f0a8e42a481ab22db1aa9299045a857b41f3d916440e5399e542052356d94a8e

Resubmissions

15-02-2024 20:59

240215-zszekagc5v 10

15-02-2024 20:56

240215-zq1jvagh53 6

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
15-02-2024 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

V.docx
Size

6KB
MD5

171f53d37a70eeaeeb5a9338afe3b320
SHA1

14d5d03abf1e54145ff2710e304bb3024f1d812e
SHA256

f0a8e42a481ab22db1aa9299045a857b41f3d916440e5399e542052356d94a8e
SHA512

16a8879fb796dc6ba1f730345ca18c732d9ffce2b9458e358a5cc861249eb031271818353df992eb861d95674456e08bcd9912c6cfaf04037d9a1ae421dfe6e8
SSDEEP

96:SxMTwP5dVjNrRRFPg7Z3RqXRKTLSQojwRBbaQPWnIwa0G5Zc7+7yRf+l5Ra6:wkIVj3Ru3tL/sg8xFc67+7yR6h

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
5	camo.githubusercontent.com
32	raw.githubusercontent.com
50	raw.githubusercontent.com

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2567984660-2719943099-2683635618-1000\{04DA5360-A507-4C25-B332-23DD8A3A4D6E}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BadRabbit.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4624	WINWORD.EXE
4624	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1172	msedge.exe
1172	msedge.exe
4836	msedge.exe
4836	msedge.exe
3860	msedge.exe
3860	msedge.exe
2448	msedge.exe
2448	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1652	msedge.exe
1596	msedge.exe
1596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4624	WINWORD.EXE
4624	WINWORD.EXE
4624	WINWORD.EXE
4624	WINWORD.EXE
4624	WINWORD.EXE
4624	WINWORD.EXE
4624	WINWORD.EXE
4624	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 3256	4836	msedge.exe	83
PID 4836 wrote to memory of 3256	4836	msedge.exe	83
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 3200	4836	msedge.exe	85
PID 4836 wrote to memory of 1172	4836	msedge.exe	84
PID 4836 wrote to memory of 1172	4836	msedge.exe	84
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86
PID 4836 wrote to memory of 3144	4836	msedge.exe	86

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\V.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe4,0x110,0x7ffa8e3c3cb8,0x7ffa8e3c3cc8,0x7ffa8e3c3cd8
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4832 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1836,15580512733182619259,2821915363062589071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1840

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC
1⤵
PID:3300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ec7568123e3bee98a389e115698dffeb

SHA1
1542627dbcbaf7d93fcadb771191f18c2248238c

SHA256
5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75

SHA512
4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
29KB

MD5
368050b8871b73c9795073699d26799e

SHA1
25763dbb7bb4e3d7d496a62ce258af48972d07d0

SHA256
a7d614217a4ce6ee94718785055d9d22243625328e7ccdff3092e69487d7da91

SHA512
d02abb37e225b0c40d256bea702be1c1bbb8062d404e9941baa3c87525dcf88fbe57b0cdcb9cbf28df6687eeeac32c7a1908567907ac2a0f19798eed33a32a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
07917e07d6e233b89f4d254dd612aa8d

SHA1
1a4d73470c380be3f01eef133bdb4df32facae85

SHA256
9d4c742ace35aaf98b2824219398d0f433ffdd8eb3337892474f08828ddc4b7f

SHA512
79dc109b9d39e4dc89058080498aa80334ec5c3340dbd556d8a39a30c779dcae2cf405106999c2a5b7883126996dd1c72d94479eb52aaad7e69a9e98c2461c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
668bb9ae4596b1f0b35290a0ae342e6a

SHA1
1f9f15d0b2748075fb0368a3884ca5fdfc191f7f

SHA256
67a21c31e804086894bf6bc6e254c312b2137e0ed1b9c13e4644d1b67d61f648

SHA512
2c75224a6c86de089bf9b8bdc5d6e58f44c1131532abee304052b3a156be124a35a2b320c712a26f7d778604a9b1fdbdb674c51c5543e44ea9a91a6f7144c892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
853B

MD5
3bcd2f34c06df85b833a8c9465031b1b

SHA1
8c16dcc126698f929b01d77b5fb51d9fe5a9863d

SHA256
b64a3bae20f34a996f2810f9e0aca7d008ea955cdb316f05fac060dd5e06fb33

SHA512
690fbf1f6a40c497ae59d9e4ee5d0d6d3563fe03131b9bd6643981883995e6dd5c89565b42ba273c83ab34de5995c1553f9d646a9366524b3858ad7cc013f523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6782f8008d7f15ac55b501d401a97211

SHA1
983b33f6d1cbd9003f7061fc15c53cb902522422

SHA256
4623f7b97503977468f6466152103136791fafc055493728bded5e24c5cf130c

SHA512
7ab6e4047a9f3168ae6473a60609d109e91295a88bb59573e910b3a19b80e6f625f8c3db346bfe23614743a7536c8c690baff11ddb79e52d51d5517cb990c181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
768cbe446703e7b0b46b2fb45f07e308

SHA1
5754c778fc91110e69042065865772aa1f5e838a

SHA256
3f94ba4c3262afd703a404e39dbd290c2f17832358fc52a3975091cb00e1aee3

SHA512
d20c6eff3d72338a69f9dc677b3f71f1089aa4b3e73c91c8eb77ef4b4b3bec1542a87024aefd22c8d3eef550a42d3bd152a89aa536e9b2114f98231a3b652e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73c03a25d99d11971181ab6e016db386

SHA1
386908832108fe50def6300b0d3131b1ffea3c7b

SHA256
478117de680bc5929d3be08d7025345e8e88cb3db6a2a8748fe73124dade2c22

SHA512
40454727f24f41e52191b605e11124b79b0955973fbbc46f214b43ea741f3d472855fbd2106f8d5ed0f6f15170157d148f2341ec40e634a4446d8b487e4099e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d28bddb1b6f7466a59c2568e9e8f0c90

SHA1
a782becf3354d6b6e7cbb5b23f217d15626eb725

SHA256
9ebbfb94720a35cae09c7e226fbfef8fbdbb18dbd767feae4d6c0020b817d9d5

SHA512
f98507157720c0bd365789135b0a992321eb0ba6eb5f838ddd102f49457eca2d6512978ab353ecf9baefaa7d8b5df9bf03fcf976365c2ae69fcaaf7aaaab4a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
af91edf5fc2ad595222c63a266ce3e4c

SHA1
08904347dfb510205173a17972da763af5e75759

SHA256
7b207ff59122e9a1425afae3896f1cbc7841fe6990003f19dbacdb528fbc655c

SHA512
af059a70b98f983e912c2b202fb5a132dd0ee2594a71872f3a221d7205e7a9b2b8480da2d7f4c8d8773801948678ee450a1726e04b1a83ac4281971781699cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df0c4f5083567f884edb09ebf5264226

SHA1
64ba842aaa0e8b19e4b395e56a5490bfce4cf3c3

SHA256
9176885df35215340e03103f661ffd13a1bb6fc9eaa9066e07ea769be5743b54

SHA512
9108578ba103493c78b15b365e11c1d800b3e28ab576e5fba77b907af03b3376fa4e67a2985eb0da5318823c9881dce76cbf689ea0e21c2330d896c1857ebef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d76a8750cfd03839df203ac6dc1e77d

SHA1
ad034cc21f7fb64a38185a41ec941ef9282d3a1a

SHA256
60b6b452463c5aa0cedfa376cccd4a7a4faf71cd81284edd0e1e5929c92d0502

SHA512
8c638f3e97f5846f039697423731dca3101cf2b5a5a59fd761f1f75e6ecc3f2b773eab1708a76883e761b236b9302bc966b2de11e9e4e07e039bcddd5714663d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
0ba15f72ffb0a37243558588d3e78221

SHA1
814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0

SHA256
3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a

SHA512
02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
569bd036a148467ed6930cc5f3fc58d3

SHA1
c0fc9c56524e75802fef6e05434994df323c54ae

SHA256
eabd4b60e2bbf97188fbd62970ad9f1685eb9e245b1cba0f36db462d10e075a0

SHA512
414cef89f9773993d8afc51e4ee802df774ae19f0c858e2316ffc837880f127f02a7fa42fb7dc01031883eca2e2e2525452c6875851d96e69bbd2ff0a4c6224d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f2ff56d169bb588876c3ab082e52a566

SHA1
70a1873c7193bcddb3fc93780663dce1d362437b

SHA256
734f83b32681996cdf1331ff215f754c4eedb4f0c31d4fbd864a321c260bad02

SHA512
d0a2a0ea8403be5ff02930894efb03155cf5cab53dd937782530c38ee060a7420e8ddfbcfa033ef4ac31b8d0d3905c48fcc4069182676f04132ed5f39f3133a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
09a097979395e210ef3579c2cfbfdf27

SHA1
855697d2131be5ddcbe4b7ab434620171a4bf5e7

SHA256
c422bacd66e5e127e9e125f2f43681f4a340e70e21eb0ec3169b50f4dcffbd77

SHA512
ecb60fe89fc4ebec8aef65d6af9622f49db5d81fa77249dbdda40c3c5cf50cfe2217c38c6cc78a82e27d1d33ab6e2bc04465fb65c08293c99d306ace79c8ae41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0993678ce76fbabb56c705359da2db00

SHA1
83a51ff10a7eeccd8e748322b8ef20d77e668c47

SHA256
b26e5da60cea9478aac829332be954d68f8a3d09664c4fb4e53f0775cdf0b548

SHA512
3f549963bcdc9d1b187199578a59c498e9df0514b335999161f644555f8936e0fbea389610acb7182e4bdc111bdfe056469b1bea4c2a60c169436e175d553eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6d1759a07ed0d418594219c15271955c

SHA1
3dde248c664c34a2996b6108ac44f641701d77cc

SHA256
c6eb626386d99ab30d03cc9bb16cdb95c2f02362dffc30609393365d61fb9583

SHA512
ac99916e05a14938b048848254f50ed1e87a66fce902470ef5838dc1b58bc8cd87ad0c1897a0297f9931bf4e0ae63b7c276c2898db40ebf389291850eb00af3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dfcff8f9ff8c40c81e6e2b02dca426e6

SHA1
a7758732a4ed52034470097a880c3bbbe46ddba9

SHA256
df5567b1e33e0006522eac501ff0e8156c1d03a58248c5dd2842e4736ecf1962

SHA512
fadf117409a57d0d78dad289d9667dcd493058b134c40cdffca89536391094ad68709d1dd5f011974f63cfaed048e99aeaaad702e82e767389b6d84188a83f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c6ed680157e0e8b40bc9da77c24470a6

SHA1
15efef2f4506b6b054e80328be090a1b9d5ca9c0

SHA256
898e19d56fd714a68977d6a4e2c1715837ee6ba78c5e28291b63e8d3ab1870ed

SHA512
13665eecdfb0854ba30d61cd256474cfcab4ccada19fa16eb0c0c3f1887583463f2cbab98f2dafa8cd0ead72031a5bdfde407a021b1ef833788d6033744057d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8654c3bb0ffde886035e225834923fe0

SHA1
ee27634e46591db3392b08e0aeb56edc8015b19b

SHA256
12c267b678632844963c92b539feef1b52b112e42ee14ceaf5ac5f188b13c979

SHA512
8863d2ce05eb01de5e3582e8158ae446830c675d3c1d0d67c2b4db0eca82f851cc2e18c585615fc8efa4276b4ad5020024c38603b83dc6d4d4974f68c8a3d902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8bb7cac4d705006d72c88e4471a96e87

SHA1
6f7ef9d4b2ad9ed3c5d1d8af2f5e9d728808c7c6

SHA256
c12456d0e6e5c09fc24d505ce32fe132461c167ed89a9e898b7c99537179b11d

SHA512
9365d4852edf092cb1025f72d06a5d58ef4c20f0272cd2f1eeb1e0c60ccecb5dc8b235f49be7c8f43cfb4124f7b7bec39efc875718957e9a9dbd73763670210f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1119c45e6bf500513620633d76c8edfd

SHA1
092b9b94a47313ffac11afbcfc4c4f93a6b2f775

SHA256
638b19d36148786c267b82854bf54fc29a5e5173e7d176405e84e5ae7cf24c16

SHA512
b93501617fdf87de4b08c49c1ae24e86742ee457ff9837dcf684996ff2e080e4a7b5bb7a87af91c10802bb09027b42abc68fd9205c5361c9e0cc58697e3dcc96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d97.TMP

Filesize
1KB

MD5
1bab6b3eddb7feff9ecca85d3d12a336

SHA1
a10960e22babbc888e595ecbc14d05630e643871

SHA256
16909d4671433c81632093ffadee78f5fa1b797acf3336886417cd2ed1107930

SHA512
7b18abbef0e4f7e2ebb4c543380b5a9a820cb6f00028c7987e3b5808ee4ba583c43c9edcc3a4790f100e2993c3442692ce4958d5ac3bb0a1ec0066f9f34f003b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
87c61ff76f1716c4ce10d14a60d5450d

SHA1
70114320ee3f5823cd6679c4eb7df3c25495995c

SHA256
708ad5a90b3c3cbfd4f7f1489bfe50ce55864923baed6ade29e7e54479736f74

SHA512
629cec1549cb57b9524468e04faabad558536edcaed38b912ba8084f37b796228d60597e51895ef2144a949b0108f977812c8db7a9ff5e0f18cd598484e869c8

Download Submit
C:\Users\Admin\Downloads\BadRabbit.zip

Filesize
393KB

MD5
61da9939db42e2c3007ece3f163e2d06

SHA1
4bd7e9098de61adecc1bdbd1a01490994d1905fb

SHA256
ea8ccb8b5ec36195af831001b3cc46caedfc61a6194e2568901e7685c57ceefa

SHA512
14d0bc14a10e5bd8022e7ab4a80f98600f84754c2c80e22a8e3d9f9555dde5bad056d925576b29fc1a37e73c6ebca693687b47317a469a7dfdc4ab0f3d97a63e

Download Submit
C:\Users\Admin\Downloads\BadRabbit.zip:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
memory/4624-12-0x00007FFA758B0000-0x00007FFA758C0000-memory.dmp

Filesize
64KB

Download
memory/4624-17-0x00007FFA758B0000-0x00007FFA758C0000-memory.dmp

Filesize
64KB

Download
memory/4624-329-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-247-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-14-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-18-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-15-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-13-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-10-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-16-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-0-0x00007FFA77E50000-0x00007FFA77E60000-memory.dmp

Filesize
64KB

Download
memory/4624-9-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-5-0x00007FFA77E50000-0x00007FFA77E60000-memory.dmp

Filesize
64KB

Download
memory/4624-11-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-8-0x00007FFA77E50000-0x00007FFA77E60000-memory.dmp

Filesize
64KB

Download
memory/4624-7-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-6-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-4-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-3-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-2-0x00007FFA77E50000-0x00007FFA77E60000-memory.dmp

Filesize
64KB

Download
memory/4624-26-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-1-0x00007FFA77E50000-0x00007FFA77E60000-memory.dmp

Filesize
64KB

Download
memory/4624-24-0x00007FFAB68A0000-0x00007FFAB695D000-memory.dmp

Filesize
756KB

Download
memory/4624-23-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-21-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-20-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download
memory/4624-19-0x00007FFAB7DC0000-0x00007FFAB7FC9000-memory.dmp

Filesize
2.0MB

Download