lumma | hxxps://www[.]youtube[.]com/redirect?event=comments&redir_token=QUFFLUhqbXgzUGZwQjdSZVNQRVNadHVOMXo2MW1Kb1d4UXxBQ3Jtc0trTzdjb0tSTktteWowcHN1TVZkdDAxY3czRENxa2lJNHgwTXlFVnZmTi1tRklncnZ3TG14cVJzYXRBRnBlWWhoZkRJcXNqaWNyN2xLWkpvRmNLT09oNlM1SF9fb3NmdGJfc2NQallXdlA0UjhCNGcxVQ&q=https%3A%2F%2Fwww[.]mediafire[.]com%2Ffolder%2Fb0grvem9rqtd3%2FWave

Analysis

max time kernel
264s
max time network
265s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2024, 23:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbXgzUGZwQjdSZVNQRVNadHVOMXo2MW1Kb1d4UXxBQ3Jtc0trTzdjb0tSTktteWowcHN1TVZkdDAxY3czRENxa2lJNHgwTXlFVnZmTi1tRklncnZ3TG14cVJzYXRBRnBlWWhoZkRJcXNqaWNyN2xLWkpvRmNLT09oNlM1SF9fb3NmdGJfc2NQallXdlA0UjhCNGcxVQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fb0grvem9rqtd3%2FWave

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://hummskitnj.buzz/api

https://cashfuzysao.buzz/api

https://appliacnesot.buzz/api

https://screwamusresz.buzz/api

https://inherineau.buzz/api

https://scentniej.buzz/api

https://rebuildeso.buzz/api

https://prisonyfork.buzz/api

https://begguinnerz.biz/api

Extracted

Family

lumma

https://begguinnerz.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	BoostrapperX64.exe

Executes dropped EXE 2 IoCs

pid	Process
4792	BoostrapperX64.exe
5224	Blades.com

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
5496	tasklist.exe
4068	tasklist.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ReferralsBedroom	BoostrapperX64.exe
File opened for modification	C:\Windows\ServicesOpposed	BoostrapperX64.exe
File opened for modification	C:\Windows\ConnectSentences	BoostrapperX64.exe
File opened for modification	C:\Windows\ChemistryRealized	BoostrapperX64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Blades.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BoostrapperX64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 53 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "3"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000ab5278529918db01622c8e854b5adb01622c8e854b5adb0114000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000017f175529918db018c7b70339e18db01263ecf874b5adb0114000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4520	msedge.exe
4520	msedge.exe
4832	identity_helper.exe
4832	identity_helper.exe
1816	msedge.exe
1816	msedge.exe
5948	msedge.exe
5948	msedge.exe
5448	msedge.exe
5448	msedge.exe
5448	msedge.exe
5448	msedge.exe
5224	Blades.com
5224	Blades.com
5224	Blades.com
5224	Blades.com
5224	Blades.com
5224	Blades.com
5476	7zFM.exe
5476	7zFM.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
5476	7zFM.exe
5948	msedge.exe
3596	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeRestorePrivilege	5476	7zFM.exe
Token: 35	5476	7zFM.exe
Token: SeSecurityPrivilege	5476	7zFM.exe
Token: SeSecurityPrivilege	5476	7zFM.exe
Token: SeSecurityPrivilege	5476	7zFM.exe
Token: SeDebugPrivilege	5496	tasklist.exe
Token: SeDebugPrivilege	4068	tasklist.exe
Token: SeDebugPrivilege	3596	taskmgr.exe
Token: SeSystemProfilePrivilege	3596	taskmgr.exe
Token: SeCreateGlobalPrivilege	3596	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
5476	7zFM.exe
5476	7zFM.exe
5476	7zFM.exe
5476	7zFM.exe
5476	7zFM.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
5476	7zFM.exe
5224	Blades.com
5224	Blades.com
5224	Blades.com
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
5224	Blades.com
5224	Blades.com
5224	Blades.com
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe
3596	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 2420	4520	msedge.exe	83
PID 4520 wrote to memory of 2420	4520	msedge.exe	83
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4784	4520	msedge.exe	84
PID 4520 wrote to memory of 4152	4520	msedge.exe	85
PID 4520 wrote to memory of 4152	4520	msedge.exe	85
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86
PID 4520 wrote to memory of 4840	4520	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbXgzUGZwQjdSZVNQRVNadHVOMXo2MW1Kb1d4UXxBQ3Jtc0trTzdjb0tSTktteWowcHN1TVZkdDAxY3czRENxa2lJNHgwTXlFVnZmTi1tRklncnZ3TG14cVJzYXRBRnBlWWhoZkRJcXNqaWNyN2xLWkpvRmNLT09oNlM1SF9fb3NmdGJfc2NQallXdlA0UjhCNGcxVQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fb0grvem9rqtd3%2FWave
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb386746f8,0x7ffb38674708,0x7ffb38674718
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9980580249684769873,2746781397280135722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:1120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4976

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5188

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Reslesl[13c].zip"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5476
- C:\Users\Admin\AppData\Local\Temp\7zO46529D9A\BoostrapperX64.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO46529D9A\BoostrapperX64.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  PID:4792
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c move Collection Collection.cmd & Collection.cmd
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4352
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:5496
  - - C:\Windows\SysWOW64\findstr.exe
      findstr /I "opssvc wrsa"
      4⤵
      System Location Discovery: System Language Discovery
      PID:3912
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      PID:4068
  - - C:\Windows\SysWOW64\findstr.exe
      findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2620
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c md 577677
      4⤵
      System Location Discovery: System Language Discovery
      PID:4016
  - - C:\Windows\SysWOW64\extrac32.exe
      extrac32 /Y /E Playstation
      4⤵
      System Location Discovery: System Language Discovery
      PID:1856
  - - C:\Windows\SysWOW64\findstr.exe
      findstr /V "SAVANNAH" Insights
      4⤵
      System Location Discovery: System Language Discovery
      PID:5580
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c copy /b 577677\Blades.com + Diseases + Bag + Shades + Faculty + Polyphonic + Career + Investigate + Reminder + Votes + Fiscal 577677\Blades.com
      4⤵
      System Location Discovery: System Language Discovery
      PID:3540
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c copy /b ..\Thorough + ..\Patients + ..\Vessels + ..\Neighbor + ..\Tion + ..\Exam i
      4⤵
      System Location Discovery: System Language Discovery
      PID:4624
  - - C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\577677\Blades.com
      Blades.com i
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:5224
  - - C:\Windows\SysWOW64\choice.exe
      choice /d y /t 5
      4⤵
      System Location Discovery: System Language Discovery
      PID:5420

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
22KB

MD5
c8d9354450ffc5790de88c331c9babcf

SHA1
08576dacce4d1bf99bb510cf49f3eb40582f7f79

SHA256
9b56b887eb5edbb6e380ff79484f6fdce01cc6a421eb24498590e940a979f7a5

SHA512
4bcc4597c927b51e7729b24388647e25fd1c457d16e3cfb1875306f345a9ea4cf2dec6657119dc2846a60d6d73a3ff3d4ac14557d3f1e926d3672776f2d7d2f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6436f7cc326d0e6fbfd45395854ba798

SHA1
059087a14c579cf88624074921ab8f500d164bc5

SHA256
404344d8e50862d5a0818aaca43b02ed8ebb80dbdd530a4f66a5093008187bc4

SHA512
b9cda5f744ef460f11f7b1065e44a7b3a685259f2d6621527fa1337b0b2fb615aaa6337052ce7489759b7ec97380e81d12dce90f9bb138b589229097e6803870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e65126878a3f6b35be95cd6dd10b1426

SHA1
09df91f39158ed9064a9b7d7c7bf4bd4a614a9fd

SHA256
7e89f821d7dfab1755d56f32bce3093cfd4c9a84d58854ea418d10dae6417dbd

SHA512
7308bb74c3c27df9653065323d220533b1b7826c551e842bcdb86679e1a3a122f2453b12b13112ed397bfbdd4868161a29d51b0d27ccbb1dba31d336d4c73f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
279df7e4a21e6ee92bd3898dca986c20

SHA1
e45a17fd19c4aa061c26641d27cc6f5077952b23

SHA256
9c2088cf3e0187bd2ae52a6b02e3c438fa02ed3ce3b1b2e82e92eb8361946094

SHA512
3cb41c8cb88865833470f7ff8e0e4f4a079b875cdae1bf0b01752e2b33df1d2adcfb3100ba4d794332ad6e064b96afb50e907941d3a6efcace2e9c48b27e6c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
57eb370765fbd1eb22b39677f1de04ac

SHA1
d1611301010da0a6b142b268255ab5e1b8e950a1

SHA256
bde56818e9155c95209b4dc4577f4d16447d46eaaba228d1e9414f137e542ca1

SHA512
24d0ffedc6c3656f4cf4ff1a73e67d8e1e82c268a6d7febc59686b72f9245c2005465feb7b0ed5085096c3dcda62c3c13887a9cb39b08e7e775d848fd07a6a90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9e6fc1ed671abc0e4e06b56427da202a

SHA1
a76940bf2419d52c2fcdea85c606ba6300382f49

SHA256
61e0d15d558dd9d914bc982f56a4e86ad85631195b7914b112d7313cf3517c88

SHA512
3ccd7144c7d557564c8e32bc194d7b20c0722dc51d8d1a14dd25a14df9af0e96085f54792b2523c585d64f74697b5ad4e66252b584efa147f548697f1dbb478f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2e464f0baa5f7f8131a329e2a4f77248

SHA1
97a65d28efa161aaabfb88b5cafe793ba2462aef

SHA256
06885b515f330b95836cd19d130ef3fe8042c9bfab52ca248418468c60e1586a

SHA512
854f783e6b09002364636160e6f65bf561c46a2ee8f341386d4d6dd55ae7cc5a72cf22c92ef2e53a0ad28808a5b2d5c74884c6a568c27255b41e685b8fe5d808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
47a44da7c1c3bef523958dfa1b59d3f3

SHA1
ed33382b48e4e994af90f6954e972b67aaf8d8cb

SHA256
0a4dffd31fe948b5bdfb4e4b0e0116bd27bc4000e2b59fd58893c5b3dc005e45

SHA512
b9900378aaa6fee6873316ac1759ffc5f0351cab9b9fd676f43d2e6376c61b3dc5ec179d5c9dc6f4bdaaa1b29ed6e1b6103b0ffe2a8d9c0f2e326a5be860cb6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
e3118390ab3a483131ef421b92703c9b

SHA1
ee4e694ced13eb1da10552e9800dcb8f3aeaf722

SHA256
367ee662723da2241d3b06d4d032ac02716c9a88df4469a89d9db9a2e7a30f66

SHA512
181586c3b890ea12e4a6b08db73897e47dff4ef0c3507cf2f7d6b3ee0a55cbd415ddbc9d823bcccabed823946eb8c51683e0572515b22acb74eb50180144129f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
5853759cb973f9d59048562ff6fe00bd

SHA1
7c7ae629ab78a57ca1cc872cb8b0d6c71c881196

SHA256
3bddbd7de5eaa8e53fa89360921494c48e42dbbe1de803ccc0125d4b6b18fc05

SHA512
828754e16bd16b80515767a93806eb61ddcb51d6b1207b54b2a6f86c04f64700aea4f89c9af9e57bd936dd45dede104fdaff612d7cc1210c64627cf198c91f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
349ca00b18b6d34bfe7b5b3aee15521f

SHA1
16f59299b1129252da32623c51614202825c9266

SHA256
6b487eaac62c3327c97e288ca5c3284312347f28f22f21f84e3cf1747a3606b9

SHA512
a9b777159cd51424fcf1c81733a75294fd61f1abdf99c4d78782dcffb86bf7f6498175c4ab50f3f449ecd1be13405595d4cbf22a4654275213b9fa1e62cd5eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
02f20456a00727f297abbd05686074cb

SHA1
76c20608d3ca82f963bbe0f4f9da8699d5343ac1

SHA256
9cb1c6947c275320f53b17053dd5c30ab914a0898d697387a9f8480211aa48c7

SHA512
9c1949f18c1f7b8a30a840fc51ea3fc00ad62d74cc37516bf2b890658da787114f76fc3025f7b0752605f6c8d0fb004fc1cc271f87cba04b215086113eabffa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
aa876644b2967371c155f3f7c4c3bea0

SHA1
d237c64f69b36c9eda3fab484f1cd232dc8a0421

SHA256
e8edd0e88df95f31e1452bc44806148e25bed3c92f474c63ea90085b4cdde352

SHA512
834933b331a9cb29f250b1344a087841f471b5eb49f1254e67935f386e09a48b06b2c6c442af787008dab5024528ff693d0bcaada729e279b2157d24a48e9fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aef47fbd2261303fe5bfc8411e29618c

SHA1
7c05b686b9bd61c634dbf3609630f1b7d0d00abd

SHA256
199952115714fad619b1240ebd6fc990d72d0f3965e517646404be549d3ee94e

SHA512
f5dbe91f50201dc5703a012f4cb0e86161dabbcf2e9c16127e69be11fcde73e8d7f98601552c72038f599178bd1fa8c02d074fabbbb4bfabf3e140c313ef2b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
eb025dd8fe5ed7145b9c19bbc734cdb4

SHA1
11b71f7a5bb561e0e355711b9a06e4a0218e225f

SHA256
173965f33526331304b9f902b94b35bb0c82738412b01c33258934ca409202a0

SHA512
e36b31ecff199581ed8594f220806290522e248af0cf1fcb8b436110ce24bd3b17cecee9d8e8fe8a80ccc70f14ea310ecffb402a26791f5965c9ad99e3c72c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b97ef38d5808134dd23a28466413edc

SHA1
077e0e867117eadab7a2f5f8dceabad385ec3a77

SHA256
d4ca4ee3349b3968a975da7508bfb1ab6da505e1a8428d47605f127915cc3e53

SHA512
15ef39d8973b392b063528b456a584566a776e581a480470a2360568ff66c71833aef613539da32356274b8de20dc2e8611cb48dc59bd51114be8718ca52f359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a870014fed8d55d4532666b5c0031b19

SHA1
77fd772b5af78f91bc64cd8b317d2d56c337a746

SHA256
18d6598d9bf6c1a38a90812705fe7eb38fd2d9b66b8b27f799b713cd1f088edf

SHA512
cc8fb9ac49497e89ae47061b86645bf14b0adb0ae0016539d428dacff6f70a8e58f8437ca3ef1330cf8ecd6024d96179f9e4e94310eceda138e791b826a6443f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
6c4725b5d44b05eb7597ee21ac176d1d

SHA1
884e169af9bd336387c07615bcddd27480359cda

SHA256
cbcfb3e27ddb56f27af963a01473000710007923510bb8b36c358aa959f0a902

SHA512
8e65875afb7d419dc9aeefc883066fac2fcfc63c7b47423dc4565e4241005afab6116d6f657c78e4520fab40b5f3ea9532dfe26db20dd05c93c4eeaeb881b0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
07a25357c8ab7236b5b71e75dd264184

SHA1
ee01d64e2ac1ad78b2250ec324944d889ded0820

SHA256
d2ea8d05f854b4cc58fb4b90f18e96126c0c6da664d12af56d686460489b5e88

SHA512
a1cffb398d3b26c1e3446c4986f2660e2c2e9715de221c81432bf62b37daf3d45d4ab615517021b98e4b345b27facd1870158f23621fe4edb724a6f3088099e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b17cbb32fb25d4e75e582caece95c7d5

SHA1
1eb83cd7cb755771713cc46416872499730f9cdb

SHA256
041616b43165d774d95a1cc3e203fc335ec3bc382fea6e55820f5608b9f4b225

SHA512
ed1ca412250bec806451d7d309e8dcb6cc5ea963b2efeb5c276907182f09cebc185b703f7c3f4d3753ee82b1b57620d3af19cf37ee4e5108952926bb66ce2290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4638e871aa2b43be8ebcdeeb67b631ca

SHA1
7f13101dc829f2b373b0d7c71edcb930be157dd2

SHA256
6c6759f2998da72e103d690ca1d9fe933c4c03026201d99c0fae1df84cbf2bea

SHA512
4ee0d87d5d1c5951679f61fc89bacf2600607ca1f41955c33074752aa1a6032e4966969ef5b3321b9630ab37c4aff9231daaa2922535640dbf602c38676eae43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
38cdb995085a0cca53b445fb31c82657

SHA1
c2012a0ffe97ceebc6cc037dad5dd2bdd0dbadaa

SHA256
014631c6cc339d02a8ec5b6daa174585806088728420b95aa3e0d11577fdb88c

SHA512
bdaf41f3257639a3ed901b390382e1d70ab9c5df906990ae64cc500791bd437b666b6eab67b843ec88018552b1bd324cfeb67c0f6842aa14d3b78251b2a7caa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
423beaff6891343a1bfd1640cadee11b

SHA1
eeae337c251e42ac383306f9689dd87be5e3604f

SHA256
88dce248ffafdf9329a5d39e1094eb08c9917b507ebb094be5eb02c8a46597a2

SHA512
f7641fc260a1d73417beaabe69c59c2cec07758ddb1a28d2cac710e21c57e9ff33a59c3ba2fc442535e1788a8dbd37dd2c9f4cd46a2900f58ac2838758fcd5f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
750af3a0effa63bf964548ae368743b6

SHA1
a3c457c14151dce3e29c377bf8196d72a9d129ba

SHA256
cb5f84e26d167fcb96c42bdcfa52085df497cbe3decae371459f91d59814bc0a

SHA512
657331f648f8e2d13e5613436126fc63d4a3b235daa4f8fbedb430239b3563035f6f6655fa200c237b813bd742094ec79d7b446febd0c98c1ca8556a2ec611a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1aa1a424ad5d7e3325a20f1b020152d3

SHA1
5724a975cae9b43480e713cb75fb9fbd8103ef2d

SHA256
02c89a7353409a2587266adaeeeed4f79ab339e16d7515e0230c81dfaf7d8fc7

SHA512
5a90e157ceda47f949390deca62ae5949c09c5d3fedec9a575fa4d74d44440a0c7d7a439c170ae128fac414231968a52fc3016219cf4c30673b09cfef977c7a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d6b9.TMP

Filesize
1KB

MD5
e60424447d4a6048d41be2d15e5dc111

SHA1
ff59e07643e13c99540501c088d9d9d10e62ca10

SHA256
a225271f995ecd7c77550cc3774201c6cd5e327b59e58b2025a35334a6ece7fe

SHA512
c3f5f3c5545fc435974d8fe19eb1cb680b11f47ee9bc10355c7d9235b9d2cf0560a000f5fe9bff067a96e0d4e6a2a2fd5f48fe8f8263ea138862e85b17a4262a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b5ac4a29de70d7c365a9aa1ad003618

SHA1
1b292c3424303b71889031471c2dd2ac59ef4228

SHA256
91342b1940d7585ac4ab6ce3064171c3251617b4332166476fcbc166f1f61111

SHA512
b2c5a669ecd0abb0d4a8b8a81fef749e9487aaf61513cd2160a364d45e2b581396093ab8d2cc6824af4632dcf40efe57c2b34ae939a1f6c994b3ac8bf92f4e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
826b122ae7107e743e5544067fda579f

SHA1
87f7ad9d2706a99248e5f5d5f723ea674504694f

SHA256
76c44e06b5a8b1c80c31caa3e64f9c9ade946dd595aae67a83d6ecffa03b9046

SHA512
3b0411336d3aca9332e8648e0471c0655428bc753fdf15cd381c5d8a8f59739353a6ef0880115dc4a87a4739ea3a7cde95b976cf15aeda784e8b663f29aee261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3a1942c26133ebd281bfe38cbeda50d2

SHA1
fc37d30baefb6bfd8dacf9e172cd28bce1d2d787

SHA256
139d9b1b14dbc0ea7927f63584c0f1f65f568e7b3adcb652ef90a8b560cc1619

SHA512
08aac38ffaac6ed04593f96376cacee0ea21fba25d54a8ea82a38a3499497fba060ef36c38ab7ff57ab3ca1e6b69a7f94d9e0873c9566a5281a5756c90283d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
64a03851c23099f83ad389414f86f24c

SHA1
2eba8e258f9ce188a4de8c21c588e7dc17be7e77

SHA256
51222f144338a6dd9749dcea06182d43f052d6f4e7103b77fb0ade6c5cf29b8c

SHA512
b42a6bce8c5cabcbd6957642cc19ee64b144b3d7bbd4d5d703f98ab658218135fa4757b727da0c774307fb5aa97f7d8df772658df1848c29e612c6f694d20685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\577677\Blades.com

Filesize
537B

MD5
879a8b485dcf860315b274c729d86e87

SHA1
e1a410d311d49e25c77e10fa4c02e540ac109054

SHA256
038c24e8f949b0e3d800f7a69ec00bd072da12f87c47ee881fad97fb6a449053

SHA512
a10ed7106fed5e30505b0185b4e140f77fadf205f5fb593fc5cbd40ff1385abe4cf668465808e2cf13bbfd8dc2b37800a3c4ad5c721936a80e75d2655dd26795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\577677\Blades.com

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\577677\i

Filesize
469KB

MD5
3a6874302851a697ceb8f42f308f0412

SHA1
86acd728e680f19a0b075586e15fcfe27d71112f

SHA256
f331e0de1e8d0427fc0104fc6454ece131876cb5c8a4b607e0d1f6d7f4e15151

SHA512
17f89b48008df35a74cf5ee022cdb931b0f718eab879daf4fb682c4a426fc1f448cbdb993cc2b3b7e96640f1d15c1289062de57fd211bf7b23d1424924f65d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Bag

Filesize
104KB

MD5
5177efec105e33ae0aa304a5362d9631

SHA1
50f431f5bb750d1d27352dfa8b7ea3cd0749afe0

SHA256
6b16c166c6d1f472f61103e8a3b1eb369298234afbd0f22e90699d0be961975f

SHA512
d61dcdc03639969bf2f3d25e45030a82ad49c85d5809923d2fed82e26155cf1bcd9b82109aebef1b368e9971091dc13c8321aaed6162c9b88ddf769ab1aad268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Career

Filesize
119KB

MD5
f8cef50a46ba8a279d60f3238bff2788

SHA1
806b7988da1b0f33741358440b32ea4ae365a98a

SHA256
1931be17185ee066488a44a371005468a1edb433b1f09a855090f22e8e70776e

SHA512
50d7efcf7a76b16a841d57509f321ef28f74c46709057b38ff30b5615f38f8553dc95a980028efb313711f367e8d793abffab063763dae061e9bcb2c240fdc86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Collection

Filesize
30KB

MD5
6479b7f536c9335d07ad988a176e8959

SHA1
c85f68ca91303a8f3319061afd95e13523fe9e56

SHA256
1fb1758a1710f68ea3cf0db68b74c501d0f10b17b04c2fef397e2f9b1008268d

SHA512
42519358e6922559c77f68469092df2c14b96464b9ea96c546952c54675a0766adcd1d4c775abe463c8be8d8f22d171f26836534ffdda4ca179250c502091268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Diseases

Filesize
78KB

MD5
9c0971ecb2919428ad914ad26dcb1d4b

SHA1
d66d19b6647525271209a83e1c7686adfa33809c

SHA256
ec69a34af00e6ed8daf59ade4fa96196719a57ef144e7eb5ab44be63c9a69d58

SHA512
e5b0ae6588aa30ebca1ef005848e4be0caaeb19f3bd68e0b6d83241f92371a5bd609e86fb38101f270e1e7b5af566fd2744f0de85c684404b73a51ddbe29885f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Exam

Filesize
74KB

MD5
f82bd4bd732255b4d778963667167cb3

SHA1
bb3582827ae09077d484761bb6bb9dd6990c7e71

SHA256
998178a73bdc33dc8160806b630c6f7059f0a6ccda3bf28e7e342da19e65e9c3

SHA512
0d3e7798c864c006178600c870980f6715c639fc1bde0311fd7eee6870ac395efc928b809872894fe1889d8b472ce478cbcfc671549f0752d0623eab3be26fdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Faculty

Filesize
142KB

MD5
99eb5fa12753d8bf7d3cf9f4c7373436

SHA1
155b6f947d639bddcb0af998c3086b1ac6b63557

SHA256
aa81dd58a1c6536a4ab0f4c5c2db2b7afde6918713a127c6aac1a507b9a8ddf4

SHA512
4bafee28536dad7602e9dbfca01434416f2fd31ce6a403fa57344d452f64bec5807c3bb5f9624f3f0728e18f60b3f3590a75c95a7b9ed0f7a41b1e342bedd90e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Fiscal

Filesize
43KB

MD5
0d15e3bfbe78f9be763a994d8177d6d6

SHA1
dfb9a31356c85942f7a611d820560f8b84b7ec0f

SHA256
a3768a1c4953ed6567e0431e6bbb6dc039bec6d3ddadc1cb09628529f782f7b6

SHA512
e8cedd1046dbaa6e8e76fb8247eb384d92fcdfad5393ee7c00de8eb2107a8f9075efce2a6182a0b733956c3f45bf1814e988dc74747fdbf28bdd4816ea2afb9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Insights

Filesize
545B

MD5
413a60fb2d82b4ce8109c6e508f5dd1e

SHA1
dd7d9e395a7935c2bf8f681c7b3e40ac9547f18a

SHA256
a9acbe04968d3aa344d806bc131edeed835c35690cf8d5b4ab8bf1e7fa766e5d

SHA512
206fb83674ed6f6669027899d462b015323f14016aea8b23dc4daca30466f725ddd8befe4693268f31ab82ff7b8857c6258795276c55d4c3968670602fc4ca1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Investigate

Filesize
129KB

MD5
ec880d0a7ee22c8e46fbf85af44cfd6d

SHA1
e9c430b472eee9f617dd27a97db30f0e52a49eec

SHA256
ff2ef38c7353e403c7162fede86be41f3289f791282094a28da086e4d999ac53

SHA512
64bbd2f2e144b4de5429a52bae41f5382900917becf55b52d53849db43db5f734afa8b31fac35d1a77b1beb12dbad0c9f469840b86c23955cbc84b9161b46c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Neighbor

Filesize
60KB

MD5
e3b998a372b3f7c0d730675e37663918

SHA1
bdd29587543c0396816498f9fcb4542adb1eb72f

SHA256
2e86dcc4abd0cf610dfef2555761e6ad6d668920e8aa2bd64f4c86250b87ccda

SHA512
ffd5623925798f2a113acf6dcb65828045cc8d24fd94c947ddb2b0f99d55f2aef7b426e62c93546d348b7035321d94dcfe0ae9709a6c27795cb3d6981504e904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Patients

Filesize
85KB

MD5
afbb3caff3929f5caf0ea6c09e58f789

SHA1
b418a3ccdf582570ac15dde36835da5857df0e65

SHA256
c53f4cda3e5ac7bcb0ee3f1a8f4d261191bfb90cb64092b9886e4a0fafaf3dc5

SHA512
36aa8651dc5597502e9c08dd12e7d4ea34bd503f42bd8fbac2ac1c12a5c3b8e3ef951c4c116e702804f146cf28a51a3ca3350a175ac2357e1dcb98f9b71fac3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Playstation

Filesize
476KB

MD5
ff3ba342fa0b1c89e3f52df1b73b6dd2

SHA1
c67105b4d000847f3040cdfc100ee38da302bd0e

SHA256
fbd33215a5ae079782335f882bc47b272356129b35e34fa4a813747bc565d315

SHA512
2fab550f1687e5cccd4c8a96577d9c15f22c43e18fe631bf08f0762c89599819955746670f57bb4bcf0483f86f2bc98331ce4b85c562f4ead3777bab477785ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Polyphonic

Filesize
117KB

MD5
e19afc34a1ee9eaa2a37846069d4e569

SHA1
19846791f60bf300e81cf986cb9146952091e39d

SHA256
b8f64f63ff9419d0a068a3ed51d3067d6515c83d833e96668dc32822053e5a9e

SHA512
cf0ecbb3bdfb58bd609370109ff980d56c54ad1cbffb857e24195d8e2f965700d4918ea5a3c16bf8b008c0ff0432c2af8ee9b266e956f45a537a90a0c85b118e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Reminder

Filesize
65KB

MD5
ac99470ae40e8a86a6bcdcdacd19b0ed

SHA1
7317c1d6547af3db940fe32019bfd09c737f6b60

SHA256
9159ac6ca1a1516b72cc8b17282cc2e7e2a7aab39414850677e35d5d9e931e83

SHA512
95af638e2c95c62c61f245fa7c793b3b0c2f638922d960118c30de7f9efb7bb0048fb73139220a2fe893c60c1714a0646d74143aafc10784ddeb52dccb7da266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Shades

Filesize
70KB

MD5
0c8a494f48923022745a3e96b8abd8e5

SHA1
84413ff6630fa8b5c553839516ba5feefd9e4eb8

SHA256
e4eb357cb6aad6fbb744d341054d8e3fc603fe522db32fc7e4f6b1100f587800

SHA512
f7603808c827c0786cf9a09d42480fb43e5944c141bb9398dbf7b9d921e7d273d23dba760a266abff40ea0f31ffa366e75f6bd4a64e59cde4e8bc33e5925d7a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Thorough

Filesize
58KB

MD5
e52dfb935e9690a3b1d4c3dfce0a3a59

SHA1
353ae454882185b8ef34a2ecc1c5b4cefa41c524

SHA256
e2672d9b463db1ee759e0d81de01081995c36c094e1a7ee83a27a3d5da4a2a67

SHA512
a993cdfaba9fc27ad79f8e8af30269b4ba187fa10db318d830f3c842564d5f4cef398942bb66fac63e22c1744712cb218724a1f1edce4d56e74da621b23b363a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Tion

Filesize
93KB

MD5
a00287d4623526d77a4364213ffd78a6

SHA1
a93a94e5b7b459df2a8e340ec2c9f3ddc8696e03

SHA256
dae21476b99543fc0e0b670a722c122bcebaf83510204dc18516d39e5782ed8e

SHA512
9e33d8899f54c7729667964ab50a4db9d1ec15a429bbed252a2e3449b8d9c827b73fcfa6071bc6aeeaa5dd704016cd087e5ec9f089d8b40168539aa9d17cc86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Vessels

Filesize
99KB

MD5
a0c46b378af316f01644f7516a67ae8f

SHA1
3078ca4c91900ccf35ee5be9171ba7de7b2e201a

SHA256
a9696081082702e3827a78d57b3712dcaa4a4e06b2daad79b0c052c0c7efac87

SHA512
682151c57968da2db273fb5a6c0d4d3c2647ad31762c83e332f3825fe6848870971af1481dccd9047d30fffd2969ba8b49b57ceaa809b5ce7dcc3b8ad011ebff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Votes

Filesize
57KB

MD5
d3c6665c189e64c126920f2ec1f0f4fd

SHA1
c3d6c9550d028d30cddf5671f915c1eb55208ef7

SHA256
ee8ac35d35b2b5a3d686d818c8a6f1b9e5fee713f553c62f426bd08144efc3d1

SHA512
207ff32ecc61def8e277d3a215e09fbea73ee13a3e103a530d32a45ac954b3e421a13f82fa721ffe0bb665357de2111b9400cefffc45328da0ed2c3bdb243436

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
7aeb3baada3f25ba78b500a6c80d34a4

SHA1
b8fa83e2fb106d56ce8ed60677a49b559b62744f

SHA256
bcb85ffa94dc6ffd261043b65cee4d4dfdb502476643c79ae8d1c06982556b02

SHA512
19bcbbb7d1a51eba7fa9fc8889a526f7fa7d657475b28386c8a48dc64c1d7a363d54fa7d7cb541d6eb698ad7f49ee7a9a7b72bdab71c1557c6e603441ad105fe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
05d595f2aec4d4da91f17b9e2a77bbe9

SHA1
9631bfbb941cda9098ce3ff7ce3d9f5eeb84d70e

SHA256
3448cff2373731c4814b20fe8a1864f76df23215634926c744a0aa41d40c78e9

SHA512
6b656e04a6ff341504b63836d3b8c532ad1bc5f7e569add8c30a413233a6ab9567dac275f0c52bf24b342fdb44710e99fc3bc7775944bbaff0552e212f81e4bf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
1f1b769b6a6e02bf142879d9c52d50f5

SHA1
51d94b7281a1a37d79b60b0b591dd0fa27ec92d8

SHA256
28a4884a49952d816c13bbfe21913ac3e015bbb106d4e9af87f556f279b9ac5a

SHA512
88dec281ea862ad2584a92367d8da695069d32ca868d22132c29eebbb08bbd98cec7299236ff65a4ced9bf89f80ce611412424f04c720e1c9119bbc9443a13f9

Download Submit
C:\Users\Admin\Desktop\BoostrapperX64.exe

Filesize
1.1MB

MD5
7ceaf5f580f8c1de0abd2155e23fabd3

SHA1
23b87f5c240953a9f1cd3091db9dd15c3035526a

SHA256
5f48c49a076ce47c99701ffc6923f70f2e2992d4d8f250ee033f268feb1347be

SHA512
6ac89ab1be1e929783bf3561c6048185bf551599939c4e42e7a785a68b7aa3a4053313edb878a78d4af8e2efee0c2a33251f27a818e2edf369e8fdf3e1e6c6fa

Download Submit
C:\Users\Admin\Downloads\Reslesl[13c].zip

Filesize
1.0MB

MD5
acacfcb1f4b8d88f12298884cabb3234

SHA1
d5715752af58f7e77f59a943f5975be69e24c1b0

SHA256
11a44c3b99afbc453f3c8c4c5ec3e630380744bb9333d1dfad46b8af9c990bc5

SHA512
9d7345e6bac369723ece2ed76f5e9b502ed4c53c1fe91b334c6d2fe7c2636fdf9eede0cd67bd69e32808fab21db4e612b85e628cd6c06df0ddaa8a9bef6cedae

Download Submit
memory/3596-1025-0x000001FD6DD40000-0x000001FD6DD41000-memory.dmp

Filesize
4KB

Download
memory/3596-1032-0x000001FD6DD40000-0x000001FD6DD41000-memory.dmp

Filesize
4KB

Download
memory/3596-1037-0x000001FD6DD40000-0x000001FD6DD41000-memory.dmp

Filesize
4KB

Download
memory/3596-1036-0x000001FD6DD40000-0x000001FD6DD41000-memory.dmp

Filesize
4KB

Download
memory/3596-1035-0x000001FD6DD40000-0x000001FD6DD41000-memory.dmp

Filesize
4KB

Download
memory/3596-1034-0x000001FD6DD40000-0x000001FD6DD41000-memory.dmp

Filesize
4KB

Download
memory/3596-1033-0x000001FD6DD40000-0x000001FD6DD41000-memory.dmp

Filesize
4KB

Download
memory/3596-1026-0x000001FD6DD40000-0x000001FD6DD41000-memory.dmp

Filesize
4KB

Download
memory/3596-1031-0x000001FD6DD40000-0x000001FD6DD41000-memory.dmp

Filesize
4KB

Download
memory/3596-1027-0x000001FD6DD40000-0x000001FD6DD41000-memory.dmp

Filesize
4KB

Download
memory/5224-1058-0x0000000003F60000-0x0000000003FB7000-memory.dmp

Filesize
348KB

Download
memory/5224-1057-0x0000000003F60000-0x0000000003FB7000-memory.dmp

Filesize
348KB

Download
memory/5224-1056-0x0000000003F60000-0x0000000003FB7000-memory.dmp

Filesize
348KB

Download
memory/5224-1059-0x0000000003F60000-0x0000000003FB7000-memory.dmp

Filesize
348KB

Download
memory/5224-1060-0x0000000003F60000-0x0000000003FB7000-memory.dmp

Filesize
348KB

Download