hxxps://deluxe-roleplay9[.]webnode[.]be

Resubmissions

21/02/2024, 20:32

240221-zbec3aeh9z 1

21/02/2024, 20:31

240221-zar8jaeh81 1

21/02/2024, 20:28

240221-y82zyseh5w 5

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://deluxe-roleplay9.webnode.be

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1790404759-2178872477-2616469472-1000\{7B4D16B6-A65F-4F9C-AE87-BA6DA5958FE6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4036	mspaint.exe
4036	mspaint.exe
4812	msedge.exe
4812	msedge.exe
2072	msedge.exe
2072	msedge.exe
400	msedge.exe
400	msedge.exe
5640	msedge.exe
5640	msedge.exe
5472	identity_helper.exe
5472	identity_helper.exe
3068	msedge.exe
3068	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4700	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4008	firefox.exe
Token: SeDebugPrivilege	4008	firefox.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
4008	firefox.exe
4008	firefox.exe
4008	firefox.exe
4008	firefox.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
4008	firefox.exe
4008	firefox.exe
4008	firefox.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe
5640	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4036	mspaint.exe
4700	OpenWith.exe
4008	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2200	2072	msedge.exe	40
PID 2072 wrote to memory of 2200	2072	msedge.exe	40
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 2140	2072	msedge.exe	86
PID 2072 wrote to memory of 4812	2072	msedge.exe	88
PID 2072 wrote to memory of 4812	2072	msedge.exe	88
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87
PID 2072 wrote to memory of 768	2072	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://deluxe-roleplay9.webnode.be
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbffff46f8,0x7ffbffff4708,0x7ffbffff4718
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13188226481029646850,4743911011649190493,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13188226481029646850,4743911011649190493,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13188226481029646850,4743911011649190493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13188226481029646850,4743911011649190493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13188226481029646850,4743911011649190493,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,13188226481029646850,4743911011649190493,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:4220

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\CopyCompress.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4644

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:1980

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4352
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.0.1023893536\1551622507" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dba8bba4-eb4f-4c65-a0e3-e28d360c2236} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 1980 1e0d11f9558 gpu
    3⤵
    PID:4292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.1.1392691524\714668546" -parentBuildID 20221007134813 -prefsHandle 2192 -prefMapHandle 2188 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e895dd14-6703-4e45-9596-2db569bdad70} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 2380 1e0d0d32558 socket
    3⤵
    PID:2456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.2.1579876754\1931774383" -childID 1 -isForBrowser -prefsHandle 3296 -prefMapHandle 3208 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6f2bc38-dc06-41f8-aac1-da8f23ccdb60} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 2912 1e0d529fa58 tab
    3⤵
    PID:1816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.3.426235380\858196095" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8b97457-8dbf-4731-80db-17d8795c0750} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 3580 1e0d39f9558 tab
    3⤵
    PID:1136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.4.597674764\80670342" -childID 3 -isForBrowser -prefsHandle 4536 -prefMapHandle 4532 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc835af2-6c0a-416b-86ad-dfdac4b9bcc3} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 4548 1e0d6efe558 tab
    3⤵
    PID:1468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.7.43970121\1775651580" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa53b5d7-0823-4358-9e9c-e25ffdc75efa} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 5360 1e0d758c958 tab
    3⤵
    PID:3596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.6.99830154\102878739" -childID 5 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7ea9346-4206-4917-b0fb-229312487593} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 5168 1e0d758d558 tab
    3⤵
    PID:4544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.5.549062727\900493804" -childID 4 -isForBrowser -prefsHandle 5020 -prefMapHandle 5016 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55a124c2-4747-417f-84e2-aad0c146afed} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 5032 1e0d72cda58 tab
    3⤵
    PID:1032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4008.8.521767127\777620828" -childID 7 -isForBrowser -prefsHandle 5916 -prefMapHandle 5872 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14105aaa-5c3b-4c43-8e41-c0cc8d9c41f5} 4008 "\\.\pipe\gecko-crash-server-pipe.4008" 5928 1e0d952c858 tab
    3⤵
    PID:5544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbffff46f8,0x7ffbffff4708,0x7ffbffff4718
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,2337215789134036705,9039830602728488569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3bde7b7b0c0c9c66bdd8e3f712bd71eb

SHA1
266bd462e249f029df05311255a15c8f42719acc

SHA256
2ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a

SHA512
5fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9cafa4c8eee7ab605ab279aafd19cc14

SHA1
e362e5d37d1a79e7b4a8642b068934e4571a55f1

SHA256
d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166

SHA512
eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3624cfcb355c6c7888cfb022b59a03b3

SHA1
8269bb7265487ced0f15c3705188714640d1df3f

SHA256
28abe3d6f18ebac6166dc8dc601f6672a609bbf3d857d4fb1d9e8f6564ae172d

SHA512
70b3510103bbd50779bb464806d7e15e5d3044269edaa863313fa5ea5cc9dd5fcc3d3e000a4b5f2c4b3fde604c84a89b85a1a12ae17797ce3ab80a23f61fe802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\15932f89-434a-4649-adaa-188e463942db.tmp

Filesize
633B

MD5
494a24ab4f7c76c9e3d1e52620454593

SHA1
23ecb7301ac64d5f4a0fd1f0ad09baee30de30d8

SHA256
e8c0d031ad7b59b57807d0adc5eb7f554ef4c943990e7f39c55da5b23a9e6bd7

SHA512
897f13a914d2d09f339a963c20fab4bba4edb02dd81f32838b3249d121e8bd100e331ea6aeeedeccb9dd4c7d278580366071fed4b960e6ad28e79caffc35e2ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
61612a61aea1d3a4ba918687dad9e25a

SHA1
a21108bad99fb1ae7896679876b737bd288c1d59

SHA256
467ed007704a2f6dff51cf81e10274e8e6df289aca433547b718b96039e2602e

SHA512
9d1e3567fc9dc6a627acce012afee630537542d6536f993d21a5fa16733194fc16ef0b5fe94db976e23fea664b0dff56f6bc43702dc531049ebd0b5bdc385841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
c7df644565e9cd3e2fe7bd70aaccfe21

SHA1
3c2cae21a932ee0c5c49332b642e54a506d4bde7

SHA256
fb8040cc166bae8e694e37a3ad20dc17cfba10d9d0c483eb2af8c2f319991d38

SHA512
9487ddedae6aa1fc7fd6d947099dbb7ba5e8891c0cae1b165342686ba41be4c906517b8965cdd2b487a3b37ee7fc3d95ddd68f4533a935fd06782cf11f240574

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
c5c1855ffc56b1f2b39136c5205546d4

SHA1
940512ec239873ad964573fad5834f8d96bea309

SHA256
4b731e673e2ac544774254d847663bd6767edc77ef127481eb14135d0727912a

SHA512
4f74dd884e94fc153a200a3475f6141590156a83c09b2c009169e8b22601023b4b4fb195acdd92c3b00ab2cacaa3911cddc3d7dc8d511b0ea5e5fdd366d0e86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
1d97608f459294c634b0251392669a1a

SHA1
b3ae5e6f279ce1a9522589806f0e993057793833

SHA256
7b58e8c2c7e0ddbbf3ba45a35239431e190a639ad0e7f02201cd95e0df5c8743

SHA512
8033792febd4ca6a9cc3f458e982f8607336e331d92e74de54941139c6a5f08392bedf1b2769480045743a8d5d7f3b07507406329adb5edeb748109aa11049cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
b8b952eadb8c48802a68d2132fefc83b

SHA1
6f7c508328714dd8ed88022b1e8cc2ae4aa63839

SHA256
43c6d62486a8a0d9b012110a043fc63552a13ecddc36b1a9b39368d2e267d744

SHA512
2a778320d7ad4287337ad6bf76533aca0757c5c36cf15a9b62afcce2b3b83a01369f7bb19597f236b1c8aac68161e276d3da9ea5557ab3937a4556b97e90604b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
628bdfd6b6552e45312ebea9915879f4

SHA1
1aee0c55682ec26c141590b042a6a6bef7e09e6c

SHA256
3c79f1e3840d095c87d5323eab5b15b46b7d083fb81d9091e71c191081598544

SHA512
6867534810e399702f821fc3a6a81370b305bf5d1bf920e801855a6be4867685abc9e0cec1bfaf2ab4a657c3133f4123a6fc018c3f092bfce8ec7c9e57a8f50e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
da38c2f8790139501a3ae3cdf148e8b1

SHA1
53525e515fb72b978c56e4a4d29bdb51785300eb

SHA256
8e20e10137ea090d8043fc1effdf3ffa4accd3488cd7aeef0ed0ba0d9c59e7bb

SHA512
967bafe4ad3f77fe337d1c0239dddbc5f9d8e641f403bfccd9034e7931da0ecbce75b8aa5bbd0cbdf59ff308de9806d194e49ef6cfa882fc01b42c4d883b6958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
479B

MD5
e60fbe188acb93879afb0161bcabbb73

SHA1
3457d27c35ce1346ae9d87619777c3cf3f19013c

SHA256
db8431013e30352cc50ec81c3e7b1ad4a8905141caedf56724e7456674852423

SHA512
3da2e3891fdf031398078bdc0fff7ed9f4aa86315a883cb45f6169475ed37ac4d49b6884753f8ebf7bd86b26ca669caffbb7add53ec21d667fe5aaa8106a7f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
44KB

MD5
7bc54d475b8eec18d82d0fbf2327445b

SHA1
c98a9db3c3f5af8c30c54bb631e8d9711859a694

SHA256
f01a3a98e92f8f9e0c4cd165ca44db59f43fea5bee02179e1cac9956801438c9

SHA512
7373c1e6bdaa3062595dbc32d26ab434613f75d528c0bdb04c9648043453f4e85ebe792fc76e9387bbdde7fcb8ecfd7c469af910839ea613df6184fde6b6e6cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
cfa6ca84f0dbed82e55c20cb4e206074

SHA1
5ac9752bc7b274fb21afb545527fd8bff9d5eb3d

SHA256
744b861f5d2c9b0e7672ca04c684c4ee367098df0b6977e7eb1dd26cb75e1adf

SHA512
5ca10978cdda3901080fd74adc07ebc0689994ca039426bc36fdbd3171a0e6f730d2a37cf257aaff9a13fa929d2df85a0afd60da49f8fe45b0da4b034f449115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1a68fa2fa8cfdaf878dfd48ca08ab25f

SHA1
95348320eaa0a1e3273da66d6c8ddcd122b57e89

SHA256
0d9cd5417f3909a6bf641856a4bd016b53ce867b74f6f6e39bd49bbab34268f3

SHA512
cb6f8413ae9e18f4cf65ffafaf1c58b157df8ba8187dc78d956e5f3920c65e21739cecd1a3f6bbdc607fa05ed8f2f3f8bbce32d758ea2267a72fb6c2e86cfc3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee0b48e58600c3c023c89c11d6f8a474

SHA1
edc1509576bb84d66fa7722c3ee2e87526705245

SHA256
a217882023bb6e3c705ffc60847c0037c6445279f5fb14bce1b3557a4aea5a8f

SHA512
75ebb2ade061dc425f1be73471baba41f6a91e399e4dead0f24727742d7e8f672e50b6aceeac0e50b3d89f45a0119938689c4162057ff11859013ff434589041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55070426d339ab8615543b16e7948c1a

SHA1
55365c9e3fe116d1c7177f88c8b2d2739e5c9f84

SHA256
7411cc620ac2f2638379960688afac287715ade3cbf459be1741c431d1e566b6

SHA512
a94c6c2e51e31644a75501c1db98f209212325a96eb932fb586ea535315e79ab8febc56a1cc5bb5c64006478ff703459a676bf6e4bcb4918c50f7a6b8de64bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5e6b96922807be41288f4eea617c3249

SHA1
f649d109c537a6f2a9bc74bafa5509ab5339bd6d

SHA256
25763757d84a3f827a2932720e8c1ba12bbf08b9ed81b5253f07da7b95fb9c7f

SHA512
c0f10516d3d3f431abbd299bd1c2a33d10d94c6e40576a63f6ec20f62c62ed55a9a0fcb973347c274dea6ff3cb618a037a8d2ee4d2515fa1204689bdc089959f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f23f14d8a540b59480d2d6218584e5da

SHA1
01b776908e5a08eaff9988ec2be614f2bc6c80d7

SHA256
2c2cebf6b7b43dec6fbea7028ce8c61a63c859fbf148d2a9ebdf9e8e1ba4514b

SHA512
e6a84dd473138653b0f05e29f1253ed5cc1325d3862d13c90c5ab587c1c679ad02b33ece13e760ee263ddd13dfe9f380c21dc0ab37e37231a6ca67703af5f2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f34aae1e674fb866b6258dc193e54ad

SHA1
8441483e88161389d3088ee6d9d5da97b9c705e9

SHA256
f9dcbb88031d92e036c757aa3e37dbd4b86f5156c0b90bb0c64b42c5863084f4

SHA512
2bf87738564a9ef7ff03bd2fba16ef277e47dba3ccd5c4c938a4989559b0e0886222093da7dbe99e91d634fcdda1009c2669a785cefb313aee2cddb57dc3146c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
c45b2e558ff19e52d985712abc44a79e

SHA1
d10617cebe9d7128e637def0d45ab123ec1a46ed

SHA256
dfe719749246513a42cdbf1d9dd441c2067323b9052fa7cb2d2096094b0b38bd

SHA512
4fbbe8281d5b39b1fb6dd84dec403659f2c4ee80d6144808ccc6f05c3f2b335b1449e13a76d29ade335d8794c2da2a3a3a522915869331f52b3170bb89885ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal

Filesize
28KB

MD5
f5c7bcc9d4fd6f56f9294aeb51576e57

SHA1
88a0661162c4a8f8001e0d6b51f76fd205137415

SHA256
bced151415ec69556a34340985e64d57b1ca1a5d333bcd02cc0d5eac2c023a7a

SHA512
970f23bf7fa91b42a5448bc7cab210accead7c0840757d4b13d42f05afdfb6509a9d264e7c82eb69962998d0b2c6f9a720753d7c2eba826952060824c1b72d1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
921a1ce0b53cc2c8ad6c3626f7fb3313

SHA1
2db4b57a865d02fe5bb98cf9e5cb0ffbf9cbf88b

SHA256
ee95cd127bfc330261d9c0b2fc57a19e452ba21892dc15b108bcdd190d4ac9a3

SHA512
faffd6c61161dfe6a937ac28e66695509e8f3e85a74c627e2969291a2581770ec7454da31b512f6aa13d3e3cfadf91b2e2d46ea8f32dc6343481b45f3a9f4e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13353020913982222

Filesize
1KB

MD5
e6fc5bf147881c6e55970e8d8d5e5254

SHA1
b7ec740ca812e6d99bcc2439d18d9a86c339fd2b

SHA256
a6eee5cc87b5fef9637b0d4745c97748d7f0a13ee3b56cfccee2dae614ad1e86

SHA512
71a2ca028a7cae57d77691b85ecc0126ce7421da5f81b55d0d40adb32494286690c2b84beba7b5feab9fe1505df2c2e6a606cd2eeac8b131e827ae93f56ed137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353020914314222

Filesize
1KB

MD5
870f4298b3364be541bd66a5d8899f82

SHA1
992f1d15d0dfcbc87b1df326590c55f0d45f07e9

SHA256
140d23facdb4dbd3b32601ac2c1161c5de9f2cf26dba9816c7a63577003191c8

SHA512
15c3568f14b11864292825da6773a520b6316344a81bb52eb8eab0bb1ffb0cdea3a9505c5041a9134d5496a57badc11eea7ca981f6ee116a28976628df178fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
5479d68baf0396daaeeaf7e5b0115b2b

SHA1
5a091c341627dfd191b1088ed1c7b4808b28b339

SHA256
020cb505962c2dbda42bb6d7c1b9713234902115de5fe2fbfd9624fe20f5af77

SHA512
e33aed271a2266debf7f0fb84e82489534be070e22bb7591ce25f96fc60c6e6e1f5ec9c349f21e4b48bbf3125bd0cbbf709da48bb97aac7059bb27e3d93b03a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
d578afd6cbb9a348647ec65cd1c2ac3d

SHA1
dcc86dc1e8d19a64f0092e8e22fb2e53af3380d0

SHA256
226b94fd753eb645de573a6faaf8caf442cb104bf0b778eb13fce5e55b43e38c

SHA512
d1743c78cb84658dee5998f5afbfd3d9dee80a24f0fb23de986b8315b2d0e819e69bab737456b3cd30f3866bb942c34ed11203317451ffc7f3bf7ad49e6515ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
5ccb61f34e510c92ff5c06d29b581796

SHA1
1b14a1d6e3396eb3d10cd87e25d4823f1bc81632

SHA256
49cf6087b157974ef135cec17a13409dfff10e0f1595955669a62211ee8baf66

SHA512
d29c8a9124dbfe7b0ba311c154340bceba3a6dd6873e89209afe46172cfc6b187cab49f27a8f5420cc94003983717a76984bc92e964a90e7c01946119f0ff054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
d87001fb42aa013b3e291c4d5d55f177

SHA1
a0905e2d97474b96f5ff6ca77a91f9f22166ec13

SHA256
494a5c159f093b7448a4b4cbf3f67778638fca3ccded54bf8555234eecc7af5f

SHA512
bc2fc9226d45e6acbb0920061643ffb041375b0775afde899b2f8de32c87fc49126bb70dd37b75967c07a4b1c94694cf7a94aa0c0b7ca1cdff1c07e76b08cf4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
54653421e1b2f7e734b7588bdeba1265

SHA1
036d5a95c78194e7cccfda397165ef8fae8c5e8a

SHA256
42c3d33959f84a9c383bc5437018c6683bcb5370d18ee3b7e89cbf8c931426e0

SHA512
a3fb9aad830fd0147941279e2f411e905dd6e8fcfddf0a54b2590b55c59030adf4ce8b7fe8044f5b37c49547ff3bc413a3237d8f37ee1687e427397bea2a05e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
ca99719d5abf677bf295c1183327e9cb

SHA1
3ec5da1ea2d1881f363b6ac6714ccd414efa9be5

SHA256
8fe5796ee91e0104196d191dd8a5c44b6ba4a319668a132efdb4da5c1b91a6d3

SHA512
ab4dc42692f87851e0e68c628e6a7f83fdd778c3decdbb3840e5e70bafeea540f579357460fb072accc203a890e294b994857c6e18a9e45104a5c6c282c2da6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
430cd34718cab3c3cb75f2052fb9966b

SHA1
41b8c4ff60c0608dc2bac22788e148666b260330

SHA256
5f2bb84822ed00c6443b532583450243452c443dd3b1d314df1a26f3f7e93c2e

SHA512
229eac38e3b9fc2a06103137877b0303e69164f7e301822d94f719f1b6b255ba419ce50ca9a97ab7f35f459fa23bb259479705f2a4d1b45b437056261f50d1fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
3844ec8598e9b48c745296ccbb335c6c

SHA1
d6a0410cd765be727224a8c07539e8984f911643

SHA256
179ec101aff740c7183352fec11dc1254c05afdb40af6aec9bf1f20187682d6a

SHA512
1d798fe2dd438a578fa41f2a6b3312229a7ea5a7cd6ab8660ccd933c01e112158869e87bb3e421b5f7d50f36cd4b554fcec8217a307cb6f6d29b3fa2201a1394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
206a909994af3381f779a0c27df9d80c

SHA1
633bbf3cf32f792c134cb58af86efe475b536720

SHA256
fb2d2e49890159ad3f493fe4be0c13f6871aa60ebff0283846d12ec6522e4748

SHA512
aea914b59c6c47a77de7bfba33ce78b5530debb2dc94c0e279618a9e552a1fc2ca68252432bbca67acb05b03fa647be7111c93cba5b1b4fae779132db1cc2d69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
bc76569afbd935f34a75f00b89b65077

SHA1
0170280998d24eaaecfe6d127536fb689f8d17c9

SHA256
465c02f22a705e874bb26694ae837742c31aad44508c6867ec38c47f2be35c34

SHA512
2b93ebf4b59f720cd3136be8226fd66813999441ef240a6199944653141f4a29a9ba25bea23b92a762ec1dbb58504d1662b1375648e6bda45e51ab3288d71c4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
76a412e9972456bba72a677b47ee6b2d

SHA1
2f4fed47bbf4bb3fb0be6d05f92785ccff6f095f

SHA256
7b5077fb1858becb5a91aee50881855044255f881a1202b01cc25123c036fcce

SHA512
24ff0675eafa46e9d8425cda762cad533a7d3fc1e984177ddbb8a7d0a17886078fa7a81abd51e4c4481b80a9e9189156bf2255c99b1ec53e7e0fe86b31eb2960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b5cf92a9c5de8ef9119a109a0f3fcac6

SHA1
3b3f6a4c5d47e67924023e51d5e8de79eb0f98e4

SHA256
bc688814558f15ef0502e32c412e68605a61cfdf870d5c52b050b3ad5feb7e33

SHA512
ab43f8abacc809e33efdad2d76d44e9ad9dcd7803a8ae6e611fcd3e71955f3b8d6fdebcab9e131f2db0dbfa8d1e1f0a1e702ab0ab9c29cc9c83a36d575ff1dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
6093692c7e05e86d7457995eb98f1c91

SHA1
1a5f8325ec03a82facbfd9fc154d194d34bb880d

SHA256
22217f34b5f1e704d2c80e365ad9e8689969a3961797956c2b4e0628a877a08f

SHA512
244f1e10a7accad2b24464a05b56f6ebaaa5b9f4233a3497ea3f290ea741cd258aef97024beaa78d86ed089c0eec1c9681ef43f485072eb4c09a3c137bec943d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
8160a83562463075b0553d6a69bf33a6

SHA1
6af461008e27d0c19743a62900d6fedaabf146e3

SHA256
f43b9ea4c79c7655c7fe11811bdbf4b70b536c5f716f34f954b2afa9a21cd853

SHA512
97628cabf0018f189051b5805871334bae55563578620d73181ee2a83e313daf713c67238715cece8f0887c612eb0c3d33b638d7ef8e52ef121c13615015002e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
6159d103c5f501dcd8b4b1f42691aaf5

SHA1
80e34f9a55758875ae16efb61b2066955939bacb

SHA256
cf22bd9584e982636ce28d600f713dbc5fbc93340c6862df9354af8117cf1f12

SHA512
573416cbd4778213ef14630f7cdd49cdd76c3c6bc52cab0670fef0f68bf602f828c4ad3fc1d2301c4ca83d9b9aaba733d3aac52a886abf23d4a1e80b8eabd123

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\datareporting\glean\pending_pings\a2e67a13-f754-4c86-a0cd-4cb11967cc9c

Filesize
734B

MD5
ca98647b7c04e891ee6e17bac0d1b503

SHA1
6d3b1d55e246917013c22de4549fdc2613bee764

SHA256
6eb34a9d59517cee174832750d45f5ef0a72f78f6accf41739eb92401de47ae6

SHA512
05030f1b260c82b2d7cc794daec0bd23ba0eb63dbfeabaaff497ec70c05a133e29c6c25867b5ec2cd5edb1f5549e2606a282975caed9122586a431df15f35d64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\prefs-1.js

Filesize
6KB

MD5
645e562e62be9a802e3e7a812ddd4dcc

SHA1
8599ca4da79c10dacbf10b2e09ff0f5faba9c8d5

SHA256
ae0e9f9b08a891d737a64a7342af99c2afe3721b5d5e6d5d0502249d1cbcfbdb

SHA512
6fc24451e456d238a4e11f3bc6462974876f1502f094fc5282c64b1eb225f4954d6a305ea54fe0a19755bed79e5f868a686d1d9bd6c18fa68e8893bac7b629e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\prefs-1.js

Filesize
7KB

MD5
afdeba68ab5bbe868b4400ac5cf5840c

SHA1
da46b454e3af3e578309c3f8814026fd36ac287d

SHA256
2e0c22b57d97bf0ac143a100f56aff433e747ac3b121e13183fbe63f53cc2ef0

SHA512
52eab4af65870ed4b08e85a52063374becf08bb6d6f7b776a5b65c94fb816aae1ac979d8c0aacabc278015500a273927ac124f1fffab7293c99a59a5a04e3d08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1bbb1a2087dd9a49c91ae70257570770

SHA1
8d642c2c9d95d1f940b001a2940196e51290cf8b

SHA256
6d788e84ecc77671eb9626d6b3db0ca417fcea27b2c25b0288912195c04b1133

SHA512
9d6d2f411f10229445dc464a6bacf26e8cdaa7f3f324bc8fb6ca0705e98b2fb466576ecef5fd9fcfae34b0d297bd840a8119b046b33b4a17681e9bca4c26cdad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zlzu656s.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
ac29843ebad3d5ee97f023c6566eaa07

SHA1
fee4719283ec95a1b97c2f45d144a94fbab78b28

SHA256
9f4b39c832cde615b5c0257f6ba4d25f290e6d44f7ed034a3f021a9e171e9161

SHA512
6dd156b042427e15d6db5b4d1ac5733f255835a0816f25a32f9e8d97f2426e9ce7f815eedccf7fcda3f99b342c7367bf177abcc1534e327b7defc21805d88876

Download Submit
memory/1980-45-0x00000224FE820000-0x00000224FE821000-memory.dmp

Filesize
4KB

Download
memory/1980-33-0x00000224FE700000-0x00000224FE701000-memory.dmp

Filesize
4KB

Download
memory/1980-26-0x00000224F5BB0000-0x00000224F5BC0000-memory.dmp

Filesize
64KB

Download
memory/1980-43-0x00000224FE820000-0x00000224FE821000-memory.dmp

Filesize
4KB

Download
memory/1980-41-0x00000224FE810000-0x00000224FE811000-memory.dmp

Filesize
4KB

Download
memory/1980-39-0x00000224FE780000-0x00000224FE781000-memory.dmp

Filesize
4KB

Download
memory/1980-40-0x00000224FE810000-0x00000224FE811000-memory.dmp

Filesize
4KB

Download
memory/1980-22-0x00000224F5B70000-0x00000224F5B80000-memory.dmp

Filesize
64KB

Download
memory/1980-37-0x00000224FE780000-0x00000224FE781000-memory.dmp

Filesize
4KB

Download