55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
976s
max time network
909s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
1900	AnyDesk.exe
1900	AnyDesk.exe
4796	msedge.exe
4796	msedge.exe
4372	msedge.exe
4372	msedge.exe
3548	identity_helper.exe
3548	identity_helper.exe
1868	AnyDesk.exe
1868	AnyDesk.exe
4452	msedge.exe
4452	msedge.exe
3428	msedge.exe
3428	msedge.exe
4208	AnyDesk.exe
4208	AnyDesk.exe
3560	identity_helper.exe
3560	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
4208	AnyDesk.exe
4208	AnyDesk.exe
4208	AnyDesk.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
4208	AnyDesk.exe
4208	AnyDesk.exe
3428	msedge.exe

Suspicious use of SendNotifyMessage 53 IoCs

pid	Process
4208	AnyDesk.exe
4208	AnyDesk.exe
4208	AnyDesk.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
4372	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
4208	AnyDesk.exe
4208	AnyDesk.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 1900	1868	AnyDesk.exe	84
PID 1868 wrote to memory of 1900	1868	AnyDesk.exe	84
PID 1868 wrote to memory of 1900	1868	AnyDesk.exe	84
PID 1868 wrote to memory of 4208	1868	AnyDesk.exe	85
PID 1868 wrote to memory of 4208	1868	AnyDesk.exe	85
PID 1868 wrote to memory of 4208	1868	AnyDesk.exe	85
PID 4372 wrote to memory of 2580	4372	msedge.exe	94
PID 4372 wrote to memory of 2580	4372	msedge.exe	94
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 3208	4372	msedge.exe	99
PID 4372 wrote to memory of 4796	4372	msedge.exe	98
PID 4372 wrote to memory of 4796	4372	msedge.exe	98
PID 4372 wrote to memory of 468	4372	msedge.exe	100
PID 4372 wrote to memory of 468	4372	msedge.exe	100
PID 4372 wrote to memory of 468	4372	msedge.exe	100
PID 4372 wrote to memory of 468	4372	msedge.exe	100
PID 4372 wrote to memory of 468	4372	msedge.exe	100
PID 4372 wrote to memory of 468	4372	msedge.exe	100
PID 4372 wrote to memory of 468	4372	msedge.exe	100
PID 4372 wrote to memory of 468	4372	msedge.exe	100
PID 4372 wrote to memory of 468	4372	msedge.exe	100
PID 4372 wrote to memory of 468	4372	msedge.exe	100
PID 4372 wrote to memory of 468	4372	msedge.exe	100
PID 4372 wrote to memory of 468	4372	msedge.exe	100
PID 4372 wrote to memory of 468	4372	msedge.exe	100
PID 4372 wrote to memory of 468	4372	msedge.exe	100

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffebd9f46f8,0x7ffebd9f4708,0x7ffebd9f4718
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,2907584164178644359,2544931740953594885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,2907584164178644359,2544931740953594885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,2907584164178644359,2544931740953594885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2907584164178644359,2544931740953594885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2907584164178644359,2544931740953594885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2907584164178644359,2544931740953594885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2907584164178644359,2544931740953594885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1964,2907584164178644359,2544931740953594885,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3516 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,2907584164178644359,2544931740953594885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,2907584164178644359,2544931740953594885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2907584164178644359,2544931740953594885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2907584164178644359,2544931740953594885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2907584164178644359,2544931740953594885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,2907584164178644359,2544931740953594885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:3044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebd9f46f8,0x7ffebd9f4708,0x7ffebd9f4718
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13248895946971955248,10068568176699092408,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eb061defa11529ce16968f337ad97007

SHA1
571368d6793037718072089fbf14e42d423e8070

SHA256
b943a3c88539284130821fd1699a2698e50987595e76a528ad949bb924f6beec

SHA512
bbd950231df2386239bccac6a13cec98c77d4a09dee71c4d0ac243037df4e7beba850c32e5b05099ef8e51f60692d17088bccfe4dbc01ec4dcd915bc6136fd45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
1d82cc1f25086e974929d5fb284905a6

SHA1
eee3e3fd915c0c00ed35cf19e79a30da787fc3f2

SHA256
0fbcfeb982afdbdad0d23129131bd27d9be433e985222f7c6fc498ac309c4f68

SHA512
697174422795409fabcb4eba98d3334456b7ae01d707b566a59e6cc607488f30911515bc8c63c392c276b67eef66b83246e495c5975878af1b5016c86c143a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
d5499f02e33c07a4a323f9706bc72ada

SHA1
dc037c43432ad47afab1bd863bd21f60d1cc2f8c

SHA256
1f8ab944030c279e57bc2b4eeee2f8746aa4190db462e8b48d1469e3316095e8

SHA512
32daf6a931381305c87ca5a0fce8cc12026bb9dee0be7ad305bc9ebb8e408ac1c34de71b48ebef1a6ad122be71fb5e5b020d7618bc917c215764c151a4c7ad56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
987B

MD5
eaeb91952276b0ce1afcaf2ca327f296

SHA1
8725357f82ecd3b98e7a2ab791e7b6beb8913b7b

SHA256
97366441abfd5418ddac5ebd5d2ec756f9e1bc76605071c79024a2501877dea5

SHA512
c843a7ea84b9e50c9122c8c0dca66f54d496926d3b85945298b313455333bf423833639fe14ea7948f908b75e731ac999a6397be4c06ab7574c22e1c44044c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
028983cee2041f9989729abff9ac4087

SHA1
248597024ff922df404dbd6396336392f3d67a70

SHA256
fd5d22a3eab7348831c0116b622e538706df46ce0c1d9a494dfb2db74fc64491

SHA512
515b173654afdda60240a167c06c56e502593796d463bcaddaf5f84eed65ed7143ce4a5168943736a6c84ae1489f31a1b4ddda1d522926c8734eb68a2639e232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
953ca89a796075c7a5f27b7ceedd6d7f

SHA1
0514c18f592c5a6c8f66c380e9e092285d9b9b65

SHA256
d670ecbc41f993f202c67b3755f81b1a12cab065fb111c34a43361c1cedc1214

SHA512
1fe7298eaa96fd0356befba5b52b52d912328a84d919844f74d197b8fd593e5ce4170b550480f789e96f4e8cb48937ff2c24643332829cdcacef1de8079a9b88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e363c71671fe4af1c823c2619b097657

SHA1
d777eaac7420cdd7059ec17d15aa0c19bb24625a

SHA256
6d81f51af4a31eaaf20f631144f7db0814c4a0b7461ab04437c6e675119ab702

SHA512
8f658065a97180fed519e1de767b30ee70b4ba979ed282b9e7e2f91eb9a68437631dd110d88b801724627da60da2735e3c202dea7cb486dd5ce6b7a245ac2aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a9156ab849ed67480919ada41517821

SHA1
df07d6a530be1d7ac26f9173405281af768621e1

SHA256
01b951e89b44371cc6f0d572c2f5cf8c74b4bd4f716058c765f00aa048a27caa

SHA512
3456cddab54ce830b80d64afaa113c2d77bb24cf04a5475927d24ef034c2fb4d99fb45469c8da2ff78ed87988818eae1f76ad69b7cf765589dfd23ad0240ecb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2953ec7ea6d4723e11510f6e03cd1265

SHA1
a5dd8cfc95f57a0bf4c2202cb84895c46ff12b7c

SHA256
374046dc5f7d6c27f5da7fcbfb6a603644f386f7f51ee1e86fe6d6c1d893ce15

SHA512
2cd4dfbf511791f15078c82a058d1c5c225a1aec3e07e85ab907204f5c4d4cb215e509895e3c0be3cf2a53f558b3f5c9abae49e2a608524e0af21c02852361c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d38b4aa5efa212089198400cb6d83a4

SHA1
bdd25c1360fa7c79d7be2bbe0315f1517ff2dc04

SHA256
e035de838a88b2fa7a59459ab384451913b7a38aca9200bed5ecde672987ef28

SHA512
51f831a66e73ad1d537d9c6c7dfb7859eb1fbe899e2eca9de28c49ac597913f95676810573780a2110a19f3d282fa04c48979554cdc5c1c40e3164e9c1be94b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3bd0fafdadaaad286b9e92a263d2104

SHA1
62283bb2f81c147ba925768f36410e357f81ee17

SHA256
4b95941527c6400160c0958bf94266d670d75a56bef7df9d63bf65ec15f324e8

SHA512
245985110806f565bcfc600ee9099feaa17c0f6d929c68d3d5b54690e20d5caf5eab30d15309b65b8adb9298f27f07d4b1bde41476582ed4335edb185f4bb457

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e029efe70912cf57d40d04c01776d41d

SHA1
94eba5604a8e4523d23565ac3ebcdcda4005e4eb

SHA256
57cd696aea3594a27f18b3636da302823ca687c6a326ff9ed2b578a23a96ac37

SHA512
3c380b2c1530a103030562135f9b71eb36a15c49ea96082f64f717e7045ea578ecbec2d1f53cd569d720f7e37a3c091f9bc6ff3dfecde6775658c1c51a03f01b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
28d3976b4d8e7331af5c4d1cf73c4de4

SHA1
f2d207e23cbf3552f8ff8b97f549636a5a89d68e

SHA256
b029e245cd9ec79786b0949738244f3e37eb68915f9ab51e3d33db12b315d6be

SHA512
d418852493a268e4b41aecc1bbbb18906465e951ace1dcc3fd412f9c6913358db8af6ddfc3f44cfec339121b4b04e26b1f5a533b596ba4f9a4657c71669f4cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13351477164706036

Filesize
1KB

MD5
7c01e7ddb3ce68be7cf8d222a225f20f

SHA1
ec4a811336412973a1f699cb944b4cd7f5980637

SHA256
40b9ec3c08d0489ee0bbe212fce8e3d3eb85b5056c5b90c1853e37c8145a5185

SHA512
1db36b12b9470e3178d1661bae55726a184ac110bb624a8d8ee54e17f8363917a3cec59c344becbba43a6fd0ab2c1356b3cf71f1286bf1748a7215c3bb1174c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
d9d5f0ffd82445235873e447b07e7e0a

SHA1
6311d8bfdec913aceb883d3ac5d67aceedf706af

SHA256
24f6a55f52888f288ccbf91ee07b31a23455830c408cab3d5834b2df209b12f4

SHA512
e880c68be15afa5341d1706cf09f96dfeed64b7728f8dcf26486bfb02f87e3aec1c3e6c19224bfacd9261d6467b714ca4e71ad3bb3df09a0e1582cec6b254e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
7279d32767dece0d115496a9ee2d9c8a

SHA1
f3c217bcb5707760321a6883370bcd586bfc6c2a

SHA256
1cbe9a1973b402163867baa3e61ed5ad6963f1f1c523b36d34a73481192d2273

SHA512
c51bbb4db23f1afdf74964f00d65a423bae05fefd0619db59007249f6966b6f466e58ba55e4421fc5d0225112e64011877cd1ed3a8242f74e6e4769ad2d5adeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
325f2af2ed39b06bb0f5857b8a146dcb

SHA1
07fa0c3f7264a986cfb3ddd9a7dfb4ebfc9a571d

SHA256
5fa5ec4237c7b9241a6ec57a53a78ae3ad2cf661fd199a30baf083ff2f062f7e

SHA512
0829d61248843c8dfe5a3c96c3b583ca89c4e6b1907cd82e172096df9ad8df750b07028b5f3091e4d1edaa4938d02a694964d2bb2ecbcae0cbf939d9429f2128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d2bd171bd0317cf49bed844f9685a45c

SHA1
792f78fe7991a06574036c9de1dbfb1d62dff14b

SHA256
80342ad7511903bf1416c3bef1231b54342a060bcac80c33b56852edd5914feb

SHA512
45a76c550ea09ceac8931350d5a7a808895772c007bc2e4f8263e20c410bfbd2c4cd3a47199e842c74d535f161ec6d0de5757e8479becf0a8222cfaa9ded18aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a10942188344fc27a8a3f48352b4b0d6

SHA1
007c9c3c52513261a2b2664cebbd9447adcd5bc5

SHA256
cdc35428efb4e8c7ce32aad6fc8f7c02fd176f434bc4ff9c361d5ad3f4657558

SHA512
0f562d2331c34af41b7dca3bbf7921166f3b828383e1b9da6dbd73369e65babc62177f17467ef03cc834a67bbb962a110ff80b704faf4c517e9072c7744d3c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6e2c293ee4a1965d414a6c16ad739d33

SHA1
a5ce0c82baf4c99085101f1e60484a076da2224f

SHA256
41e37458ac39dea547b6bd3d69d1dbcb07e672d22943743516de92a0961b89fc

SHA512
508074846a63c22c9945cb3117035d95f1fd423a2ca4f0e00a72bcc799389bd64b746738499f98c899dffc9a82392aede5b5cb0bb5a2bd364c076998175afd8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
74d9149374305c4c2dd13cea1f6a7f6a

SHA1
89106bc8b9a7e792951beb06e32223f28b4fbdc3

SHA256
84b5f26fdd297cc0036b76b1bf0d0574315566704d35e751154da7fcf1af88a2

SHA512
d97ea5a42aa0536766571e9815f9e7e96296fa25062e41ca4302fc96abae2df7b0c83104725ea650b85a3b6de68f4c0e09017b6db1079011772b77103068acb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
6KB

MD5
88f8ea7c1f6be7458dfa0ce24c95a6b9

SHA1
522c9c663c720c92afbccaac41732ff4a4e75745

SHA256
7d4e74d908c0666cef642292ad70ae1f247e7a2fc312ab9422ff36df4da1a343

SHA512
732452cf7383ff8a5966055f5b3b18326fb90214d2a52a3581f691160092c5ea77e71e395d3ffb8ccd95c8bc69dd42bfccd07b76022107c871ce3de1740772d0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
8KB

MD5
3caccd39f9713377d0f52339f827ce34

SHA1
2d7781d17db8eb18e493c42c051a29d6cfdc9af7

SHA256
5cf70d8193b6d1e86bf176d2361c44ca26558ae1bc2f138c65d562cd65cc09d5

SHA512
86894c5f87dc2a09239c2846ca8d42e06acf8569f8933136a2cf59075fdbd41ff254dbdcf9b6aa78fc6b6710095f670bd6b487873c61d83463e36bda9470fc47

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
84c671aaea51ed2bafa9b11cf303b2b9

SHA1
9e95e4a8aa2875fa2b83ef046fe1cd1d2db8a650

SHA256
fc6adce0b9b6016b0df51bddace02855907a61a6551a3ef8173be0d035c32fbe

SHA512
d0bd19d7aee831d48cde68de13dd4ea6bc4eb1346a0265b81a33e0a3b1d24fa1d6b9621ee4bdb54d53ad756b554511e111a5c8cfcb16597a1c375bec32cc4cc0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
1e58c149ee4c0b89dc4a8a704ac4beee

SHA1
9ce1e4cfb7aab9df48e0721fa1c4479b6585409e

SHA256
ca7e54c99ce05d9b40dba0e007721ca97dffedc806c07f7a40a86fdfaa02b453

SHA512
4a545b7512a13ee3a331274bf59eebebb1e8ad598a93f47abba0557ea5a796916f28c0c5351869666619c43534257ab64f200f49d95dbda9a174631aa5470989

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
529B

MD5
77c9c859764ab2a70fdf6a123da012f8

SHA1
754ffe27a795ef2836fa6b3177ffbf17f698e5b6

SHA256
5ccf3b2ce2f3e01e219276d0d5b8648ae0652fcedecf502156259e237e3cc939

SHA512
877e1c84a1e159f127308a86b85ddcd0b47a247fc53d93f03a36e45245dc5d1a73732381ed3864afa42e827aaffab46f83ead4526355eba21958543748f1de07

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
5a474ec95eed923c263ac4ebee5da73f

SHA1
e4327353eae124bce51d3a53dfd4bf922c09f476

SHA256
7ed65a59e307f894e27cbc1e4a06d442791160af6634e1e7b8355f9e54442008

SHA512
14a7efb3e8df68bdf9c472ada91a2916f64918a276c717b380d20a373cf8269c51cb8edc35223e9521b2b3518ccdd7f0d4e0d3d645bdca06b89e51bae7314ef4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
9b86910a4b2c1d5aa9bac05d5a1d555d

SHA1
2e3559c9db0fcc1cfb2de4331bb3de8803d4cc28

SHA256
8a5d8818fd5cae7f588abc220247be127839ce6295d3a68b261af608acfcd981

SHA512
57afa56bb29c67095cc9702c16f4b013290703c70242c9d1e9c88591097f2cf8bea355004c18de3189a0fad7f5566a092574565a948b876b3fb2a6fd9586209c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
95c467dc1657a680d6349750c9d5c8b6

SHA1
a906426635a1dfbb8969c7c2993cfc0fad914137

SHA256
dbc76bc871bf8192700a6c41169b812c089850e8f0b0425fc2f3fd4a193d2d5d

SHA512
85bb018688c410d41d2a267730757d11ba2890b854bb01f7a6c538eb6318673fa2fe7cfae0a6a711784ff966b03bf8a5e69dfd91f18ab560f964b402905d7141

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
e10c6e5b64632a649592288fbff4424a

SHA1
3d18229f433ae126094e9e283a8b923f93d1fa31

SHA256
df817994555c2b08347fc0adfb0d827e6ed025e80eca870c3a1281964220db4e

SHA512
f2f9dc9dc155a54a898e0ded8aeb66c4e66223a32d586f84a0c731fbd7f5d65332bdecc8e9abe2890a3dc11afb244bfffbb692c8887827719525903bda4d3fbb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
c48a2e7862e0a9e1217086bf04db679a

SHA1
6567bc192e17b71d4d09feb88d8910a180f0b91e

SHA256
a7511c283d674e28f1074f6353844adea1158ca6706891fb62998b15b07e4296

SHA512
686c417276316010273d3d782a85a263ef88b55c31a099bbb5c422e27f375e682907b532f15042d77f9ddbf590708e34615358f6debc49e1f39395d4673fcd97

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
4713be3cb8d30280725d0ec387c31a96

SHA1
afd7363cb3735ab45c3c1bf67f3d8683e55eda8b

SHA256
9b8745cd421b88a6a33c727361b37f73e3c1f35e0bc7b57eb829eefefb9d36e0

SHA512
675b3e9c81b45035e720812aad1de12bc92ebc9b293128085a9d68f300944c3af97aebabd9b96ed3a6bdf314ebceb38d9628e2549b891c06bba1aff00925cac0

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
5d96301efeb96711fa8e39beb93aaa91

SHA1
d69d3070fb1d575e0d9e82a65b3efa2d991b514d

SHA256
79aef336b7ba05d3dc367cd45cce70472dba42d052f4263a49d083aebcbfbf1d

SHA512
5746909b1dbbd45df073a08f1ba66ff8815fec7b2a058053421e86c34d26e906aff97fff943d9ced42bd260077139861a0347b2346e27d6708f74e96b91cbb8c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
eb17339f422cc042d8f3cb1a017e5ad1

SHA1
17c9c36a60c22333db373884c207500dc6b979a4

SHA256
77461e536c8cfb3ca6b4a427cbe90cb0ea6f17a9a41f66a615836dc67f204a57

SHA512
4c3127ce75f6348d54d31dcc33baac0a6e89124f67b971ad6d4dd37917cb2376ff8cfea56003c9168ff6ae2327ea9e6ac3e40c2c8c7ed0f3798cdc44a801b2ac

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
dd023e25b1a3e9435f9ae2322a3320b2

SHA1
e5fcc7d886efd3d27d81fab4ace55527ffeb0022

SHA256
567d2e65cf87cc096682290f7c9db1bf5a04f65b91d40af8fcb8d28cdc7e85e0

SHA512
4f497c6d69103ca215eed1ae6e15c4a0522ca2c57c87d4d81c5a6dbb4a681fbc04977210dedfef6d7d549613ae6595f0bcada96db28ab74775ca3d439279995c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
17b88fe50f903ed2492eba63cf9aa33c

SHA1
b5b756e19b81a7849e4c9def368fcbb74014aa78

SHA256
0fc2644d26b39e336039a423106d8c9d74c955cc2be96c093db7a0931cf056cf

SHA512
69b8956e70f6d293b5a7c85fac5176f3107f743317dd735824de03bddb17d32fa0bc957035c87e25539f6d9258277a6cc8501a460a6f63b870e0bc5d4e23ebb3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
648c92d5c0377bc6b8455651759aeb4c

SHA1
306e788f63d8a687f27ef1017903143187680a89

SHA256
ce59e3e3b7de27e846c50aa84bfbaeefd61b0c457c2b74abb88e47a09c49e7ad

SHA512
8ad9f50950212ce0f59a0b99da48f07a3b98f7ea2a89a3d79896abf6f982eb9353ca4acb37dd3d7e0ef05fe19c63982e32c29f6d2ae209a231351622b6b89b6f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
db1c6210fa9534fbbef375f133e06b9c

SHA1
15a053f5bca20ec5f8d6ff98aa01785664c9bac0

SHA256
a34c3a0dbfef59edc3cd4e9ffda66c76a02e2036adba9398bd922ffe3b4ef989

SHA512
675ce10c4b0c4a59a7d6696c0d9c21d74aa37b10e384fb6d37c74303a2655105330fe5d3b2620adba7717f1031ab898bb80117cde5d1a6fb9b2a4352ad862a82

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
667d4b023e9ee5e3be1c8f2d420b5766

SHA1
e0b228dedbfe789f056bf3d1b7c7a36ad2fa93da

SHA256
5c7c9179ab417eeefa10386a5d1f0de8ca7db3b48e1c55e4a6326d7ba648fba6

SHA512
24dfaa3ddf6777ef9b392ad67dc095eaf65da34d98ac5da878465b3130722f306d94c6ace8af845588d1102bb9616e6adbf3f6ef9bac1c9d1c09bde629324ac2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
6264962f75d128edf6726bb488c889fe

SHA1
ddfea7d50c893bb8ef911cf3f99ac9d3a09f03a9

SHA256
c1d5dae2cbf339cd57bc485f1994b2d36eb5e9b6f06faef1c0e7459bfe837ab2

SHA512
a94e2404fb2d427b66fa2ed892a72d54e351bbf7ab5c991cbae51d3ee468739c6caca591024d716433d01d30c10a19994117f2b846ae393453937494a40280ee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
8aa14092fe1e4bd85af11bcb33eeefee

SHA1
183c95c972658746721ea22abbd524fc23b1b780

SHA256
374f1deea9e4c5bae54581acbc4c691c891ec303941e976ea6766854ae4ced8c

SHA512
c87ae0d52d0b5a20f9370574df81e278a76135527a462646e03b9589a15c8679258774d1c1aca5ab8cdd160e1843357e72b6eba27d1491f10ee041041f4ac779

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
e3a49c5cc737ffec54e43316d6145d5f

SHA1
d0a362cf479c40ade469edf11cb6858581ad3d0b

SHA256
b086b00c87b8f79042186d5aaceeed0ab15b35fe351d47c5c84e4228f52973f2

SHA512
da08fa73e3887277a6f4790369d3d63c415c3286cffa58123e91f869caca17c7325b3465259c64f3762a3a3d806334b01bf1bc86a030606dd939d0e350713e60

Download Submit
memory/1868-32-0x0000000005A90000-0x0000000005A91000-memory.dmp

Filesize
4KB

Download
memory/1868-31-0x0000000005A80000-0x0000000005A81000-memory.dmp

Filesize
4KB

Download
memory/1868-436-0x0000000005BB0000-0x0000000005BB1000-memory.dmp

Filesize
4KB

Download
memory/1868-435-0x0000000005B80000-0x0000000005B81000-memory.dmp

Filesize
4KB

Download
memory/1868-434-0x0000000005B90000-0x0000000005B91000-memory.dmp

Filesize
4KB

Download
memory/1868-433-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/1868-477-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/1868-188-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/1868-437-0x0000000005BC0000-0x0000000005BC1000-memory.dmp

Filesize
4KB

Download
memory/1868-231-0x0000000007220000-0x0000000007221000-memory.dmp

Filesize
4KB

Download
memory/1868-0-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/1868-11-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/1868-77-0x0000000008060000-0x0000000008061000-memory.dmp

Filesize
4KB

Download
memory/1868-3-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/1868-98-0x0000000007210000-0x0000000007211000-memory.dmp

Filesize
4KB

Download
memory/1868-1-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/1868-243-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/1900-244-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/1900-13-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/1900-524-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/1900-30-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/1900-181-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/1900-33-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/1900-478-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/4208-34-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/4208-182-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/4208-12-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/4208-529-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/4208-525-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download
memory/4208-245-0x0000000000250000-0x0000000001987000-memory.dmp

Filesize
23.2MB

Download