d754e225d5616c22f07b6509c306e3c88d1244d9ea06481a36a1c5a8e9ff34eb

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 14:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IMG_9484.jpg
Size

1.6MB
MD5

326a584f44ac0f0d6ca7a860abd3beb9
SHA1

eccde15d35f47bedf1c7a9b0c81fe16221324de7
SHA256

d754e225d5616c22f07b6509c306e3c88d1244d9ea06481a36a1c5a8e9ff34eb
SHA512

a086950eecfe070a3e8183dae713c096f82f012026042dbfc9aa891bdb5d50a529aa36e0192b9c8d8262d0518585dc233a5ecb5e996fcdd2656e39821111d48f
SSDEEP

49152:oVEAMyKt8Fh8pj5xmE3eN3lCcPESpIGPOy+VoKpRu3jfo:oVEpyKlJ5xms03llxpIw3+VRpRu3M

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
215	discord.com
213	discord.com
214	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-635608581-3370340891-292606865-1000\{505DBD0B-0B15-48E2-9FFD-CCCB226B3708}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-635608581-3370340891-292606865-1000\{0D8FD10A-5972-4DD8-A7E3-09D10C8AE94E}	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4956	vlc.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
628	msedge.exe
628	msedge.exe
4704	msedge.exe
4704	msedge.exe
3796	msedge.exe
3796	msedge.exe
468	identity_helper.exe
468	identity_helper.exe
3632	msedge.exe
3632	msedge.exe
2292	msedge.exe
2292	msedge.exe
524	identity_helper.exe
524	identity_helper.exe
556	msedge.exe
556	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4956	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4956	vlc.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
4704	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4956	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 3740	4704	msedge.exe	97
PID 4704 wrote to memory of 3740	4704	msedge.exe	97
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 4820	4704	msedge.exe	98
PID 4704 wrote to memory of 628	4704	msedge.exe	99
PID 4704 wrote to memory of 628	4704	msedge.exe	99
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100
PID 4704 wrote to memory of 3728	4704	msedge.exe	100

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\IMG_9484.jpg
1⤵
PID:2268

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4488

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\OutSelect.MOD"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8a6cd46f8,0x7ff8a6cd4708,0x7ff8a6cd4718
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3688 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2432 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9392959484432461631,5297871027233745911,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:1952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a6cd46f8,0x7ff8a6cd4708,0x7ff8a6cd4718
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2228,16136938201744777183,6354557471460415477,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa070c9c9ab8d902ee4f3342d217275f

SHA1
ac69818312a7eba53586295c5b04eefeb5c73903

SHA256
245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

SHA512
df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0047b6ed7e88813c9e67cb812e64e32

SHA1
41d07de6efe3af00e57325df351cfba3e9e6ed59

SHA256
a47b6c097cea1c995580c4f17838616e5f0eb6ab5c32a8b162645a4baaa69616

SHA512
60f4e8240d2be4edf2e2a6be772f0fc3f4df27c1efcc6e81f6433ac7644b5f165c90620c4dc6f563473be0d83a157498e77db6e84d2c3a5c988528a5d6bf87c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0da33a8b-b1aa-4b09-8ea0-35bfb21bc791.tmp

Filesize
8KB

MD5
e19ae7b4fb0c172bb113c83a13e6c271

SHA1
aa043eb1f985557fd1ea3d547b1e2d72a984db48

SHA256
2c69de6cc5a6e06c52e7a68c5fbae9c59e265469cd2f3a4b9860e384332a4cd7

SHA512
4243eb6ac3173a1b70afb9b2d152f84164618d5fdb811a02e028d3108c2923b82c8c80f4a0040b66db4b1e4b0f31eaa90e322d928f6a39f844fd7125c86f4cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
58b143d98ea644f5b552c3662ee93696

SHA1
e9abab8b72f4bbd995ea4bc042e4918cc1a77f1a

SHA256
a4c9decb5156023ad774838012e17d80ba354f7b6d29cf5cb907545d503c208f

SHA512
80d5937b7160b4eecd9fccc032167b29c93609668e35a3eea28ce6c2966c500a02dd2551a08f57120173c382af46df491810b663d374f4a3f47bf3afa95508f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
e3d7d2311f5267506ccf1e1b00096372

SHA1
cba31e8b4faf280b4d6f528ad3ff7cb43707e7c2

SHA256
b7b16dc9c8ac75ccbed4a35506ca5a66b2b3c2b9f92265253c9206f84c4ecd55

SHA512
023e236edd99cc8344fd9554239bde9cccc0f5258162c39ad0207a01e1a86789ad2c4fa61b61de76df24d68cace56af4f9afe7090ff1cf35e506d2a49734490f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
9eff97f1d03377090ef364421168bc61

SHA1
4963c7a84dc2870fb667cf1d3d1c152a4f2fd7e6

SHA256
65819a3467f8b3a24cc6f54567ad54af36db4fbb01c5c76e6b14c3e5831523c2

SHA512
5f7c4ed45d00430a2489bd4495835e311a8dc9c52f470af34a549060c587ec5a9b253b9b322270392a185d354ba42ee47210d681029ce9e42c0151406af61bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
fdfb3fbc125261d17a37e6c136bb05d8

SHA1
dec2d1408b0cbe1b7f1159c4ec62c1a4552912c3

SHA256
6c90e81354d160b04e0b3929c6c908037b10ec98192432b9152e565bcaf19b2c

SHA512
903412dca884ec5879e4231987c53e47b0e098f4cc5603824d69f450ebb84430d393c1e13a7fcc445c35996570dc34eeed984e6ccd078f056bfff92633cc4e2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
cedd1e2d0c9602c7d224b5bfd592a26d

SHA1
52b9a76c9b7d6db8c0a723d4f2a5efe80066757b

SHA256
d8b59e0f932ce0b24d9be553c98720009b06b1ab8d98857c40a10c85efe00f1a

SHA512
65018c7237624c7f03df2903d0e243879749812a7380f75b39a296a783488dd0857741160934ae0edfa6dc18d65d4c86f0fbaa9b26f2a21792fb8cd8268b419f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
2KB

MD5
a2f54f0aa706cea089e7bf02832b0a3f

SHA1
0f9396b11c334091e84f2436bca6f7e22096981e

SHA256
dd0191000f3e89a67300b722a6c310b4006f6799313558674904d2b579c1a400

SHA512
9683c3349626a13e13ecdd0bb7f1615ebfcd8fe06fb5eccd5261c45dbfa5dbd592fe695c541fd64d099de728a3fa4e7465c12a1b37402b1650b74371e3cff732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
445B

MD5
16ea6884c8aa46afa36b1a9c4da69602

SHA1
aea7518b119a28a5932c8acd2a297f2ab66a07f6

SHA256
0f236f2cdc3e242b563ed2ef2ad4db1e970fa38e12211447172c9bffdde04a9c

SHA512
40a4bc2ec48b904d072e0149b9b62a8e92fa03d7861205efee4a44a629e4a685c1cf8ed0883efbbdb4f187ab47617202c26817a4a991e1ee5740e8cb215a8aa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
048e21b738032f1bce96cc0e29937a92

SHA1
b1d21461b426162f4e4494f2ff107e5ffdd42758

SHA256
aa421ce53a4be67a67486c1c94bb554ad531fdfe8770eb38d31da8f20f978d0d

SHA512
79a9eea9f6303aa69e5bad8faa845c6646478e778e3233b808a29aa285993fe2f3f1627219ca1e3a48bf7acb18f84bcde0b6b43c7d616fc823e6617191d7da6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3c093bdf7bc9771ced517cb4540fd886

SHA1
31a0e1722f43930e9f6d4d05b731b1d6a089348f

SHA256
2ba36338f382a77ee3f55d751ed87980f350015b530153a27c33ebf4022f9112

SHA512
5dc81931bb45be3c69ec67110f4d5995921ad18abb127b9a81c24e0beb487c2e50304b568401ea6a1436faad49dcf742f54f67916c1d513472deefe0904d13b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9e5e9adab19291869d570262e683763e

SHA1
7f7c94f0e363628bc01b38a4c746ede896a67dca

SHA256
1471afcdc385e42db2bdcd96cf7b2484e9f997af1226a076626c025638e9ba6a

SHA512
355a7682821175d90294dd77096be806034df01248425250f3720bb6f8a1154c77b4321c619f1b007213994553c6279647647af000ecee799d5cd909f7baab59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3280e646e3d3bf64ba8244c29842d015

SHA1
eeb65507a04ff5968d35753a794ec1c2f5002f5a

SHA256
ae2bbab051f7f170a066c9bdd821eb65c55396a4bb3e5ad3e5f700c866f5fb72

SHA512
a8c3bfd98016a578e242ef17ee4858b6f4d6ced2977610ea701ae067658138769768632650fa6733f86c756cf05d425d3c41a2dfb823e7ebd034c6b24ef5c821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
417f803ba1abbe5ef74175746e459d88

SHA1
3797a1d35d89d5c31faf69c28568a01c79a4367f

SHA256
771be758be6bc94576c0449d740c78754f0bd730af3ad3b3a46370a4fcee1843

SHA512
dc0e2f7cdcc2c4ea37ea072fcce2bf979fd63a4ea3e6298e26164c91ec333ea7134bac3a677466e18693d75f1b2bd3c299a5900b69a5c663ebe2a2f8e1a32fc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60eb29fcc430bf9556a088014341b2ef

SHA1
5830bc5b68bcf1885f320d58a612746ebd7f6dc4

SHA256
fdd4b57e5beb52c92699fc8ceaad4d0eff463113e9c386913ea6e2923b2a1e5c

SHA512
65d454f33ba9bc378f2da680521a0dfedd9bf26bb4d193e99445f1680c324b4f97229c7402ee0552baa1e6f6f80509c9bbe05be64c452d94508bba3d24848584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
af278ec8bd60e165c11ea2b767f4ead3

SHA1
f3e7ae635c8b3a3c7b854a6f4ac23916bca9452b

SHA256
580b10ccf5d222ce0e98a165a8fdfaf019d7c177f478102cd29aba2cf75d804e

SHA512
edcfa7a7dfd8383a9719647d357abbf8e561e127b72300144c1c3a0f466ccb72eba429264a2081c0fac9a78f9338d26da2ea64074b0bc4980ba87af378f01ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
065a7ee6b0a32d44efca069ea4c3a7d4

SHA1
28b06044c174e74588a977f3f45811ed81b300d5

SHA256
736f2b77e853062e19d400499346a740575a0e7b3503a5965d43e86940f9a75c

SHA512
05f14370bd5c61f6a679b71304879f7e598a80b17e97b38fd98e66a79d9a57e853784cc5213c97d0236b3125d3766572c55e2f348640e549b5c0f214ab47442a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c95c9bbd5bdc70077af0db1cb9dea967

SHA1
beaa67c7ab09e75034266e64efdad74986a7a32b

SHA256
2650b4fb8668d479be6ff43e1d8d70059689c1a966a249b7f48bdfbb280074a3

SHA512
a66da8442d6d12a64f6978e9887ab0f03ecc91a73818935a7fa124ec570e98ff983f6fb3cb4e74d7088a1713eeec68df22fce24ba1cfb00bb76ed6997bba0084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
917dedf44ae3675e549e7b7ffc2c8ccd

SHA1
b7604eb16f0366e698943afbcf0c070d197271c0

SHA256
9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37

SHA512
9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
522B

MD5
eaed6016dbaf060c3df7cf73293e3976

SHA1
a3c6e9d82dbc2cd547a50eacfcbf59e78d9b0b0c

SHA256
0ab4473073fec1fb32afbd9b3fab713086b00b1ea96e676bd69c273568f46a2c

SHA512
b31748d608962f736d60ae724679db25c651dea8c5045219299f8d67d8855c6d2a06d9a808fddb671e2c73443d5a203b1bf6852a711380099137d2247ead6d10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
2785b57b96e1a67b11d4934d240ad651

SHA1
e420b3d377d4e2985ee8db91df4fe1bfe8544d0b

SHA256
c199a776b17303ffb153102d14a3809d8a5d43eaf09fd07bb823a3815b11e1e8

SHA512
939e16a9e69e5b8410fadf0fab7fee3fd2cf2a9e9fe340e4aecb6c171fd62b826c286af71774f574bdd1f007dd35ff0a77894772fc1190375beebd56b31930ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13351270840962280

Filesize
28KB

MD5
4cc62a25bc9f99c35a24eea604acef44

SHA1
00c210ba32de320f9e4c178deb77a8a88d93ee1f

SHA256
ca0301da8b2773f0dfab16ff00d695b63740d315a4b8fa20a8f911eca3cd67a3

SHA512
b39c586c15179fb6b54fb95ac8dcb5d2359409ebd1ca2aa49b9ae10f9051c1b94c10596c07a8b20b3d6e0a350dffa20028a35cf839ae4c87fcd9b4d0de3cdac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
2523e4d9b3996b0b5ea236fc8b889826

SHA1
17d751c2fb1788db5a6cbb736652cd338e5b2dad

SHA256
79b221f8554e803bc3309e4f994e1c79d528884d98d1b3f6cfbe53e4ac4943a2

SHA512
f1d087d78f5711e4fc04528b35c2c903e2bc69063137402200584bd9c3757d9e978d546604f17cbaab807cb9c4bc0a87bfefd6a930ecab6c89235f501ed6bc7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
913943fe550fdf7f5eb974533c6e0afe

SHA1
d19113f28bb0907f8013081cf292df0c6afc302e

SHA256
610bf681de932af2a2c746352e03d18c34777e5ee191406fffdba966c5e7ed68

SHA512
bae074947ceace9b1c6706e36daa9da6e63ae88009e71c71d3ac6ae8ee9e3ab73a47f0c45e0c59174dbd5d8803d228663ba60d25c7045d068ea3cc72806b5511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e6d4a1c5fb434a97e52d28d9c7b1348b

SHA1
4cc5c94521570070ac65cebc91a4c3cc8e208dde

SHA256
3968d6d84dc7ccf1d3362f6041c50e68dcb8709d5c07e04d23e707e5aaac6192

SHA512
56d9dd71da9432fffea220c6668a6c71fcf134640edc930ab96853b26aa53a4e70b07b732c0a2a6ea29e65fa2d6dcab5394393848a1fa1f79734d72d79530941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
34af127d1b2cfd4976dbcc70e4dbce47

SHA1
9c28a619881fa8847d360777b696608a8783b188

SHA256
efcd2e431e24afde529b2d5840a088cd136a77a9dc3195780219870a2fbb8f0d

SHA512
64109f7c6958f5571670e728d84d2cc47878e7d61ff7e79746a7a7263dae94fa4189b51b759fcf517415f24e9d0f98ab24a624b8840eadba1353faec4a899e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58fd66.TMP

Filesize
1KB

MD5
8761a14e2821dee280bee587ff7bf3c5

SHA1
1ef2018c08add92a4adf234006ea7dea8b481f30

SHA256
ebae92c867b0c4651754ea19130162c30864cfabb3aeda6090b622ec696ea711

SHA512
d3d4c6366fdffc674611ff6610d2e8317d9c0af31d6ec8ffc0f6d1f633321a06ceceaa28c98c692125be906fbe6aa8d63b4d6db205cc44ac50d616316fabb56a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
be9fe5bfffdaa51efd78fb1a7553bee4

SHA1
c753e785e94f70aaf92594f0a275eb716182f676

SHA256
96e2937da4bb6edd2fed2d25e11d5b00ca35e930d9fad5a47b74af310a07990e

SHA512
217e0471080ace949d5d9d124805c50977f2c5fd11c49f4ffdf92a9fccf2b1ba8fbec2d0ca29823320ff1f7a254bfac69c5a822f5867dc40cc0591a0e06e34fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
682da57f70113c1abbae49248c1300ac

SHA1
24e005f440bcc1a6c7a0f11c3c8609e1deaedebf

SHA256
6c6db5c6d04619a908d69aa593ff22ec9b48614f0585eca77871b79b4e1be769

SHA512
aa593f8bf60731d1299185a65535b2b00db39f9e623765967cf7b921f2b30932ce40b8181a20392f4729511f852c6379c27f8429ab0e05a7078f52112df7a246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
2.0MB

MD5
f4a26a51fabc684057ab3942038281bf

SHA1
ee93f852af0b7bf03d082bcf7f85b85676c472b8

SHA256
57a55ec3e86248e18009371679fcfce7dd194490e283adc9dfc61189ad8500d2

SHA512
f171aaade454dc9db4902b1975b773ab2f6944d7af4d41a48f2336e8b8f05d4e85aaabe5c2d71b63554ccfdf9f5ac20703ac96cafbd272e2d3cd81a2dc4f3277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
120fd93495ab948f4529f30335ca3c11

SHA1
ff2397ac0148c7fd04a101e9ee8f451526cfecd1

SHA256
c52ee3912090a5cd53e533e65b8f439f55aef1faecde4b4e683e04fa5d1ba038

SHA512
be4cb24515f74016ee9d1faae9d1760240ca4fdbb5bb14519fef245195ba87a00c5f28836c415b3475ce349d9107d7d6f0fc481eb2e7a56e9c9cb498a915a279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
b85dbe8ae878ed376c9e57b1fc48b87a

SHA1
1e90503e99bfe2ab54bf9ac85cae46f41ee87e48

SHA256
a711e1b5ae6c5f96f09bf8dff5faf2cabca569aa676dff93b450f814c308b6ad

SHA512
4715f5ab967f57175dd1b65308e87eeb3f82f2c530bdc616b35439866e101f6f53486c0466fddd3db046ff51d36a5f8c2fd40b4592e50754a9f6d0e0fe484a54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
6aa310c69f21450110b378423f0fe33a

SHA1
35900a669ada31f222143f9bb357d9a80afa8ef4

SHA256
dd04bc03f6cd34295fad2e34452d0bd227ccda35d4dd5402f8b686b62caf8799

SHA512
4b5d846d4ae0efa2e11c592b0464e78363c00232f34a58a4a52e2c18891d111d3ff42be52e2bc98f0bb6eb98cbb543cc233e24e7744f5bb3dc00ca1b3bebc6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
feed3e38ab4921434e4459b73ab8c912

SHA1
87f2e5a1601a3d291f2c2047418dbe3aeec7d694

SHA256
79d5833c42c8af6e525c34b778dda4c4ca69cb561180590c2f2fa4cce4adfb91

SHA512
8da760ed43a8ad2b6d45fd6456632210a837c6702a085ffb6818533ee8fe11987221bcfb7b92a9389ee5f11f70607cfed81f202a4f82d09c5f4678649e0aabca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
0a67f1d30ea3e31d594f4055876e7429

SHA1
483df4aab391557ab288ad1a530eef4f3276f72e

SHA256
80836f0090f2601c19c947936cd22814e985d90ee5fcaa302228149931ed06e4

SHA512
91be49847935dc41fa68f46a51bf87ca53b1bb11ccda15ed73fa544ba0edf6fcf23fd09eacf56fa3765fc57b697f0df146d57cc4bdb955e14f99d18ccdfaf91f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a6426c8b4832e1d0257467619889ffa0

SHA1
b67e66a6e300b6727cfe38adec9bdfba8c2af6f6

SHA256
7298a3d01159d73da51db85842292fbb1672939a957a38669cc1905ad7470b93

SHA512
2e0272278a4bf4ef25988056682257f6bb642897b8781f6a1bca8b57b658a719da64cdce84ff0e6ceabe7e9b216832f8a62d98e384944a7890242f992de18cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
fae5f014711629e345eabed2cc033750

SHA1
49a18cbd7e7e0a2618c392216802452298546ed0

SHA256
4cad2924f53d6dbcf04901b66617092e019b007e146b36c6103fbffd03171fcd

SHA512
02aed5817a374c677b305d52eba478e044d5a04a8f27fa83c485a106f47aae79ef41d62f72b171808e5845fef10ed141851814b49251ab932bd5cc30ba83be8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
16KB

MD5
a33b3a3fdf5161be5bd861804961f557

SHA1
68a57897f1686a3e62ce9808165e18f31661d077

SHA256
ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560

SHA512
c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
16KB

MD5
4f266f64fc9e994218c691330c110324

SHA1
090e289f1a3116c5b910096b6a3c547b17ec379a

SHA256
e364e0070932b804a071aafde0420dd191d2ae98934e594c3c0cc6bd701c6bb7

SHA512
b754247795429911e995852562c3071db8443b2bba80d1bbf0581a59ba74506d2dd986f63dc5274ccf47a542cbd4433a182882bd1b3a28ce7c8cfaaacc4f5e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Filesize
16KB

MD5
2ac0e9550a06af37db2959aabfc084e2

SHA1
1949433519c9d587f66d317018a2fb2538973df9

SHA256
f077596d48d72f781d8dec4803c6b360e0a6d193758952e70a8a42f309595d91

SHA512
cc943996eb97d1f64408d9c66290e65d7ca499d318cde1492afe46e461964fba97b3c01bd884e23b63870e3808682f981345de7eced62025ca2be58d5d82a43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
405b08106cc4159110b2a832b19aa2b1

SHA1
1ed7b3545d56fc0b6d210a38f06e608326838091

SHA256
962f2b2e70c68dabf52a0b831f1b5e15208e855c057914f3df7e8d5c36113c20

SHA512
28b95307fd9ca441faa33fa3725a6772957f7f15406c05c49b5bd4a4ab3ae26c43ab1f746b6cfe1a113072a0f38bf48c45a2ef6ae53c8a593a9ac6083c97b459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
58380857e7a904d2655bbfd9eaab2a73

SHA1
043b630ba256d6fd9b32106317fafb6c4a86d64e

SHA256
b7864db37ee371b67d51f5c6880ff2926861007b5c700159a1c3ea20de0b5b57

SHA512
e1629e58e552b2023f4ee28e8fcf011e60a55bdd4f0a776790b83b019f01e538d4c279f1ec1a1021baf89db237c24626e2ab4216979a2b48162298a6ed719e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2a055cddac0bc5f9f08228a3a0754039

SHA1
936c12263aca14e6dd85ed4382a10fedaf37a08a

SHA256
b4ac368361f7d9b60c03f91b4dab0dca4998bf9ec8930de91a562992ba2fc098

SHA512
e4b47e91b5ed0352f25e511c53b8fc915c6014b20fb678ad445e36f8b2e4e7e8a4f413bd1af3ebc178d745c1367aaa7a55bc29b2e1b4828629523ca35b2c8c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
dccd77f9659bf4082b60b139db96e082

SHA1
91e86e523e8d71273b90166105ed163bc5f8f3cb

SHA256
3d6d50705a97da18e96b8302f5f95075eb85c5770e68d8013fd4352c7be2e742

SHA512
0ca888034d9ff32979e5239e77218a70eb96f86d26d64731e8a830ccaa2f65dcd87c8d1d51a3bb2a5e63c5ce22ff78503ebb2627334cb4113c5ebdf3e0ffe726

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
74B

MD5
d8e5b306f7549700452df435891717b8

SHA1
5e103f4bcc44db6da48c9d67d7d03ac5725a32e1

SHA256
11590b01fd735ebad9d055299282542fb1aaa42bd510d634e62e281d7cd7d850

SHA512
5ed2059a5b526241111073d5b1d66ad7815518f0a8c083da9928ade8a82a3670e08e3c337b1b802f6301f180eb5f5042433d54962cceac04b42cad26380e0142

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
ce4f2538b1914eb919ffcee6e8c2b372

SHA1
b56b3f60329b68731c0b64758a03406bb965532e

SHA256
852a9d5c04a22ebe7b310a9b93f0b792aa6fb66a043fa1d8e9b642fa0cd034e8

SHA512
d6213a46688368a46ad2f7191b69aed1788e4ce99da39ffa4e0a738b8683f80c85b881ce400b54dd90bb5cb8e24fcab2783bcf85ebc5d4c918556516c0691c1d

Download Submit
memory/4956-45-0x00007FF8A4BF0000-0x00007FF8A4C11000-memory.dmp

Filesize
132KB

Download
memory/4956-44-0x00007FF8A4C20000-0x00007FF8A4C32000-memory.dmp

Filesize
72KB

Download
memory/4956-74-0x00007FF8A4030000-0x00007FF8A4042000-memory.dmp

Filesize
72KB

Download
memory/4956-73-0x00007FF8A4050000-0x00007FF8A4061000-memory.dmp

Filesize
68KB

Download
memory/4956-72-0x00007FF8A4070000-0x00007FF8A4081000-memory.dmp

Filesize
68KB

Download
memory/4956-71-0x00007FF8A4090000-0x00007FF8A40A1000-memory.dmp

Filesize
68KB

Download
memory/4956-70-0x00007FF8A40B0000-0x00007FF8A41B2000-memory.dmp

Filesize
1.0MB

Download
memory/4956-69-0x00007FF8A41C0000-0x00007FF8A41D1000-memory.dmp

Filesize
68KB

Download
memory/4956-68-0x00007FF8A41E0000-0x00007FF8A427F000-memory.dmp

Filesize
636KB

Download
memory/4956-60-0x00007FF8A43E0000-0x00007FF8A44F2000-memory.dmp

Filesize
1.1MB

Download
memory/4956-77-0x00007FF8A3FC0000-0x00007FF8A3FE9000-memory.dmp

Filesize
164KB

Download
memory/4956-78-0x00007FF8A3FA0000-0x00007FF8A3FB2000-memory.dmp

Filesize
72KB

Download
memory/4956-79-0x00007FF8A3F80000-0x00007FF8A3F91000-memory.dmp

Filesize
68KB

Download
memory/4956-80-0x00007FF8A3F60000-0x00007FF8A3F71000-memory.dmp

Filesize
68KB

Download
memory/4956-75-0x00007FF8A4010000-0x00007FF8A4028000-memory.dmp

Filesize
96KB

Download
memory/4956-61-0x00007FF8A43A0000-0x00007FF8A43D5000-memory.dmp

Filesize
212KB

Download
memory/4956-64-0x00007FF8A42E0000-0x00007FF8A4341000-memory.dmp

Filesize
388KB

Download
memory/4956-65-0x00007FF8A42C0000-0x00007FF8A42D1000-memory.dmp

Filesize
68KB

Download
memory/4956-66-0x00007FF8A42A0000-0x00007FF8A42B2000-memory.dmp

Filesize
72KB

Download
memory/4956-67-0x00007FF8A4280000-0x00007FF8A4293000-memory.dmp

Filesize
76KB

Download
memory/4956-62-0x00007FF8A4370000-0x00007FF8A4395000-memory.dmp

Filesize
148KB

Download
memory/4956-63-0x00007FF8A4350000-0x00007FF8A4361000-memory.dmp

Filesize
68KB

Download
memory/4956-59-0x00007FF8A4500000-0x00007FF8A4731000-memory.dmp

Filesize
2.2MB

Download
memory/4956-54-0x00007FF8A4880000-0x00007FF8A4A32000-memory.dmp

Filesize
1.7MB

Download
memory/4956-58-0x00007FF8A4740000-0x00007FF8A4752000-memory.dmp

Filesize
72KB

Download
memory/4956-57-0x00007FF8A4760000-0x00007FF8A47F7000-memory.dmp

Filesize
604KB

Download
memory/4956-55-0x00007FF8A4820000-0x00007FF8A487C000-memory.dmp

Filesize
368KB

Download
memory/4956-56-0x00007FF8A4800000-0x00007FF8A4811000-memory.dmp

Filesize
68KB

Download
memory/4956-32-0x00007FF8A4EA0000-0x00007FF8A4EB8000-memory.dmp

Filesize
96KB

Download
memory/4956-35-0x00007FF8A4D90000-0x00007FF8A4DFF000-memory.dmp

Filesize
444KB

Download
memory/4956-53-0x00007FF8A4A40000-0x00007FF8A4A6C000-memory.dmp

Filesize
176KB

Download
memory/4956-76-0x00007FF8A3FF0000-0x00007FF8A4006000-memory.dmp

Filesize
88KB

Download
memory/4956-52-0x00007FF8A4A70000-0x00007FF8A4BAB000-memory.dmp

Filesize
1.2MB

Download
memory/4956-51-0x00007FF8A4BB0000-0x00007FF8A4BC2000-memory.dmp

Filesize
72KB

Download
memory/4956-50-0x00007FF8A4BD0000-0x00007FF8A4BE3000-memory.dmp

Filesize
76KB

Download
memory/4956-12-0x00007FF7D7430000-0x00007FF7D7528000-memory.dmp

Filesize
992KB

Download
memory/4956-39-0x00007FF8A4CB0000-0x00007FF8A4CD4000-memory.dmp

Filesize
144KB

Download
memory/4956-43-0x00007FF8A4C40000-0x00007FF8A4C51000-memory.dmp

Filesize
68KB

Download
memory/4956-41-0x00007FF8A4C60000-0x00007FF8A4C83000-memory.dmp

Filesize
140KB

Download
memory/4956-40-0x00007FF8A4C90000-0x00007FF8A4CA7000-memory.dmp

Filesize
92KB

Download
memory/4956-38-0x00007FF8A4CE0000-0x00007FF8A4D08000-memory.dmp

Filesize
160KB

Download
memory/4956-36-0x00007FF8A4D70000-0x00007FF8A4D81000-memory.dmp

Filesize
68KB

Download
memory/4956-37-0x00007FF8A4D10000-0x00007FF8A4D66000-memory.dmp

Filesize
344KB

Download
memory/4956-34-0x00007FF8A4E00000-0x00007FF8A4E67000-memory.dmp

Filesize
412KB

Download
memory/4956-33-0x00007FF8A4E70000-0x00007FF8A4EA0000-memory.dmp

Filesize
192KB

Download
memory/4956-31-0x00007FF8A4EC0000-0x00007FF8A4ED1000-memory.dmp

Filesize
68KB

Download
memory/4956-30-0x00007FF8A4EE0000-0x00007FF8A4EFB000-memory.dmp

Filesize
108KB

Download
memory/4956-29-0x00007FF8A4F00000-0x00007FF8A4F11000-memory.dmp

Filesize
68KB

Download
memory/4956-28-0x00007FF8A4F20000-0x00007FF8A4F31000-memory.dmp

Filesize
68KB

Download
memory/4956-26-0x00007FF8A4F60000-0x00007FF8A4F78000-memory.dmp

Filesize
96KB

Download
memory/4956-27-0x00007FF8A4F40000-0x00007FF8A4F51000-memory.dmp

Filesize
68KB

Download
memory/4956-25-0x00007FF8A78B0000-0x00007FF8A78D1000-memory.dmp

Filesize
132KB

Download
memory/4956-24-0x00007FF8A4F80000-0x00007FF8A602B000-memory.dmp

Filesize
16.7MB

Download
memory/4956-23-0x00007FF8A6030000-0x00007FF8A606F000-memory.dmp

Filesize
252KB

Download
memory/4956-22-0x00007FF8A6070000-0x00007FF8A6270000-memory.dmp

Filesize
2.0MB

Download
memory/4956-21-0x00007FF8A78E0000-0x00007FF8A78F1000-memory.dmp

Filesize
68KB

Download
memory/4956-20-0x00007FF8A8940000-0x00007FF8A895D000-memory.dmp

Filesize
116KB

Download
memory/4956-19-0x00007FF8AE620000-0x00007FF8AE631000-memory.dmp

Filesize
68KB

Download
memory/4956-18-0x00007FF8B3390000-0x00007FF8B33A7000-memory.dmp

Filesize
92KB

Download
memory/4956-17-0x00007FF8B68C0000-0x00007FF8B68D1000-memory.dmp

Filesize
68KB

Download
memory/4956-16-0x00007FF8B6D00000-0x00007FF8B6D17000-memory.dmp

Filesize
92KB

Download
memory/4956-15-0x00007FF8B7270000-0x00007FF8B7288000-memory.dmp

Filesize
96KB

Download
memory/4956-14-0x00007FF8A6A30000-0x00007FF8A6CE4000-memory.dmp

Filesize
2.7MB

Download
memory/4956-13-0x00007FF8B7490000-0x00007FF8B74C4000-memory.dmp

Filesize
208KB

Download