Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://bing.com

windows11-21h2-x64

10

Analysis

  • max time kernel
    1798s
  • max time network
    1802s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-en
  • resource tags

    arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27/01/2025, 17:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://bing.com

Score
10/10
chimeradefense_evasiondiscoveryransomwarespywarestealer

Malware Config

Signatures

  • Chimera 64 IoCs

    Ransomware which infects local and network files, often distributed via Dropbox links.

    ransomwarechimera
  • Chimera Ransomware Loader DLL 1 IoCs

    Drops/unpacks executable file which resembles Chimera's Loader.dll.

    ransomware
  • Chimera family
    chimera
  • Renames multiple (3260) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Downloads MZ/PE file 5 IoCs
  • Executes dropped EXE 6 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 26 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Program Files directory 64 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 4 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • NTFS ADS 9 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://bing.com
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x48,0x110,0x7ffab87c3cb8,0x7ffab87c3cc8,0x7ffab87c3cd8
      2⤵
        PID:3996
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
        2⤵
          PID:3404
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
          2⤵
          • Downloads MZ/PE file
          • Suspicious behavior: EnumeratesProcesses
          PID:3316
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
          2⤵
            PID:2032
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
            2⤵
              PID:2804
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
              2⤵
                PID:1460
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
                2⤵
                  PID:3276
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
                  2⤵
                    PID:2040
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
                    2⤵
                      PID:4796
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
                      2⤵
                        PID:3528
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
                        2⤵
                          PID:1952
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:3692
                        • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1536
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
                          2⤵
                            PID:2428
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
                            2⤵
                              PID:3192
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
                              2⤵
                                PID:3352
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
                                2⤵
                                  PID:2680
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
                                  2⤵
                                    PID:4960
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
                                    2⤵
                                      PID:2944
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:8
                                      2⤵
                                      • NTFS ADS
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:5040
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
                                      2⤵
                                        PID:1244
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
                                        2⤵
                                          PID:4624
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:1
                                          2⤵
                                            PID:2968
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
                                            2⤵
                                              PID:2060
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6404 /prefetch:2
                                              2⤵
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:3280
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
                                              2⤵
                                                PID:2864
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
                                                2⤵
                                                • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                • NTFS ADS
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:1088
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6456 /prefetch:8
                                                2⤵
                                                  PID:3076
                                                • C:\Users\Admin\Downloads\Happy99.exe
                                                  "C:\Users\Admin\Downloads\Happy99.exe"
                                                  2⤵
                                                  • Executes dropped EXE
                                                  • System Location Discovery: System Language Discovery
                                                  PID:1064
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
                                                  2⤵
                                                    PID:2040
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:8
                                                    2⤵
                                                    • NTFS ADS
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:3376
                                                  • C:\Windows\System32\WScript.exe
                                                    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\ILOVEYOU.vbs"
                                                    2⤵
                                                      PID:2636
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
                                                      2⤵
                                                        PID:1088
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6808 /prefetch:8
                                                        2⤵
                                                        • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                        • NTFS ADS
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:1044
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4564 /prefetch:8
                                                        2⤵
                                                          PID:3276
                                                        • C:\Users\Admin\Downloads\Vista.exe
                                                          "C:\Users\Admin\Downloads\Vista.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • System Location Discovery: System Language Discovery
                                                          PID:1684
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
                                                          2⤵
                                                            PID:1248
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6920 /prefetch:8
                                                            2⤵
                                                              PID:4356
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7048 /prefetch:8
                                                              2⤵
                                                              • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                              • NTFS ADS
                                                              • Suspicious behavior: EnumeratesProcesses
                                                              PID:2188
                                                            • C:\Users\Admin\Downloads\rickroll.exe
                                                              "C:\Users\Admin\Downloads\rickroll.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:1536
                                                            • C:\Users\Admin\Downloads\rickroll.exe
                                                              "C:\Users\Admin\Downloads\rickroll.exe"
                                                              2⤵
                                                              • Executes dropped EXE
                                                              PID:4952
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
                                                              2⤵
                                                                PID:764
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6944 /prefetch:8
                                                                2⤵
                                                                  PID:2108
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,7091206324564433625,17775358539450378527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7024 /prefetch:8
                                                                  2⤵
                                                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                  • NTFS ADS
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:596
                                                                • C:\Users\Admin\Downloads\HawkEye.exe
                                                                  "C:\Users\Admin\Downloads\HawkEye.exe"
                                                                  2⤵
                                                                  • Chimera
                                                                  • Executes dropped EXE
                                                                  • Drops desktop.ini file(s)
                                                                  • Drops file in Program Files directory
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:3932
                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                    "C:\Program Files\Internet Explorer\iexplore.exe" -k "C:\Users\Admin\AppData\Roaming\YOUR_FILES_ARE_ENCRYPTED.HTML"
                                                                    3⤵
                                                                    • Modifies Internet Explorer settings
                                                                    PID:5072
                                                                • C:\Users\Admin\Downloads\HawkEye.exe
                                                                  "C:\Users\Admin\Downloads\HawkEye.exe"
                                                                  2⤵
                                                                  • Executes dropped EXE
                                                                  • System Location Discovery: System Language Discovery
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:3672
                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                1⤵
                                                                  PID:2968
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:4120
                                                                  • C:\Windows\system32\AUDIODG.EXE
                                                                    C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004C4
                                                                    1⤵
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    PID:924
                                                                  • C:\Windows\regedit.exe
                                                                    "regedit.exe" "C:\Users\Admin\Desktop\ConvertGrant.reg"
                                                                    1⤵
                                                                    • Runs .reg file with regedit
                                                                    PID:3680

                                                                  Network

                                                                  MITRE ATT&CK Enterprise v15

                                                                  Replay Monitor

                                                                  Loading Replay Monitor...

                                                                  Downloads

                                                                  • C:\Program Files\Java\jdk-1.8\jre\lib\YOUR_FILES_ARE_ENCRYPTED.HTML
                                                                    Filesize

                                                                    4KB

                                                                    MD5

                                                                    5b3dd16faca613557b8c8b63cff6324f

                                                                    SHA1

                                                                    2113247643a01738e65e7cda78781b99a6e20346

                                                                    SHA256

                                                                    bd9be04d4b86c156bfeef0c541283dd1aa1a352c2d3f4657d015ebd9a4ffc27b

                                                                    SHA512

                                                                    4bbfaaeea3835ba4082412b7cae81225d9ad322df3316da7864aa0eda382023e81ead8116a1675c3636c701102dac496264984d21e442d61a9b8ca288b19b044

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    5431d6602455a6db6e087223dd47f600

                                                                    SHA1

                                                                    27255756dfecd4e0afe4f1185e7708a3d07dea6e

                                                                    SHA256

                                                                    7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

                                                                    SHA512

                                                                    868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                    Filesize

                                                                    152B

                                                                    MD5

                                                                    7bed1eca5620a49f52232fd55246d09a

                                                                    SHA1

                                                                    e429d9d401099a1917a6fb31ab2cf65fcee22030

                                                                    SHA256

                                                                    49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

                                                                    SHA512

                                                                    afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                    Filesize

                                                                    20KB

                                                                    MD5

                                                                    edff034579e7216cec4f17c4a25dc896

                                                                    SHA1

                                                                    ceb81b5abec4f8c57082a3ae7662a73edf40259f

                                                                    SHA256

                                                                    5da4c64f6c1ff595779a560e215cd2511e21823b4e35d88f3ba90270d9244882

                                                                    SHA512

                                                                    ab2dcd1628a0d0cadf82eebd123526979e8cf0a2a62f08f1169d4c03b567eca705bd05a36e5ffa4f6c3df393753b03e3daa18122955dde08fd8e5b248694e810

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
                                                                    Filesize

                                                                    58KB

                                                                    MD5

                                                                    68d6a168f33a358f0daea04bf88dd350

                                                                    SHA1

                                                                    bb73acf698465d61b5f7d7655d53401c200fd325

                                                                    SHA256

                                                                    44b945ffb8cfbc877840604a1931f8926c9baeb8834d3b3ca1e620206d410c44

                                                                    SHA512

                                                                    4b573bbe483245b9388081c0278a8436225496ac6da4caa59edcf7222a2c4fe4e7b701f88a8327c313f901c463eac1fd5d102db0b0cd88eb6f893e30eb37d82a

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
                                                                    Filesize

                                                                    16KB

                                                                    MD5

                                                                    cd4e82b46e4da434142a43b103c70d82

                                                                    SHA1

                                                                    c90880a374cca87c8db41b629e803cba3412f14b

                                                                    SHA256

                                                                    7fac6df5eda28d747100a7de800f01581d46fc81adfb53e5f6597e81ced06613

                                                                    SHA512

                                                                    89d38702ed8b7eef95f287012b3de691cca0c191c673ecb7be8aff9481f38e6669ff9b3b422b4e92b1d4bebac4d4e67811cde421b422728930c75962f989a6ad

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    345cee78f01022acb435f4b9b9919f84

                                                                    SHA1

                                                                    4a82fb02f3c92683e0ee9b903cc9aa0850a67f88

                                                                    SHA256

                                                                    2b497c6a52e4e678181c5b66b61f167455c5b6209ab6e07d1b58bfb6e5193b9b

                                                                    SHA512

                                                                    a2ac4a246acefebd1440ca3bcc812b71260635e249b4c2845041227bb90461fe016e1ff8f795f9fd8b6b7fab01992e823e044042824d7689dc610b9bf0848cb4

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    73d51485ffb51024d2b45a6cf5e7ff4f

                                                                    SHA1

                                                                    f9082089f72177908db50a612e3c34e88d244506

                                                                    SHA256

                                                                    ee9932636d33c8d5394351c05d60ae9a24116276ee91a053a7ed39796738ea96

                                                                    SHA512

                                                                    4674e4bdbb3dc5aee758987231ff50d8e5776a0dc83b06a67a985b1d4b9ca82b9cf682da199e7b884fca5f482936653a5a2efe043bf4878d7fbf9aabde8047e8

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                    Filesize

                                                                    2KB

                                                                    MD5

                                                                    97a29d539011d34042882dd2750cd938

                                                                    SHA1

                                                                    d141efd0e2485b5609b8dfb2c64104d0e5b645d6

                                                                    SHA256

                                                                    7f7749b1d74430538af4c41e073760a19b8b41de07e6c6a74876ac508a9ff005

                                                                    SHA512

                                                                    fe038c7c27704e0e88ec5f416132715802478d2f0a4290a805af438b10ae8fa2bc0999a79bf0adfbfe4a906ff929a15a0cd72fd14f5941ee9969e5932c2a1b46

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                    Filesize

                                                                    566B

                                                                    MD5

                                                                    f3c4ece1e8e2ff8cbcb97d19d58518dc

                                                                    SHA1

                                                                    da83c6325eeb6e8443c5b21ac7c2e13fcaf3a3c5

                                                                    SHA256

                                                                    b43f6bd0f535446e1c534ce12aa25a81203452b913c85d6468d9c382395534b3

                                                                    SHA512

                                                                    0b9c14b96b3429dad97dda590d618e353d74f6d2dc2d0abbf2cccb66fb4b40d0f50dd540d584b85b0c578c7e134bcb661451f5e30479f3bb37168370dc5b847c

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                    Filesize

                                                                    946B

                                                                    MD5

                                                                    2a33e5ac502ce29b94f0405b28aeba34

                                                                    SHA1

                                                                    221ed29b024cd78825e92fce5286565b0989ec16

                                                                    SHA256

                                                                    f239138cde7daa030d45b5bb2248b99b7b718db0758b390128570a5959623df7

                                                                    SHA512

                                                                    f79aadcdce6fb57c11ea21eaa0019213cf2c9eb5b330f76cdf8de8012f5d4de975d4e4ffa2c7c2339bb7ea48dbecb442a9ba61e40fadd92e4d5efeb97281392e

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                    Filesize

                                                                    946B

                                                                    MD5

                                                                    96c958c148dcb2b4396e6ad436dd548b

                                                                    SHA1

                                                                    1117eb95fa1a5b20564e1b32d8b0afc77c02257f

                                                                    SHA256

                                                                    58050eb1f83ce64db1ae1f81b4333c8ef55b5acfa849f9f609999fd8f242d528

                                                                    SHA512

                                                                    6978430c8f9be5f156d2ce91468fe92b731f990087e0952a5f0fdad2adad2ccbb688248a3f91f4d148458a8bdc02612edf438eda189eed07720074b4a15d1d67

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    cea665896ada3b1b53e5469c06c94d23

                                                                    SHA1

                                                                    ef1b11600fe5f94bf8b8fbfe0fc192501d76b29b

                                                                    SHA256

                                                                    d81a4ecd4a1f67c183e74571c51d3d516cb31d22e40b34ba550e07b374b94314

                                                                    SHA512

                                                                    ff2575121ab1b2ee4e3526ae137b4cf21bcffed2766027d910fdbb14416e4eec1b6fe30915a17b41061fa4049eb29cffff27afa34e942775258b185d928d94af

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    9ece00287ecd9b6c8f98e51bd6aa1022

                                                                    SHA1

                                                                    6530c4591779092404af1f693aec030169954b8d

                                                                    SHA256

                                                                    4fde24ac7aa4d2f09a476f56ba6dd270767c8b208e6cb3017abef030d70b672e

                                                                    SHA512

                                                                    0e9d3a6fb4cacbfbf4fc7cc180d6e894c10999b35fa7829dbe67ab402da0d3e33f6324c7089a0dd84d8a436ba065331a6e33d18061059582522375605f87480c

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    7f50debf93d9c1f0a50f8ee493bad526

                                                                    SHA1

                                                                    b4a6ff85658662bdbf26ef2b63123cb6f69b8973

                                                                    SHA256

                                                                    12d85f93dd3182c5382f0ccb669fdc7d2df6547125e9be7e430330984e0b1d4a

                                                                    SHA512

                                                                    28a5f2ad47d5611c3152c2125c3d41d01d26931e0641150ec5b7726fdf7750d288d433d624f07b0ad372eee853e6ff1974bfa47674589d9dcd1c36c7130af8f9

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    9c62e6324a4f030b64508847c2c4ff83

                                                                    SHA1

                                                                    783c4aea5dea9cffeebcca060f26b074b0b5d2fc

                                                                    SHA256

                                                                    9f0ae52b33a7822a91be390d52bf2bebd1eb835bab67d15f8b8e5b566f597129

                                                                    SHA512

                                                                    2e58b1b1d2d15c89b5aae08607b89af2c116d630c0feabbce5a0b1f8676bbc5bbe1bd032306d58e663c6613b02066eeee5dcb485c5024a5bf97c9ca28ff706dd

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    27aab83502081ad117554c0e129fce0c

                                                                    SHA1

                                                                    e01231987c622be7f988bf1d679f1192ecf01359

                                                                    SHA256

                                                                    a477985dfb4bd57f7c20dbe9d7af3b38decfda803788816ae307d1c1c85a3a96

                                                                    SHA512

                                                                    74c736ce71e0ce593c210675891ea71fbf8545b6711bf97d2fcdb625d206a3218b7b6009dfeb29c6b41440ed64bb6bfc8741e31ed27f253e51031043c60d2628

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    5KB

                                                                    MD5

                                                                    a0b7e80134a79ef91f17cb13c6f41406

                                                                    SHA1

                                                                    d121aec2bcc73c2dc831b0c2c369346d1997e3d0

                                                                    SHA256

                                                                    602eace6fce3e9755ac599a219a8117c42814bd51b4d0d7729cae96b1d786bba

                                                                    SHA512

                                                                    e5e6d1b0731d8b6f25a28642b9f0790febe497ee125c4236020e00ef1b931ba3ca987eac1fe8bc706978ebe7bc3aa20a38a56b6c7222676dcd8479dc627e9697

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    5cce35d333292c66e20a81a06967afdc

                                                                    SHA1

                                                                    e758d588d71d5c78a1184756d1340c1e49674db3

                                                                    SHA256

                                                                    c0592933029bec8cea7f76a37ac950a921bf71b0c5d035dd579f6c58d64f443f

                                                                    SHA512

                                                                    31eac34d6c16eac89c853dc0224055d75643f129694078489fc509901fe6beef706545d8eccd25956b4d523a04d4ea93b5e10de91dd0add2281eb73b36b718f4

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    7KB

                                                                    MD5

                                                                    80e39719f8ba05bf824d69b7ed947a6a

                                                                    SHA1

                                                                    4434372bfbdb31da9e8ac1b27174541e729c5a20

                                                                    SHA256

                                                                    b1889c65efd0d9cedab2662d7fea58f05f403f15a2021d54e505d59a481759de

                                                                    SHA512

                                                                    d4f2962d8b115d79497ecce2fa5a065b97b03652bc28d9712c9195cd0a370b721ac1469d32371a8f4711cc340eddd0471c428e6c07e5eb869547a3ede8f6ddf1

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    af7f033321940870ff2274490a8386b9

                                                                    SHA1

                                                                    be2f2e9e761b6554ee7816efb2251aa08f1bca10

                                                                    SHA256

                                                                    2d4b902d30863c42b2bb83c6f83d5f793bfec0d850669c597444e7fad401ba12

                                                                    SHA512

                                                                    ddd4e10f88356edcb91a3f64e40946b30126a227b8aa15d579ceb89083461a70d1e0121815f05b53738201e85c096837252803545ffd1d1edc8e6e08cea0e889

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                    Filesize

                                                                    6KB

                                                                    MD5

                                                                    94007b42c166b19302b5f245268a6e5f

                                                                    SHA1

                                                                    ff5778412a9b59eaff85063c4e8f04324b08f2e9

                                                                    SHA256

                                                                    9688c6214205aa7e90e36778ea5323cb2c7202f7764202abf4ecbe91397632f6

                                                                    SHA512

                                                                    f50dff722edb803f1a353df400619df72f4019543cf177a45d07dc746dbc1e5eaab6008c5ddd3b1247ec5237872bf2a96ec69c4e6e873d3304dc9861527587a3

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    83882c61a4d77fd6e161e77d3e88dc6b

                                                                    SHA1

                                                                    5f1cf25a98dfb7e2e69ef7bdd9ec19ebd0915f24

                                                                    SHA256

                                                                    64a0acc7a57b0dc889cecaadf09e2d882ec3f024124c631a7f71c7861ba6331c

                                                                    SHA512

                                                                    6140fe67fc42ba5f82a5c1479b7dc56474ea6ae1c80cb0d4944da74faeb63cc64d35174f9a533995b54d2c01aac54fbedd6ac842486b4385c101b1572b5758a5

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    872B

                                                                    MD5

                                                                    d1287036e8b692ee5a65d486529f1c8a

                                                                    SHA1

                                                                    0254a5e7fffb4fbb8ed913e20b7a726d5264f49c

                                                                    SHA256

                                                                    14ae50a312999f9a0e481cc65c173c92bcd9bfc5b81ea0e70a5fa20c8a2256b1

                                                                    SHA512

                                                                    8f82d008e086f62ce399e6cc5a74c8b9b9cf2a536e6ee3eb81ae04fc11834d985936d8c73249ab7054bc86cd86bcb825040626e3d1557a3b2b0a7299e577a98f

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    3b5275976017d513f2394843eb4a2e20

                                                                    SHA1

                                                                    ee7d350323e5845aca279f625ae0f7f65e9889bf

                                                                    SHA256

                                                                    4099f1e47900706802e71b6e4b8c7ff07c2ae329908a24b967decd9a5b9fdb6b

                                                                    SHA512

                                                                    4a525fa4f43690291e9c23443ae6571184cbf7683a9716d541d756fb93525475612f327cb1c1d5ea0d84d90d8c07d724db9a36e82ed15b5269b2107a90ae958a

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    ebb7a886fc410f1b30f927a895ed1caf

                                                                    SHA1

                                                                    db8ac3a8dca8f909f89327028729f631a54f3014

                                                                    SHA256

                                                                    6af404379d702693759785fcd4a58d97fea3bc80b68caba5783b553f87e41dba

                                                                    SHA512

                                                                    d462bbc27f6f1a59f809f42ab8091ccc8a1055c6f07c5fb2b6ccec144f5f9eb3005cb52af2d2dffdfb8b40738bb158bdf50ba2c0857e5264f30fba453d754223

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    8a1a2719eaa0bbc4b738fe41a2f88a1b

                                                                    SHA1

                                                                    138b3e4d9d51a6d44743ff2b60dd22ce61bbe4b3

                                                                    SHA256

                                                                    b5d05878b3a25897acf563248175334e6bd335d3e52368083e58f41f4508d6a0

                                                                    SHA512

                                                                    1753c50901d578e207c9079169a170e5dd6afa275cd365c0b35b6561dffd5f41d00d5ec076cb4d5ae2f387f40379c5c2835f717ee9bb00b7463f6d09317e974a

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    2d9210dee784fa4556d7699ca8d5d5c1

                                                                    SHA1

                                                                    d218a7e4d1e01b2f587a66592a7c3b81c711a827

                                                                    SHA256

                                                                    dce09b46b6ceb29a70e69eb2975412bf6c984a4d9d1876c3f572d30b0fa29e71

                                                                    SHA512

                                                                    5b4245b643896860f9f24645e3be8b61abda085fe21658a2ffd5ced6720712582596bf6abd1390cab136ac2b22ef4ce2a96bea3975eb25b703ad119ff49772bc

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    eb4df7fc7b9a1533c4c690526a6e01c4

                                                                    SHA1

                                                                    e0070f2438a7e390abf489384c6fa64774721992

                                                                    SHA256

                                                                    d339bb2948a3aab5e4b2c3d02d79342af547d81e55f1409078db5deeefbbe1c1

                                                                    SHA512

                                                                    c6ed9dccd589643a31b13aaf9b5082a7dce87546536d3b2fd6980df4c42598ce1486f8090a1ae2d03004099ab430d28656992ff302f5f7962958fe8060b1fcaf

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    13d81a853a1c3a87990f31475f892822

                                                                    SHA1

                                                                    069e40cea4b2e49535c59fff52a54e135761d390

                                                                    SHA256

                                                                    339f42760b573566d348ad913effb38e055e8145061bf25e8cecca1867dd6eca

                                                                    SHA512

                                                                    ed97801a2a34aca7187225aedb05ffff55d20eb5fe3cf5978a93c1b7b15b3f832edde4a1ccf1d4790290983c8b10f1cb610eaa5713bf1484c9f02483eb1957ff

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    f577a4075fdb390621077e588976e860

                                                                    SHA1

                                                                    2e4da2e051fa4aa1718d6abb55c1be919981f13f

                                                                    SHA256

                                                                    ff10427fc46d1a1e454d65b8f783399b848d0a984436e2cd82adc457d1622d77

                                                                    SHA512

                                                                    cba3e08cc2dbd9cf562cf2f887b64d630289885889fec59b420aa1d79c556718f995e62d070c6992a522828cc782581caa83c56ef8115ff411a41d05343a337e

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    864B

                                                                    MD5

                                                                    0398d402f5439f429da3027eca7a0fd0

                                                                    SHA1

                                                                    700fc61e2bbb2f58ebe0af7c4bd30ac99d064fa9

                                                                    SHA256

                                                                    3265aa02518aee7de70932cf667ef3516280f339a9726da46181c99f0e0cfc12

                                                                    SHA512

                                                                    3d329485429b2f841e59ef1255e564601834e29d20c0c452f244a2148e92d39ca705b7df4f10482249a2f8287811876a23908217c5f2d651ac4c02d9af387129

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    0e56ef43f63da7471fb539ec8617e2b7

                                                                    SHA1

                                                                    491b6655a27c719cf931935bfaf28b751895ea77

                                                                    SHA256

                                                                    798a6ca40f52590e3264c49080b26d8205a0855c12dcc9044709e76bf3976557

                                                                    SHA512

                                                                    277874a80cb121426ac2e3701486202abe2c76d01c4a28cdf549fb8335705c9d3f09e5138a58ad1197fec1d9da633884e4cd301db1d31a06274c4e8b66bf8ffc

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    11b45aebeb7e483ad83d5be66af9d916

                                                                    SHA1

                                                                    fa7e8a4afb2975da219cb8116fce6ebca21ea370

                                                                    SHA256

                                                                    385353f2f2759dc6d3a7f88ac22e27377669f8ae386063e8afe59a69763b89c3

                                                                    SHA512

                                                                    30cfe69ccf2bb7c60d8b853341f7f5f3697c9cfd38aed3b39c540ca345c34b9150bc17425e618b880259663f72d68398c5f1b7894ef1dd6957793197fb12b269

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                    Filesize

                                                                    1KB

                                                                    MD5

                                                                    180c5ae207a0c22956202734ddf951ea

                                                                    SHA1

                                                                    b0cefe4f762dac006c719646d68e1aa3e8fd077a

                                                                    SHA256

                                                                    a04325de67766756c5b34e8a5c1832bc523b6035676b58eff7f3a658245cdc04

                                                                    SHA512

                                                                    68fd462c478f9925e34d28734e474bfb910e52c049f1e2690aab99fee7f494068c2ca8bf6e584950de24e361d94e56a5df4ecb21ae8de39b3f02a76c17c99e75

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58876b.TMP
                                                                    Filesize

                                                                    868B

                                                                    MD5

                                                                    f8e551cafa29ab49cb9e61a923faed1f

                                                                    SHA1

                                                                    15ce423a3be16f2c7812a4de1b340c4c628ea366

                                                                    SHA256

                                                                    30dd07e2f8c8a085f96375c5e35ea4a8d154cdacf3590a5b50366777c555951d

                                                                    SHA512

                                                                    e6a8089dc964a4ae35eb94075a1e72f0bdeba5fc9e6954b1ce00a718b5b045aaf55b0c1562689d914392c488890160fe232b7fa64fd657f3c3f82e17cffb7d04

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                    Filesize

                                                                    16B

                                                                    MD5

                                                                    46295cac801e5d4857d09837238a6394

                                                                    SHA1

                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                    SHA256

                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                    SHA512

                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                    Filesize

                                                                    16B

                                                                    MD5

                                                                    206702161f94c5cd39fadd03f4014d98

                                                                    SHA1

                                                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                    SHA256

                                                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                    SHA512

                                                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    a9b454f9aed260f512901a47d21e4513

                                                                    SHA1

                                                                    47a614d072cf9df8912b8e9cb82b0108037b9b47

                                                                    SHA256

                                                                    05984e800140e695334628438451212e28e79c860d2ba515545bc0c4e0ce5030

                                                                    SHA512

                                                                    18dd376f562168d4d1772729890298843748a8928a9b642c621049d8bb6cdfff6f8140ee572942b21e85795b5fd815fcc1fd185d107a59ad711a4c12905674c6

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    713c501fbe2c4c1579d3e4a5f6919edb

                                                                    SHA1

                                                                    774d680a59b26fcdc8629cd44744fb0056385892

                                                                    SHA256

                                                                    2a7f7939fb52e624fcc184d1ca1d9edee2b8c3890a6d4e36a09a137d7dfe5cfc

                                                                    SHA512

                                                                    1751219082c9eea8081bf6f503826cfb666ee65b7129c91e54d49118c182e87905c28eacea5dd4ab0ef2586a43c854d13498cd442cac81b899e220818580289a

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    96c75407102dfe1a968659361ac99b6f

                                                                    SHA1

                                                                    1a5e51e358c315b50f459e124c87cd2564f45512

                                                                    SHA256

                                                                    998ec68e1db74d5b1e5986662b9b36716669476a76f44b8e133b0f0dfe9bebf8

                                                                    SHA512

                                                                    3468412c67ee29a8dbc3cc638cd434679d460c22ffd595c23541f5ad2bc2ffbd36c6bd6d6a0d3ac88235d00dccc8c5608c0b787de2dc919e2b781bd744343b26

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    d10ed2fedfa68d555e6df73adbd0c701

                                                                    SHA1

                                                                    d669f8216cbde06e64b9ca70a946cefca48e01ec

                                                                    SHA256

                                                                    68c23a288b599be366b5f734d874d618e8ca28f5f8444cf2e227b4a28130bfc5

                                                                    SHA512

                                                                    83da35e6a93ed6de9f67c9f61cd3ac429baa95707713fbc5a85c4c9466b4689fbe9d77b72fc4469c0d284013becf5d9043df9c27c922f12b0b9f7ca8e2b80a4b

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    063baca73da153314744c48e46046c58

                                                                    SHA1

                                                                    ead1b9b3ba319d1dfab7ba2bb6a5afff35a8960c

                                                                    SHA256

                                                                    425b4c67ec0c58124707e03c9fce65fc56db9d65303e408646092109d438442f

                                                                    SHA512

                                                                    0b951dc0eda991359f8b9021442d2bd8752b26916c77c86a2eb1434b0c52245cf4a439bfa89f5d723af235ee43b3cc2dffa82d360b4396ad74c66c5adf645724

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    8046865437af8064b0ff1cb067b34f2c

                                                                    SHA1

                                                                    7841291be1517ae47d53457874e91b9fd9201548

                                                                    SHA256

                                                                    b2ace309006da087e4ce9820184a5cdc2f98d97021fdf3ea9bb608485e009cec

                                                                    SHA512

                                                                    27de5870464eb0cd6a1d90ccf9ceb887aee38c6173b8feeb68d693f719efcab238461964c2edea02a704f428a0a1d36d069a1a9b6e386320afac06b9444fc602

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    aa595c683bc4851e4d56b639485dce50

                                                                    SHA1

                                                                    9a44193ec717458fa32d8c619badf7979146a07f

                                                                    SHA256

                                                                    436876d6e5026fcb1dd7e8ecd7f0450b3da5d2538c122dfb111b36c541f3c400

                                                                    SHA512

                                                                    b6c83525bbc424623e12c57efd576c3e15b0f6cc2d8b637c8e5e75f8d8e456f614518b03b9af6364c9ef16c1b5603248313b8df354623dc082d945bd181b33e0

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                    Filesize

                                                                    11KB

                                                                    MD5

                                                                    77db4f61dc5130e8f12139c26eeed9b9

                                                                    SHA1

                                                                    6070339752bd2d88e07738c07c3fc7c815f61977

                                                                    SHA256

                                                                    6b58b1d65ffea2b11b3e7b22465f4ce5682e0585ea253fbf49bc3d87a8b8dfcc

                                                                    SHA512

                                                                    08a9a8d48188c18e0fcfd7d2acfecf1003afcf2d2cbf38e0fe0e35dfdd8d4b9faa599e468fee7be08bcb8fad01b7a49883a4c8dfbdad048c66cf8509c3348bd7

                                                                    Download Submit

                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e9f7df9f-49f7-4165-a766-3cd9e7315b84.tmp
                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    f08c3865d611b73c4fdd2c6097b91130

                                                                    SHA1

                                                                    2b9a73d0e9213674331fffc6ff18620de398881b

                                                                    SHA256

                                                                    99908c92751cb8057d234d3e4b1845013742886269ab5fd602161b11c30c0dc8

                                                                    SHA512

                                                                    d6d8498aa7a1151742c251744e282c75d1cd7cde5870cdcb9f77c5151953507545c4b72764770a31be31cfe1e73704ef67f5c5dcb2bcc92cb672819526c9bb1d

                                                                    Download Submit

                                                                  • C:\Users\Admin\Downloads\BubbleBoy.html
                                                                    Filesize

                                                                    12KB

                                                                    MD5

                                                                    bb7b91d1685db89b58ac01a72921e632

                                                                    SHA1

                                                                    4a1dd457983a7f1bbc7943eb5fca3da6d93d4176

                                                                    SHA256

                                                                    940a563df059604ac0dc6a92a845da2f04236b86887208b89969b70c6781c3f8

                                                                    SHA512

                                                                    09e26d197b22a4553e2e87a9ee0957700766c2dcd11157b5b71744d67abfa30d71d45c7bf1081bf9337527e3b8aabde99b09bd2bd30aa302329ebf480078307e

                                                                    Download Submit

                                                                  • C:\Users\Admin\Downloads\BubbleBoy.html:Zone.Identifier
                                                                    Filesize

                                                                    55B

                                                                    MD5

                                                                    0f98a5550abe0fb880568b1480c96a1c

                                                                    SHA1

                                                                    d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                    SHA256

                                                                    2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                    SHA512

                                                                    dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                    Download Submit

                                                                  • C:\Users\Admin\Downloads\Happy99.exe
                                                                    Filesize

                                                                    9KB

                                                                    MD5

                                                                    02dd0eaa9649a11e55fa5467fa4b8ef8

                                                                    SHA1

                                                                    a4a945192cb730634168f79b6e4cd298dbe3d168

                                                                    SHA256

                                                                    4ebe3e1af5e147c580ecce052fe7d7d0219d5e5a2f5e6d8a7f7291735923db18

                                                                    SHA512

                                                                    3bf69de674737ca15d6ff7ce73396194f3631dc4b8d32cc570adeeacdc210acee50fd64c97172ce7cc77f166c681d2ccd55955b3aca9188813b7ff6f49280441

                                                                    Download Submit

                                                                  • C:\Users\Admin\Downloads\Unconfirmed 223423.crdownload
                                                                    Filesize

                                                                    129KB

                                                                    MD5

                                                                    0ec108e32c12ca7648254cf9718ad8d5

                                                                    SHA1

                                                                    78e07f54eeb6af5191c744ebb8da83dad895eca1

                                                                    SHA256

                                                                    48b08ea78124ca010784d9f0faae751fc4a0c72c0e7149ded81fc03819f5d723

                                                                    SHA512

                                                                    1129e685f5dd0cb2fa22ef4fe5da3f1e2632e890333ce17d3d06d04a4097b4d9f4ca7d242611ffc9e26079900945cf04ab6565a1c322e88e161f1929d18a2072

                                                                    Download Submit

                                                                  • C:\Users\Admin\Downloads\Unconfirmed 315987.crdownload
                                                                    Filesize

                                                                    32KB

                                                                    MD5

                                                                    70f549ae7fafc425a4c5447293f04fdb

                                                                    SHA1

                                                                    af4b0ed0e0212aced62d40b24ad6861dbfd67b61

                                                                    SHA256

                                                                    96425ae53a5517b9f47e30f6b41fdc883831039e1faba02fe28b2d5f3efcdc29

                                                                    SHA512

                                                                    3f83e9e6d5bc080fb5c797617078aff9bc66efcd2ffac091a97255911c64995a2d83b5e93296f7a57ff3713d92952b30a06fc38cd574c5fe58f008593040b7f0

                                                                    Download Submit

                                                                  • C:\Users\Admin\Downloads\Unconfirmed 655649.crdownload
                                                                    Filesize

                                                                    232KB

                                                                    MD5

                                                                    60fabd1a2509b59831876d5e2aa71a6b

                                                                    SHA1

                                                                    8b91f3c4f721cb04cc4974fc91056f397ae78faa

                                                                    SHA256

                                                                    1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838

                                                                    SHA512

                                                                    3e842a7d47b32942adb936cae13293eddf1a6b860abcfe7422d0fb73098264cc95656b5c6d9980fad1bf8b5c277cd846c26acaba1bef441582caf34eb1e5295a

                                                                    Download Submit

                                                                  • C:\Users\Admin\Downloads\Unconfirmed 679590.crdownload
                                                                    Filesize

                                                                    10KB

                                                                    MD5

                                                                    8e2c097ca623ca32723d57968b9d2525

                                                                    SHA1

                                                                    dccfb092fa979fb51c8c8ca64368a6f43349e41d

                                                                    SHA256

                                                                    556700ac50ffa845e5de853498242ee5abb288eb5b8ae1ae12bfdb5746e3b7b1

                                                                    SHA512

                                                                    a468476a8463c36c2db914e3fe4dc7aee67ac35e5e39292107431d68ab1553ca3c74255a741432ba71e8a650cf19eb55d43983363bfc9710e65b212fba37bbde

                                                                    Download Submit

                                                                  • C:\Users\Admin\Downloads\Unconfirmed 756822.crdownload
                                                                    Filesize

                                                                    1.9MB

                                                                    MD5

                                                                    faa6cb3e816adaeaabf2930457c79c33

                                                                    SHA1

                                                                    6539de41b48d271bf4237e6eb09b0ee40f9a2140

                                                                    SHA256

                                                                    6680317e6eaa04315b47aaadd986262cd485c8a4bd843902f4c779c858a3e31b

                                                                    SHA512

                                                                    58859556771203d736ee991b651a6a409de7e3059c2afe81d4545864295c383f75cfbabf3cffaa0c412a6ec27bf939f0893c28152f53512c7885e597db8d2c66

                                                                    Download Submit

                                                                  • C:\Users\Admin\Downloads\Vista.exe:Zone.Identifier
                                                                    Filesize

                                                                    26B

                                                                    MD5

                                                                    fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                    SHA1

                                                                    d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                    SHA256

                                                                    eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                    SHA512

                                                                    aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                    Download Submit

                                                                  • memory/1536-994-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                    Filesize

                                                                    136KB

                                                                    Download

                                                                  • memory/1684-903-0x0000000000400000-0x0000000000ABC000-memory.dmp

                                                                    Filesize

                                                                    6.7MB

                                                                    Download

                                                                  • memory/1684-896-0x0000000000400000-0x0000000000ABC000-memory.dmp

                                                                    Filesize

                                                                    6.7MB

                                                                    Download

                                                                  • memory/1684-900-0x0000000000400000-0x0000000000ABC000-memory.dmp

                                                                    Filesize

                                                                    6.7MB

                                                                    Download

                                                                  • memory/1684-901-0x0000000000400000-0x0000000000ABC000-memory.dmp

                                                                    Filesize

                                                                    6.7MB

                                                                    Download

                                                                  • memory/1684-898-0x0000000000400000-0x0000000000ABC000-memory.dmp

                                                                    Filesize

                                                                    6.7MB

                                                                    Download

                                                                  • memory/1684-921-0x0000000000400000-0x0000000000ABC000-memory.dmp

                                                                    Filesize

                                                                    6.7MB

                                                                    Download

                                                                  • memory/1684-902-0x0000000000400000-0x0000000000ABC000-memory.dmp

                                                                    Filesize

                                                                    6.7MB

                                                                    Download

                                                                  • memory/1684-899-0x0000000000400000-0x0000000000ABC000-memory.dmp

                                                                    Filesize

                                                                    6.7MB

                                                                    Download

                                                                  • memory/1684-911-0x0000000000400000-0x0000000000ABC000-memory.dmp

                                                                    Filesize

                                                                    6.7MB

                                                                    Download

                                                                  • memory/1684-897-0x0000000000400000-0x0000000000ABC000-memory.dmp

                                                                    Filesize

                                                                    6.7MB

                                                                    Download

                                                                  • memory/1684-904-0x0000000000400000-0x0000000000ABC000-memory.dmp

                                                                    Filesize

                                                                    6.7MB

                                                                    Download

                                                                  • memory/3932-1079-0x0000000004C00000-0x0000000004C1A000-memory.dmp

                                                                    Filesize

                                                                    104KB

                                                                    Download

                                                                  • memory/3932-1055-0x0000000010000000-0x0000000010010000-memory.dmp

                                                                    Filesize

                                                                    64KB

                                                                    Download

                                                                  • memory/4952-1007-0x0000000000400000-0x0000000000422000-memory.dmp

                                                                    Filesize

                                                                    136KB

                                                                    Download