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9eafe758f693bcbd37bb47bdd6689c74

SHA1
e2979840ccf0038d8de0ee04120928d795a1ad8e

SHA256
29efeb228fc4fd19f059a186c88d01881aae1627dc77f84a5e92dcdf8a5a73cb

SHA512
244c548b8d1f004157cc3240270fdfbc8442720130b1cd3811adec309b8621bd51191472f5fd725c55a9dc383986470b7900d4b189bcd0303185ed5f0ee4f727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
685bda5e49d622fb6b616e2e4efa8c9a

SHA1
d6a5e3da1979fdf77bd12bf4f9ab11bd44f1a594

SHA256
520c4a0bab05b66bc934f139c565ad142f820375452e2d2ff6751df298bcbef3

SHA512
07f8d52eb86cc9a835938eab3d617245ceac65c30c2ff5c14caa65ab6d7faebd27680c2deb4d2d4088e17e1539e7327bc4670a34c2edd2c046ef969d312e5b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376271596106479

Filesize
1KB

MD5
6a03fa9e2826e268347228bea2221ea1

SHA1
52e2915dc706ed0da9bf2428802a661cddc4af61

SHA256
b6ac2010db3813711d710a73ffd70b1cfdd98762b33770bf0c993b00aa4288a9

SHA512
33751ef6cf7d32a6369ca280e80f9b939580263778b522b82edd4063f8725e70ac5fc1f74267f474253f5bf456d56572fe7be9f14a76321bd1c5a1ba2e891085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
d7639ebc395e414b484fc9839114e6a0

SHA1
c071b3ba8726d6d72f88986a1cbfcaae3ab08ec7

SHA256
0cdf07af654d531c22f03268bab62c3892e11d35f8202b1f3b559e7516dde2d4

SHA512
1229f52fc3351714a97cba598ef6bbcd622c1df550c97c9979abc62bcb40231ad7923d77e648ab60a6fb13c78248c8146187f86d8b4211d32968478b45c977b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
47f7d7383abcff3079b537ec90ad33bb

SHA1
f70e74af958c05c0ba635f10ae931c14c84ed690

SHA256
58cefea7f8202e841d82bea8a02bc31192ef87e39567bf820891fb08a6e10716

SHA512
27d6ccfb804ea954c623630d316fb3780db60cecc8372fdb1a577c4d1d6e62f1364b1cd07369a2a9018be230165ba945015a22aed10d309ff0822db5c50dfd8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
6d192910b5c595444407ea471858d3e0

SHA1
5438b0aff26905e68767b264e45f3e63b9d1cd99

SHA256
1dea33e4a525f26479f1ab0eac28f58f3f90a05f01c9e8575cc87162c2bb1584

SHA512
6e0fbf75a2473afc5967917832fbe6599a5b2f40f0239c9822a3cc6c2911f07f3f45a0162bed87b1050416f6d7bff9b610ad5b8e74f2ca8755a55dc11b462611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
cf282fd7ac5988c13e4fdc492c5298b8

SHA1
fa8ba70d3f1cd0ca68ef61e6538500403b42a96c

SHA256
ea2be60811e6985c68a1bbb0c57bff35abb43fedf705a8f8a42605ab23f76c8e

SHA512
29d186bc552c69822e6276c675e6c76daf4b93becfb1643c1bfa826d3e377c3679071452e5063c1dbfb7ff718f34315541659955f71065c40e5f9531d0f8fa8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
8be6cebdbb9a6496a2d337a63b78eee7

SHA1
4453baa114f495f1c24844670b11036033cbb8ed

SHA256
fb9d46dd912999e9c3ce183a84657545b71dea406abbd9d4ff74c5f10588081e

SHA512
fe9df92c2ec0d5906cc3493efbeac392cf161e9efa41f63e42e144ef1dbd6eb81b6b3e175821aa9676bccacc90e05c43db5db670fecd475ae9c492385c639395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e198d500-b4d7-4bfc-9e39-e93919b93e4d.tmp

Filesize
24KB

MD5
7ad9709100fb43b77314ee7765b27828

SHA1
5cd0c406c08c9c1073b0c08169ccaffbd4ef6b98

SHA256
04b61824ffce6fdbae4e6a527ae58b85813226ee28fe4d631feb76b5f936a1a9

SHA512
fc55ee34b1107e298f2cfcb20dce42b5dbc98a7b68e72ed80a6ea594f66dff6f9e9cb70ad5ccbf5ad2171275f375abac1defd8dad4118afa280cd9c1d9f6a538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
c028930c86cfe56e882894d35830d794

SHA1
449733ec1d4ca3af955d7892c3ab974f243bc860

SHA256
aee3f849425f611ed36f2e3d1880bce356b892e8c6d21b51c43c3e6b47310cbb

SHA512
acc1f5038709628740eb8535484f2096cb3b67227b3f12946141f146a219962a70edc49e08ef668c56fe2f4a04482e136d9b63ba4df8fcf32cec075459b65d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7da89f9f2458d30eaf045e7a1075c03b

SHA1
4e11a336190db52f004f732ccbcc983438afd29e

SHA256
a6736bb1230541af21904bf2e214877082f0fdddaaaaa9acd200345a2d2337ec

SHA512
6452c2c690622c54dac8a2e6048b0324e4feef0f7b1e6f285fb9f68b465227602255b949a6649bcfd95ef4367b4a37ee3be833e06660b7a1f91a5783bef0a152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5cfb9a5223f1192aa1de84c301f70284

SHA1
4b0f79777b5cdfa6bfc0afdbfcf3826082765f4c

SHA256
a846f14bc4e350519c8e702e09e25db794455a80b5196f7e2686e46fdf04b3a9

SHA512
7f7fd7ad38073ad1443ed05cc91c741fe5430f439e7afa7bdb79e6c8557a47eece675938c8a515877e5974b8b67392e567ad1fe7c50610698fb6a2182c7bd912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c7ce5f16b70ef287ba1035db837d4e97

SHA1
7c74581812b4ece619d877e850ab5fac5a31e52e

SHA256
daf3a8712308add24492f5baf0e235fd5e5921b200d3c38dc3542549d4948e51

SHA512
2b6b8868498dd22d21b91e4e7d207317241c3cf64f1e1076a49ebb8657a7ceca1033505dcaa74ed9826479085289b9b79015f88cbbeae1717c06ca32336993c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
612ad02d00886f5cfc6580e6092262aa

SHA1
4018b728b0f29aa840183ce0242d7c41d64e70c0

SHA256
b552c8e908de9a05619ebcc884b1eafefb3d9c9c4f13d1df2304ddae810bfd74

SHA512
f353db6cd1363eee1cb16f1e3141745ab1b11fcef2f9dc05dfe9dd7bf26242f6b7ad2f383440eebf0fdff901afe59dd02261f0254330a20828e867c6fb1384d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
014a697817e37903a54390d4f570116e

SHA1
16198df6f0a413f3a483a0d581903522d8203626

SHA256
871ad70f2946975012235a4fd5bbc5391e0e5d3fbca6a3d866e4f3ff1dd41aac

SHA512
b6c6978ca06477fd4c432c19ec57fbe0537155cfda47c2177e71e4f7f41cd8e673652a595e3db784a63de7f37e300817370d0f64d3f236ebd6d16a20f5087d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a3a60a3f78299444aacaa89710a64b6

SHA1
2a052bf5cf54f980475085eef459d94c3ce5ef55

SHA256
61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f

SHA512
c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Filesize
57B

MD5
3a05eaea94307f8c57bac69c3df64e59

SHA1
9b852b902b72b9d5f7b9158e306e1a2c5f6112c8

SHA256
a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e

SHA512
6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES4E12.tmp

Filesize
1KB

MD5
8d8e2c919aac501adafd30f22df7be9c

SHA1
790a9677da18f8613edbb485cadada40396d42dd

SHA256
4354263ab99d7c800623613f288f0ce835a5af447bb4505961ed625ff5122609

SHA512
0d76315841d8fbd961a1193b18445fbe67683418d729354f73380becea95565d83fc0e24009cbf50b23db42d514d6bfc5a06509fc64a5fd1e46c0596773e157b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES5149.tmp

Filesize
1KB

MD5
d74f48997b71302776d178b798b4b4c4

SHA1
db6e99592631b7a2e5489946db9f6aac6133710c

SHA256
c632a3933ecaac7ce9caaee5e7a4a8199b5985dda30fdf48adbfdf6a2853a7d2

SHA512
02a1a0cf9da1e703c7970d623c2c300d79e8f8543a6143f69a9db1ca72782964726c4deb6ef6407fd7ebaf4dcc21131423ca12f026a28ec7cf0891d985b3cc7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESFD9B.tmp

Filesize
1KB

MD5
a951dd4d0089a5478b84577822dfaa00

SHA1
af46e74318bddee7d1b8e6a52e30717285260d98

SHA256
2af896c9e244f4bd1baf50ecea467096cdcb121988e719dd232b292917f43e13

SHA512
232fc88cf8776867282b29e66d66780774f85dff4180f763e8f2a9225c8b84b7c196bcf947fdd6caaadf7a1c138b0a3e57ef439796a9da19ff295930d2c4af57

Download Submit
C:\Users\Admin\AppData\Local\Temp\ava24lot\ava24lot.exe

Filesize
4KB

MD5
37370f53db5d3fb1acc7b74be54c1120

SHA1
ea6526977b4140b8fb3ba49e5b54f7cbbb2a016a

SHA256
6bb640a8649b381d73c397dd5bcd313447ba176fdc350ac4eca70e9db9909e3f

SHA512
51a65649305a29f097bd96649e1fae12182986dc6a05e8365f2d433d756b6fbecbb9f4b1f54a9098917dbe405087e1ee4db58415c1150b383ba0aa396cfda54b

Download Submit
C:\Users\Admin\AppData\Local\Temp\bb4cl3ei\bb4cl3ei.exe

Filesize
4KB

MD5
7f37bf7b8da5e80fede11d9e0ae284c8

SHA1
9407437e22d1d661b54f800e7fc060758bc7e401

SHA256
fb6617e994e193627142de5e1be144aa01408df9a40663e36c0f21bf14781a45

SHA512
7a2bad05dc9196d809464d57b54bfacac664aa7907db5b6ef7db6242d50ef1402a493013f1d29bbf9d024420311333bee94a8923628a57ecc3c07399eeff36d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\f4d0lqqj\f4d0lqqj.exe

Filesize
4KB

MD5
1b36a593c3ad6aca214192d138f09343

SHA1
42df25a40176d3fb8e0291436d44c5e6190d5a3c

SHA256
e3284dedd9b55f2ec6e16008adccdade696ebc49c7d50e48bfc192b4a22c3a69

SHA512
8ace1361dbdfb9f4bf72bbee634bb8e28a16fb931bd45a5cc1d60497520a5be0ff9c41d71020e698dc64107f2c6fda381b82b36caef9fe748dcb6490898d3a9b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
700ef721a3b901d0858dece111eb2086

SHA1
9214be0dd1ef9284926e6363c0c1d1c723267fbf

SHA256
c36731dd9a6f087579c8674073de8d1054c2f4c3841fb09fbe432282f4325599

SHA512
1a5035bf5211a4d5f7ef44e8862ade94f167549bc3dd4f677ff1cd36854db8778fe13d5d9ca56ecef59a7b5b66a6157d469b51561d6b3175d27d3f13b80fdaf7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
21d341c7386548de9f877d3b116d0fd2

SHA1
2861742fdb73143c9819bdd3b4a6d22a40ff2d13

SHA256
86ab065659a37e545085f17585ca4f766a742361948e9a7ac4b9dbd25a25b1e4

SHA512
e216f73fb1e457c36f081f055ad535aa27f8b4fa03673ba74996a855cc950ae6b459542df0e41d372796d6a65eaafd2e4dec87e3d6c224e4ba57f1f2f1be6d1e

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ava24lot\CSCDAB91B592D8F4A2298D361388DB9A4D.TMP

Filesize
1KB

MD5
cd1b088255987026da5f08df009a940f

SHA1
020cce0c9710677d0e72e56083d2cc5167159028

SHA256
48fe878990e39c6cce05b2d71d4881f87201aaacc120a1d8a4b76de59cc3475e

SHA512
3c034769e368589961e5cc28d51e377b4b60e4d37bfa0f388d102017c6b25bd2350539ef16033f34a7acc87e708bef829ce08ef0cb9e6fde5f00e02d2672e5dc

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ava24lot\ava24lot.0.cs

Filesize
853B

MD5
da0f1196d77feb19e2c4500bf41f86da

SHA1
2b6633a55c8b2491cec38b0a088ceb7d330c52d2

SHA256
da3ab4bf5462004ad63ed879549ae1ea879a23a044f0a822a5809318e81db166

SHA512
597caf01db93c069f2a9d21a259bc180a4ef5cf01cc806d49ebecceb017aae8c5343bdd624b5b53ace69c93d16b4eaa2f2089e7cc26bdbe665b63073e6527978

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ava24lot\ava24lot.cmdline

Filesize
334B

MD5
fd21016893503517a4bc8489971d028b

SHA1
a854f08e23e4c68a51d18044848477d10da9c1c1

SHA256
5f9029ec3bebbd9a007549f15f7f7e0c8c81ca45ffee5e0bfcec43fb924ac79f

SHA512
ccf8b11726fc337ec554c13b0731f894d323dbc16424e955908b9e5e6b54985ff3e2abacc35bf28a3a0dee9f4ea440b952ac117b900433c27bf98930e1115656

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\bb4cl3ei\CSCFE823CCADAF42DAB97486C51B34119.TMP

Filesize
1KB

MD5
973fdda0321b82ccac44509f4fcbb87a

SHA1
518dc7ac3ad1491c06c771f251676e46f0a93ba9

SHA256
4c78b4a27a0d17a85e7f0a5d98fe89ea2ca1fe07153b9cab5311fad84c4ebcb5

SHA512
4dc50ae3b4cef222afea332d8b1748f371477749a9717369792f769f20db93b6936c0bdc4ff461676295e1d9e7ac7d334b10bb64d7ba818b90f5e23bdeb1cfdd

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\bb4cl3ei\bb4cl3ei.0.cs

Filesize
858B

MD5
46faa35db591ecebd0f3c136074251b3

SHA1
692101bb9a623740dc6effdcf7439f298cd95613

SHA256
cc5e427629065d8b3fca591fb81f9a2ecc2ce65407786770db472a817db564d2

SHA512
c8230116a4ed908f02005d302a16168cc2790edc54cd4a87580ddc90ab7d971eeb0b040dd59879c8ec8d3d8b2f0a21b2e518daebbc823196ff9e373e7c4d5b48

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\bb4cl3ei\bb4cl3ei.cmdline

Filesize
334B

MD5
492f91a073a69d33fd30bd18aa2fc747

SHA1
4b952a8b26a30eace1225a45f123c00784dc99d1

SHA256
65c3504e11e4e9652df64b1bd8ecaa9a8c196b244b827a1a953f07a04d03a275

SHA512
d70ff4b4160748ec9ce3022aabea48d9a7e069f03808147066be3a248d1b6aac44e570710d7bc2a434d5653b32f9186393d2f01b0c81ca4eb2d7c22eb2b04419

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\f4d0lqqj\CSCDBC43F83A24540899065537D2A587AD.TMP

Filesize
1KB

MD5
c1448b87fc2d2ded314414b9b301401e

SHA1
c650fb2fed1528f20b11b00a89b7bf2ead9766da

SHA256
ebc5f53d4820e73777f16e1fea93d5a4331abbaac3c4e6a156622b7b10f58626

SHA512
54f9142cd17b1de0d93ead2b027475351c78ddc92bdcca4c0c0516fd7a0b63af7c420e2eb1aadede77c4d757e74fc98e892ffc041d6b615075ff928bb6b27fcf

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\f4d0lqqj\f4d0lqqj.0.cs

Filesize
673B

MD5
df169a161ccb64bb8a2f1ea4dc35398a

SHA1
bbe2312203c33dc3659073034916e9e1938c7fbc

SHA256
c18f774e7dc620e4dde3bdc0f9995f48b0acb9c14effcf221b0b445211884496

SHA512
676a028f12a74a27159252857d14972f995835650b2fee1ddff763d7d695d9d7c8e2173a66029a2151fdd16ea0463c54acb2a84fcf2c374d53d8fd09f041069d

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\f4d0lqqj\f4d0lqqj.cmdline

Filesize
334B

MD5
de5def57f55a48b7f92dac6d709882e3

SHA1
5bcd746eb34de739c1d73fbbfea6cd6675c36894

SHA256
3835502dafc0a2d5abab7d23745b720592efbdcbd0d7c17ae94b76fbecabe8c0

SHA512
df0b4b2106acd5d9d3910f0b5635e288b2ccff7c4730dfc33e020794fc320b8f3351b2eff8f280bbcbd23ef58635040f390d33471497fa6414a6e2234c1f64d1

Download Submit
\??\pipe\LOCAL\crashpad_1900_NRTZMXFLELEDPSKT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3980-1169-0x0000000005550000-0x0000000005558000-memory.dmp

Filesize
32KB

Download
memory/3980-1199-0x0000000006630000-0x0000000006638000-memory.dmp

Filesize
32KB

Download
memory/3980-1053-0x00000000096F0000-0x000000000978C000-memory.dmp

Filesize
624KB

Download
memory/3980-1054-0x0000000007340000-0x0000000007348000-memory.dmp

Filesize
32KB

Download
memory/3980-1055-0x00000000073F0000-0x00000000073F8000-memory.dmp

Filesize
32KB

Download
memory/3980-1056-0x0000000007780000-0x0000000007788000-memory.dmp

Filesize
32KB

Download
memory/3980-1058-0x0000000007AB0000-0x0000000007ABA000-memory.dmp

Filesize
40KB

Download
memory/3980-1057-0x00000000078F0000-0x0000000007930000-memory.dmp

Filesize
256KB

Download
memory/3980-0-0x0000000074C9E000-0x0000000074C9F000-memory.dmp

Filesize
4KB

Download
memory/3980-957-0x0000000007850000-0x00000000078B2000-memory.dmp

Filesize
392KB

Download
memory/3980-14-0x0000000006E90000-0x0000000006F22000-memory.dmp

Filesize
584KB

Download
memory/3980-41-0x0000000005E00000-0x0000000005E08000-memory.dmp

Filesize
32KB

Download
memory/3980-1171-0x0000000009640000-0x00000000096D2000-memory.dmp

Filesize
584KB

Download
memory/3980-1179-0x0000000007AC0000-0x0000000007AC8000-memory.dmp

Filesize
32KB

Download
memory/3980-1188-0x0000000007CF0000-0x0000000007CF8000-memory.dmp

Filesize
32KB

Download
memory/3980-27-0x0000000004DF0000-0x0000000004DF8000-memory.dmp

Filesize
32KB

Download
memory/3980-1201-0x000000000A440000-0x000000000A4D2000-memory.dmp

Filesize
584KB

Download
memory/3980-1202-0x0000000007D70000-0x0000000007DD4000-memory.dmp

Filesize
400KB

Download
memory/3980-13-0x0000000006BC0000-0x0000000006C52000-memory.dmp

Filesize
584KB

Download
memory/3980-12-0x0000000006890000-0x00000000068AE000-memory.dmp

Filesize
120KB

Download
memory/3980-11-0x0000000006760000-0x00000000067C8000-memory.dmp

Filesize
416KB

Download
memory/3980-10-0x00000000067E0000-0x0000000006856000-memory.dmp

Filesize
472KB

Download
memory/3980-958-0x0000000006F70000-0x0000000006F7A000-memory.dmp

Filesize
40KB

Download
memory/3980-9-0x00000000053A0000-0x0000000005406000-memory.dmp

Filesize
408KB

Download
memory/3980-8-0x0000000005EB0000-0x0000000006456000-memory.dmp

Filesize
5.6MB

Download
memory/3980-7-0x0000000005860000-0x00000000058FC000-memory.dmp

Filesize
624KB

Download
memory/3980-4-0x0000000074C90000-0x0000000075441000-memory.dmp

Filesize
7.7MB

Download
memory/3980-3-0x0000000074C9E000-0x0000000074C9F000-memory.dmp

Filesize
4KB

Download
memory/3980-368-0x0000000006730000-0x0000000006738000-memory.dmp

Filesize
32KB

Download
memory/3980-2-0x0000000074C90000-0x0000000075441000-memory.dmp

Filesize
7.7MB

Download
memory/3980-1-0x0000000000470000-0x0000000000482000-memory.dmp

Filesize
72KB

Download