61d76bce21ca5107eac1b40aa13dee84268887692f97d0f8335f51848b735503

Resubmissions

19/02/2024, 03:55

240219-egr6wshd5z 8

19/02/2024, 03:52

240219-ee2ybahd4t 6

19/02/2024, 03:48

240219-ec5leshd2s 4

Analysis

max time kernel
1726s
max time network
1705s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19/02/2024, 03:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

M1.rtf
Size

479B
MD5

46b0d9404ff94d8f45cd7ec8ee925db7
SHA1

5f6c5ef584cf794a62741208f8a785b73f651ca9
SHA256

61d76bce21ca5107eac1b40aa13dee84268887692f97d0f8335f51848b735503
SHA512

dd174447f41b3131e5a89932787234ca078510fa4b753450de80d556b74dff387e567a19e1a320ddad0e65a903f028aa6e6daa45021dfba48468711ab10bd492

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2836	WinNuke.98.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
33	raw.githubusercontent.com
45	raw.githubusercontent.com

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1002246581-1510179080-2205450789-1000\{BAC25383-8E01-4511-A247-9B79E7D372C9}	msedge.exe

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 360613.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 451097.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 581014.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Walker.com:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3688	WINWORD.EXE
3688	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4324	msedge.exe
4324	msedge.exe
3124	msedge.exe
3124	msedge.exe
3040	msedge.exe
3040	msedge.exe
2208	identity_helper.exe
2208	identity_helper.exe
4504	msedge.exe
4504	msedge.exe
572	msedge.exe
572	msedge.exe
2684	msedge.exe
2684	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe
1404	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe
4956	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3688	WINWORD.EXE
3688	WINWORD.EXE
3688	WINWORD.EXE
3688	WINWORD.EXE
3688	WINWORD.EXE
3688	WINWORD.EXE
3688	WINWORD.EXE
4956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 3380	4956	msedge.exe	87
PID 4956 wrote to memory of 3380	4956	msedge.exe	87
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 2772	4956	msedge.exe	88
PID 4956 wrote to memory of 4324	4956	msedge.exe	89
PID 4956 wrote to memory of 4324	4956	msedge.exe	89
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90
PID 4956 wrote to memory of 1144	4956	msedge.exe	90

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\M1.rtf" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3688

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc1dab3cb8,0x7ffc1dab3cc8,0x7ffc1dab3cd8
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:572
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7060 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1744,16908850588196267607,9617559650866167141,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
90bbaa873cb1024ace83f887dfde38ae

SHA1
922416490e14f9098df969a56b75e7523f108e53

SHA256
2ff8abbbdad2acf5f04a3b47624055a0f2c36a09b0db3945b494f7eb92ae87bc

SHA512
60587031845ee5ae354c760bd2714a47ff561d3bd6e8aab7b2073d1b9c6b544c7eca94078d9cdefcd87b44adce4e814852c1e8f6af8ca3bdd5b0ddd0312e57b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\853aea4d-ff11-4736-915f-ea2d15e06f5b.tmp

Filesize
867B

MD5
f3e5899ade22148f3cbccb390ba18b0d

SHA1
1d800b6d258dc5bf90ff5d7a9b7160490eeafba4

SHA256
d8d3ba25aff4664cef7b0cc70d5d198978ca3955c40a2e378da934e4572dff45

SHA512
29dc68fecb5b132ba1188fcc9291b228b279ff94a9ed18751ede9d2e417846450b85fe8f1c96260b39384f4c0e5c73be97ab1952f00ac28d4c7c69e11c34ced1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fcc418aab4c7a2edc8144de9dd9e044b

SHA1
b81af18bd633d9ffb2e07af890c8f9c8105cd29e

SHA256
67fdde34db7acd171d14cf35f08a71a6c964b56875e0ef0a2d7be47b5f10b068

SHA512
aca74aeafdb6026ede316103e9ceb49126dab7ce81a7f300806eb8c6dacc5de0e2a4dd6d3acf5151989b8d4492cd054446521cdb9cdd6b1174cf719ac042b711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1959df78398f5d987ac3b86c898ed38b

SHA1
826c8a24dceda09b2ff1d14b92c933616ed6559e

SHA256
8a56deb1438854b13f4f0c0d3b7386720ad1ad058c7a651c4cfc3cf877b81c21

SHA512
230b4b1c9b3b5b12e84d847502d40bfb40e6f85204986a438fec389c4d7ba221f4db5d128753d8978558a2978f8f96719e48feecba76211c87ca40bb76bbc385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cf30bfd10b60f11a612e92ff4de16654

SHA1
0ff8ab23aabc61ef1a5eaa42d0fb2d1a4c0ccd8c

SHA256
b6585a6bb3c38f34e0c737875188b37b0e1ce198636e2d2bf00dc58e9d531aa5

SHA512
911b9d8c694f0dcceff857757b1a37c751713f8e63c12574ee49a8b227ab0eecdb1d5a6d75f569e030d372167b334220003e230204281d59627abc69fe093cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
65ef05e98109e5aba8ced0a30938d429

SHA1
31e385eee5e9b5a33de5bc90eba6502ca03e2abf

SHA256
a8e576f7d2cf23413db521c9a74a66808f8070cc16e098ceeec61e57fbb085a6

SHA512
c1fb47f6c5ca4dec2bc20d3b7847779f3f1e99f44049a18929a09853ac8526e388ecac975915766d783f37d809218a5a103176c38dc653528537330f5998bcb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01866c75807b820385f18c0239f5d59f

SHA1
b23a01348c8ffc08c3dd41f1d179508dfd1011c9

SHA256
b2fac23bf5dff0766ab6603f3c51c39ba6133612715b143f0e52091ce5322984

SHA512
8fc1bbe79658b879ab93feec588c910240c63e19219ca30efa83be1067af62e2924dac94615911a0bd2e8f5f2d67c19e9cb5bc10730f0363ee59371fd347c7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
87acde6c34eb0c00ca5e07afffc4771e

SHA1
37341cd5633bcb07f1083434bff3a27d85d0690b

SHA256
a2f17019949473b62f2a155f94fe1bdb6d6eddce11cb4b247e23e533291583ea

SHA512
4397eb44958825ea41aba9d0962734bc1d0e7c9afbfdbe0f10d59aaaed8ba43ef7595ce5e88f16ca495808e2afda55aea580f10d61ce57857e2714c026d5e86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad9a18d121a15c42ca7a394e99ad8a5f

SHA1
e387916b7dac7254eeea8f347d7e84da2dee3fde

SHA256
65f06c2d5145b77ac4a439853778defd16444e49f67970864a22a4142747f0cb

SHA512
08c4b1eac3ca2ee5d3a3dc969149f07b0e95ef0f934d947d18bf22c85ec1fc7decd516c28546d1daa727713c5dd0a4c0e970b5bace302b1dcc3953a98e48f57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a480c1e7c89554b7098090150241841c

SHA1
66a8701f5bc375dd1e64b8c42b44731ca872c6a1

SHA256
d73e94123b47ff1f080f643e8f0bd6bd87db6b481e1f24b74ab05ee1bc92c596

SHA512
cbf64a0b33b3e84b3fa133e2bb2387d19cab6ca81214df5746b19ad9bed6ce8a761cb5d9e9227e72634726e43703efa257475197ff1bc06f227050a78a0e34c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
38e0f825a71c236dde48aa2f551fc800

SHA1
1aff06111b765ed4e382b9216101e1f54a09d73e

SHA256
8018002d860e6370cd760a83b61d41f77cfb9473aeafbf630b27e4b4a7c100bf

SHA512
28fc9207402287a3742a8b409aa0db3d570cbd8e456c4ece1ced7b34b6d22f8fd0a2f699142090a9fe54062b35082560012ae80aa9785ce2b21da0aa9bd40399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
77e258194cdd8a9c8aa28c231736b249

SHA1
17c054741895ca8e272dd46eeb5ce2d1dbf1f5e7

SHA256
726b21248184ff475b84117de8eb5710a3f67267c901861ec0ed169d238f55a9

SHA512
b432c1f215f9e1ba006dcc29de7b2d584c479dbe9cf91dfdcfd120de6802ea30f076391abb3cf23e873410c22cf7be59ece3d5083a1990d9066fab400044fa53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0f7933c22432504e5f49a0500c6fdc96

SHA1
feafbbb82a009e01ecbfbc45982f5b097edee20b

SHA256
56c296ffd6ec482498262534951ac29dd5af8c26723f32194ecb6d7792d7529d

SHA512
7ed8a316d0058039c32d8da3e1e228f8bab667f272a178c350e647018a16457f784e491682ed55ca3267a284ee69db40d6c28fd4bde455fb8427e6d8695c2538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
febffe120080513ee90d3469101f2b45

SHA1
f477d8b26c22ac192c3f54031f273aa16c2987a0

SHA256
f88dff56db9bee5f1af778356cfd35e3e89ec6c9a6476e972e1d252072910049

SHA512
9c43e33cdf8b529d801ac483d447373acf93eb9df82fdcddce5bd35f15e61813179b5469a0410c40972817104dbbae1a0a94e2486a730f59ad7814126160a16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
69acb9db6c361a3038afb9fe99dceb71

SHA1
7c54d4a53bc61b82e1b9f9c2bf2b82b28d4f24e3

SHA256
90c6d9b73b5c6080dd0e604cd9fee847576b9db66009c566d9e43c31418e9324

SHA512
82b5f24ac8534cbf17ca8a6c89e4406c345c918549dc86c1896a02bc0e777a52cde7d82e9cb9966e8fef6a04f727ae1efc7ce372898983794598bd24a25c59a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5833fc.TMP

Filesize
1KB

MD5
fcaef614a77c20ba4fb24d53e750351a

SHA1
d32d153278605fd4ba0cc01f05f6953d399ae5c5

SHA256
901a03d6afe449d7d21f9583ad4d2608ac81e6486420473ed1e5a05d689234c7

SHA512
80d775f17789030f5d083510db66f485650ffd481bf702e573949f1865c66b1cfa1950848570054dc817dbc4f3cdf84259c6dd430037e890301ef23a13316cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d521dd5992070398e0ac58d0b4e37150

SHA1
735b74e600a470cd7121a1521ef2d327c61422ac

SHA256
2f54e1d818814acf08958945c59c73c9bc3054820f4e2afd959b1bda2287c8a3

SHA512
b5d5a1234d7d3b2ce3d44082ab0bf0bc9c3d375c5175f4f55756ee72bbcb48ef767e59c9f5f6188201bf2f0c36872300ce9c85a649db38193d9323dc30348479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d8820c4b6cb5d24865d64357ad9754c1

SHA1
6df58313737e8f0a3375f3ada8a60d216b1e0f15

SHA256
15ec9c402561205f6f84ca2121f490a281215b690ffebaebf9febfcf9b2a247e

SHA512
a898cf48789644d1811362642a8faf30e8464627e213fa83fadd533a273e150cdeb7a34ab13635b01dc2ba75b6a2accf3e9587afc492c3f4852334a1a7fb7228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a8f8a615e2fcbef93c2e6fcc515eb0cf

SHA1
20f4784959dde07ba556b3c2c8d6a13dd78cbd53

SHA256
d0a92deb86985286c1d4db634499e835ea0277e05a78939d8965e60b62d14801

SHA512
f3052bc399c2ad2b7cc2b15406943a65796d7c47eeaa099e71b0feb5ff34f5d02045dc07353e9f2900fe63cfa0f33b771d58aed44330dfa0fe7046bb97bbface

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
307524bf1ad8aa481a9eb8a8e9f4f011

SHA1
07e048f3beb345ff1d8d2189ccba2b0c72f36f52

SHA256
751800e42988ecdb2ccb891beb9ae44aff66561189428bc0c57c0a5cc26a4b8d

SHA512
5a9c7a9cc7613ad56152e338725f53d8ce221afba0b8a25ecf8eacca056f7a5f07091dc669b027bdc7aff0481410338994c538cfebef0bd90869211c306d625d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
158641b4ff952e9b3f11cc320fd2ac36

SHA1
2e48edb5bf669d8ac0daaf29b7857a1ade1ce620

SHA256
510f779cc3d456ae745c038e30af31d414c3678ead9ddf6135acf1e94784b4d3

SHA512
39a84e8e27bcd78845a7687e43132142406467467ffc9cd297c6f7a1d1562d82a413f6f5765bfd83a464cc5f671c8fe3469f4aeb160989cf59d9adfc907b8ed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
796667ab95174d6ba689cb9237e2ad56

SHA1
6afeb82f5cc2a437ef8db22a0090901e8eb0814a

SHA256
92103b3f85537bbdd64561e333ba2085412bdc1bcdc75e34979faf7d39573afe

SHA512
85e37a34a5309ee8b483edc7af9c26e7a38fd837f70d78c84b327a7f30faeff668ef562bdf263629fdaf252572314998361f2d089faffdbec30712913686818f

Download Submit
C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 360613.crdownload

Filesize
2KB

MD5
a56d479405b23976f162f3a4a74e48aa

SHA1
f4f433b3f56315e1d469148bdfd835469526262f

SHA256
17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

SHA512
f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 451097.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 581014.crdownload

Filesize
4KB

MD5
93ceffafe7bb69ec3f9b4a90908ece46

SHA1
14c85fa8930f8bfbe1f9102a10f4b03d24a16d02

SHA256
b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07

SHA512
c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144

Download Submit
C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
memory/3688-13-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-10-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-19-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-18-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-17-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-14-0x00007FFC07460000-0x00007FFC07470000-memory.dmp

Filesize
64KB

Download
memory/3688-15-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-16-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-12-0x00007FFC07460000-0x00007FFC07470000-memory.dmp

Filesize
64KB

Download
memory/3688-26-0x00007FFC48BD0000-0x00007FFC48C8D000-memory.dmp

Filesize
756KB

Download
memory/3688-11-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-21-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-0-0x00007FFC097F0000-0x00007FFC09800000-memory.dmp

Filesize
64KB

Download
memory/3688-20-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-9-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-8-0x00007FFC097F0000-0x00007FFC09800000-memory.dmp

Filesize
64KB

Download
memory/3688-7-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-6-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-23-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-61-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-4-0x00007FFC097F0000-0x00007FFC09800000-memory.dmp

Filesize
64KB

Download
memory/3688-5-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-2-0x00007FFC097F0000-0x00007FFC09800000-memory.dmp

Filesize
64KB

Download
memory/3688-25-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-3-0x00007FFC49760000-0x00007FFC49969000-memory.dmp

Filesize
2.0MB

Download
memory/3688-1-0x00007FFC097F0000-0x00007FFC09800000-memory.dmp

Filesize
64KB

Download