xworm | hxxp://anaxyn[.]com/download/

Analysis

max time kernel
601s
max time network
603s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2023, 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://anaxyn.com/download/

Score

10^/10

xworm rat trojan

Malware Config

Signatures

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Executes dropped EXE 1 IoCs

pid	Process
2752	Unconfirmed.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\51d189d5-6617-44bb-92cd-72ec5acc7015.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230423205326.pma	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 864332.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1788	powershell.exe
1788	powershell.exe
2624	msedge.exe
2624	msedge.exe
4536	msedge.exe
4536	msedge.exe
4868	identity_helper.exe
4868	identity_helper.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
3620	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1788	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 4916	4536	msedge.exe	87
PID 4536 wrote to memory of 4916	4536	msedge.exe	87
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2768	4536	msedge.exe	88
PID 4536 wrote to memory of 2624	4536	msedge.exe	89
PID 4536 wrote to memory of 2624	4536	msedge.exe	89
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90
PID 4536 wrote to memory of 2644	4536	msedge.exe	90

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge http://anaxyn.com/download/
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch http://anaxyn.com/download/
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb016946f8,0x7ffb01694708,0x7ffb01694718
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3980
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff7d2595460,0x7ff7d2595470,0x7ff7d2595480
    3⤵
    PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3792 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6388 /prefetch:8
  2⤵
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6384 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1984,10093891425121178358,15908844813652713145,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3804

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4592

C:\Users\Admin\Downloads\Unconfirmed.exe
"C:\Users\Admin\Downloads\Unconfirmed.exe"
1⤵
- Executes dropped EXE
PID:2752

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
27KB

MD5
700a1ea5faed0069a1c334476fc72c94

SHA1
de8f42c0c36cca06d2ea55bee8bd95cfa40c4fd6

SHA256
689aafe7e30b1bf5e73c6f9143a621b5bf788bfb82a1843044487db79bcffc51

SHA512
eb38c8ac81270baa9a73858df6a915766f3f5c2bedd8b058a0f3271426cd6e6e70ab2055c3e5692cbe6ff486b188687c255e97577ca8c97b77cd9d0c844c57fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
2d5b077af6842c6b59765793e972c10a

SHA1
6163826d5fce60b6b9d1a2859f44daf00605f00f

SHA256
fe555ea5221d5fe51dfe8ae8609a814fc3a78737c2ce5ca35b93b911a70dd845

SHA512
8b4f1216a2115090181aec71bb79036ede1f82076e18c38709b2a8c3acf3e1379b5593be26f4d0c6e5d1cc6599698763c73abfad095f1a765d5a83b2129a0a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
b9f8ceca400e2c73fc03d5edca6efeac

SHA1
15e2faa1e24d3a75a2138a07a4ad6502197aa997

SHA256
25526dbdac450f32c25fa077b77cf6f4c1d4225e1acf813a8d1e02d5fd67bd8e

SHA512
f4caee4efd62063f13135d1a89bb56ed73700cb3348ed372a5f4bcf5dc96ca7146a709d4f99dd98a209801a0beb20d007c9f52161155f580624516ca3ed17b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\http_anaxyn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_anaxyn.com_0.indexeddb.blob\1\00\2

Filesize
5.8MB

MD5
3c70e7ef13ee4a48c2f57ee6d65dd0dd

SHA1
47a2ac062c8cef21fbd3a32cf67cb717e4808ab3

SHA256
6c5fd19093b68ef77295338570cd3ff377d844cf90f9b3e95c40c73e3a777572

SHA512
dd22cb8ced0b4bde7389bfb240acd7ed52f4f17ba9f191f591d528c1c0e188ecacff01db1643c94d77ef9272c01833eccfc0cf1379f45a66c702f97c54e12406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_anaxyn.com_0.indexeddb.blob\1\00\7

Filesize
1.8MB

MD5
6eed334c615bb511cf1422a8dce17108

SHA1
b202f833ffaccff9916d79cd2d3796ba6eea5597

SHA256
390aef1dc7d1597cd31b17e22dae2a7c428d07e921d948a44b0bd096002a662c

SHA512
085ba53586691e43ffe05f0ac31060d7bb093d2ae41a3c30b12774cba79b6a99a6061cfb6518b68b453659d566573d02959924697079d98a6ead18afd8fcf974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
844B

MD5
26e0aa36f09b6fa9bcba4211e29e8007

SHA1
f89c077cc41e1ed377bb6b3d61c930f14af7e5f7

SHA256
fb24be07e28796a2d8cc8d45badd4a6e38cffd51d6b1d1445c2ac7a5db316bc7

SHA512
caeaaf7237882ed079ffa7b2b7bc092f6bf39afa199d6c44dd07b2120895c97a7d2949add7b11932038487810d905336ab48a317052638744f0ef223d54ed8f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
784B

MD5
4985b5d7cfa2c0ecabfe403536da425d

SHA1
ee1512796f62d37f4aaa3b2668040ffc33d94d80

SHA256
16c1f7248b3da80a541660b3247c03d59ddf0623e3e676a51badd995aa3f85b8

SHA512
adb0fec12bf5acbc970362c53d12f633f8a6c5a65a689f9bab38ec81b793e04a33c6938170f34ab80657e68de0145b1f7c3e719beaab8c447c4864db751934d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
845B

MD5
71013b75c721ce58ddb20ed1cddfe482

SHA1
23f4a8279bf2fae38f5233641472775f9e520bbe

SHA256
959cc26a1fdac8c4651bca79d27cf13c8811fcaf407598003957b5c4afcaacf2

SHA512
8438c7ab71d26960560932185c09e206f62dfcd904d4ee748b9672e96fb2daff186a0a76fedb8e2025698ff894046c48531894ca268fabcacc37f40229ca491e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
86cb95d56418848b4421c1537a535a6a

SHA1
8daa0d44b10c0291752cb7adbb8c8afb6e105ab7

SHA256
c3d2c32e1dac99d0c525b6a9334039762136ff872a17e9a4b14082eeb4744510

SHA512
b9a335f60f02cc5461c171dcfd308c7eb5e60eb640693e66f1a066b2f685e0d1ae79d0eed8a4f10e186c21625d0ad93846a5cefac267c9f62ef00e4b3ff6d2d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2291ec88ecd7c502779e28fb39c61d0b

SHA1
6f809d2dad58beb3ee9a0e4db4dc1710aa4c41e1

SHA256
5c9b663b7ef06ccf20c986c9f3f3612d86ab9527f4e3bcaf04043b82fdb82522

SHA512
e4fbf650b0afcc5dfe352d16d45204c35edfd2f883dae792baa67527a253187a8cd3f5de90b303914b76be5248d412a71496fc145d19370f55168c28f0c303b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
975b0c4358d7607e95da9d511c1b1237

SHA1
f9a329d4546f83b7347ee9d0c1b9a9a738cf5700

SHA256
6e956ca9d4cdccd885aede03a7b7c5d8997ede60841b7f09018dcd56c14069d4

SHA512
b96ff944e8841679aafcd5113420ac483e9b97fe4b3eb822c2af809e98a7297988b8dd390e0fb6907bf980cbf883421fa6d512fe54a509701d54ad365287e6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55d3f1b9119dc9e995696c263bfd4e4d

SHA1
0664bcd2296388d6ea711b8b6694ff9313f6dfb1

SHA256
bebc90d620ac65abc094e56d590a2fac3a5f0dfbca30442159939a0251889d37

SHA512
027d293bbef5658fe1d4914be151b17604cdc9bffccac279e2e9e3ec0821090921b1738b8f4e94559c6de667f8a40527bd210735ff35ff8a21c4e355df9185a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d7bff80fdfe636ad25ef14c5902cff97

SHA1
f2968b6dd0ddfb354cc9d114267b704f66c3438b

SHA256
e71b2f2fc1cbf2c3ad48165e8e7872166d3658c5ae10b6be93276d04e8a5f476

SHA512
0b4b0e87653cb8ca38811210acddbab316c5bc26a899495ae09996beee8bb3bbd44a04d04c4c8f791618007800fb2328cfa92dc35f6d3ca4d33a5d99d290616f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6dc973f8b269af4b1aa5efee6451ef59

SHA1
f1c40c25e63d229483c5faf206516a63f93d1f01

SHA256
b23a1ece7d6650f8f269072297c84bbeabaa30c2165bdbe4f0a893d5c140d890

SHA512
45b4faaae406550d256bba4f0477985a5ea0e5214d6ac2bc584d46790346433d83b27f221c656c352a67fd27bc722f876a526cddfe61be5eb05a85fc46780c24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
426bce30a6d2215da261428c0d2506a3

SHA1
9b39e23137e76db1b4ac02b072d39ba4f3b3a802

SHA256
544986fdbfc373f1e46412367ced96b04d2d95bb18525be347a550c6ede84ac6

SHA512
f5c1c6af8cfbcd8e44b87930003a56c22384c311f39d7f6a7628fea54db4d9c350476b20a7b986af1174adfebc6e8660f9b55fdc04565fee42c7cfd5b1e0a265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58120c.TMP

Filesize
203B

MD5
9e3ca3527d50fe6f9f3bc6aed388715d

SHA1
c8b0277aea0b0241e2c9c05102993c137b74170c

SHA256
78cdd0924f2b508a458cef97d826af468bbfbe5896fbc02c1d135d8698d101c7

SHA512
3f0edaf3ce2c5398787a69db049c0aad21846453d579dcc9b2adaece3b51652ddaeaa4e4f4ed3f15041125f3769e0c720aa6afb89d084fac2c2f04ee7a91279e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
2194ddd6da3af1b8c0081870e080acd2

SHA1
f659736aa840b8f738a345b4ec60674302c59ebe

SHA256
9ee03a85f9b8e05047261760a2bb0515e8be61388f3cc9c7a63d1556a666fb8b

SHA512
7cb8c2e884ab81eb28a56b06beeb6efd463b046cdd0e5134c6d49c84b3ca8ba5070da4f316d452efa07ba48b0b83d7584a07866a2ace920db12cebc6ff2b7e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
1ceaac5f5ee7c5b5b6532522a3468e16

SHA1
f46c8f05b14761ecc6af73be99e7c70ec0e136b8

SHA256
535a3d6728f3e4033fea2b7f66eda7dc96a4c9e4a18e591a7609912cfa0c6df4

SHA512
f92932d925bcf858d4c10ef2dab2f17f73593ec86d7a3b1c90cc3616046808384f0cf6e905f8cd5487af75d61e5214d79cfdb51626a7629a05d7dcbbe4444788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
56e9e0c521be184221a6268305cff190

SHA1
06555419ab78e5ae54648d31ddd9a46b09d074f0

SHA256
2d418901fd122e4348e0582e2da6cf361df30257240e07ddb80a86e80b967b1c

SHA512
4b71db41f548372be37173c12023b4acefdd1f0b180093f7e3389171466636a74bf33fd673aa444c797264c6d1853352c099db394046edb9790e4c3bd89247c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
7d1944de3e78e9d2ea1068ca6313e458

SHA1
4fa351e2cba22422c63ec81ffdb0ae79ff69b193

SHA256
2d3f12edd94fa5fd19f6155aad7ed498ab8ab0591c961d81aa9990856a6f3dc4

SHA512
3b32a967cdaa82fd1b87bf9bdf771ac0be4db27728edb6a5821e8dccaefec909f29d0ab70177c49be2b75c011b8c6fd9ca4e8fe9b2c8b4a9db7bb01906081068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
837866abae15f5d23dfb99de16d365b5

SHA1
01c3f17ff4094c2a03c1781f4f9df170314d488b

SHA256
08666a67219907ac7118a667159e273ba2d824e2b890c05e2a740a381f587a5a

SHA512
385d907e02e821945db500377e39330247f94eb5ef2b91788c1a4365eed564f53c27dbf5251fa28be5539bc88926fe08ef0e876d421a78a8f29043c45a302677

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_g3rvg3zp.3h0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
eb82b2b3b2581b86fab0e7693b8b0656

SHA1
ec6d7405488c3b44ae355b24fa678e9bf532edd2

SHA256
a159bf32033b3f5de2ba17e521a6090d9bcb51e6cfe926f3d52c86a7961a3a5a

SHA512
d64d14f4f397e502d990c18b8a7cfa0c4d6585771cc4e6b797e9e70329c69e1ac1b2f45930372253407284800fc5f3b862efb08e8f5004053568c2d1f098eb2c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
c2530326db4b0e47425288b50fe7144c

SHA1
ac067e80af0b4c67bf33339f9d9848c1435d18f7

SHA256
dffaf3d4f66a5156d17ec19ffed3886b260a499b6370a52b8fc7e6e804951a3f

SHA512
4e87689489a94915c67a8a98a9cd9f6835f3a010c1030e95b623f0d3582648674fdead26b11da6748770d59cbc9580699eee972b87203fc28bebbe344e0de136

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 864332.crdownload

Filesize
1126.6MB

MD5
9421feeabbbce98e9d81cac872206376

SHA1
5e983919b20090b313d557c99ce314372cb1f6de

SHA256
6753a8ba2f194842b9aed9df0c095378f56435ca8781eefabe370753f4b2ca29

SHA512
53f4786fcd95b02648cce8c67f466085ccf41d01d6317d9c05a041a296b71ecd12b19574bf2038c1b00f1cb2876907e8826bfe370dfbd0a75ba1aec492e1e16c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed.exe

Filesize
1126.6MB

MD5
9421feeabbbce98e9d81cac872206376

SHA1
5e983919b20090b313d557c99ce314372cb1f6de

SHA256
6753a8ba2f194842b9aed9df0c095378f56435ca8781eefabe370753f4b2ca29

SHA512
53f4786fcd95b02648cce8c67f466085ccf41d01d6317d9c05a041a296b71ecd12b19574bf2038c1b00f1cb2876907e8826bfe370dfbd0a75ba1aec492e1e16c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed.exe

Filesize
1126.6MB

MD5
9421feeabbbce98e9d81cac872206376

SHA1
5e983919b20090b313d557c99ce314372cb1f6de

SHA256
6753a8ba2f194842b9aed9df0c095378f56435ca8781eefabe370753f4b2ca29

SHA512
53f4786fcd95b02648cce8c67f466085ccf41d01d6317d9c05a041a296b71ecd12b19574bf2038c1b00f1cb2876907e8826bfe370dfbd0a75ba1aec492e1e16c

Download Submit
memory/1788-144-0x0000024960A60000-0x0000024960A70000-memory.dmp

Filesize
64KB

Download
memory/1788-143-0x000002497BD00000-0x000002497BD22000-memory.dmp

Filesize
136KB

Download
memory/1788-145-0x0000024960A60000-0x0000024960A70000-memory.dmp

Filesize
64KB

Download
memory/1788-133-0x0000024960A60000-0x0000024960A70000-memory.dmp

Filesize
64KB

Download
memory/4868-359-0x0000016C5D140000-0x0000016C5D289000-memory.dmp

Filesize
1.3MB

Download