hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Resubmissions

07/03/2024, 17:12

240307-vq9qasgd66 1

07/03/2024, 17:11

07/03/2024, 17:10

07/03/2024, 17:07

07/03/2024, 16:58

07/03/2024, 16:58

07/03/2024, 16:49

07/03/2024, 16:45

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
07/03/2024, 17:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
30	raw.githubusercontent.com

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4181651180-3163410697-3990547336-1000\{4C33C496-5EF1-4AFB-AC9B-A7EDF55F2FC6}	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Melissa.doc:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Melissa (1).doc:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3156	WINWORD.EXE
3156	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4340	msedge.exe
4340	msedge.exe
3112	msedge.exe
3112	msedge.exe
3620	identity_helper.exe
3620	identity_helper.exe
2228	msedge.exe
2228	msedge.exe
1804	msedge.exe
1804	msedge.exe
4172	msedge.exe
4172	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
4012	msedge.exe
4012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
3156	WINWORD.EXE
3156	WINWORD.EXE
3156	WINWORD.EXE
3156	WINWORD.EXE
3156	WINWORD.EXE
3156	WINWORD.EXE
3156	WINWORD.EXE
3156	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 2704	3112	msedge.exe	79
PID 3112 wrote to memory of 2704	3112	msedge.exe	79
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 1384	3112	msedge.exe	80
PID 3112 wrote to memory of 4340	3112	msedge.exe	81
PID 3112 wrote to memory of 4340	3112	msedge.exe	81
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82
PID 3112 wrote to memory of 2920	3112	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffce4ae3cb8,0x7ffce4ae3cc8,0x7ffce4ae3cd8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1276 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Melissa (1).doc" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:3156
- - C:\Windows\splwow64.exe
    C:\Windows\splwow64.exe 12288
    3⤵
    PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6668 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3324 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,13412913011620942907,7054736891540037844,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:784

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3b1e59e67b947d63336fe9c8a1a5cebc

SHA1
5dc7146555c05d8eb1c9680b1b5c98537dd19b91

SHA256
7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263

SHA512
2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0e10a8550dceecf34b33a98b85d5fa0b

SHA1
357ed761cbff74e7f3f75cd15074b4f7f3bcdce0

SHA256
5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61

SHA512
fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
322f192239dd7e32fc32e7ac6db90026

SHA1
276a4e75d0ae61620f3eca849fc08fd09a55e592

SHA256
37e6b7fd530d95e4d84bf7b60ceffba1c0ff78d34556838c69f5f743c543390d

SHA512
cf9fe139ac6dfe054a6280625519061197dcc9eda5ca342a8d112719ad28437ed7ebf3aaca8eb93ccacc5773afbdba4c68717e4bd98f9353a8702aa3fdbee520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
649B

MD5
d95b2fedee61b730884ffa51d8e3cbcd

SHA1
22fe607473da7cf4b15e0132f5a32672bf0c2747

SHA256
d5acf4d2fd9d6691f97e1cd4c19bca4d41a0d4633b597e5551f549e34bdf27ad

SHA512
d385b33fc848375ff05a599cee76242d912e2a2e51e1980ff78ff765f0814eb96d4c084b5ca29f6b15396ec307f752f22775813c9cc35d8bdd342a698c270e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
46fa4f5f7344089589d117bd7599b3a9

SHA1
b6cc1fe19e527d4a372c97e4d195ed94eee40030

SHA256
223280d95a13f1af6af06459bbf230874500c212a2e16f63914eff3f22e8b57a

SHA512
6b680aedde7e806802652aab9ab31cb21438bc8756b063955e6f03bbbdf1273f7d47c40ec1a19fe27537afeb8d6cc219a246d31f7c6822b481649fe296e2a45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
53932c19f3dd8b3325f4f2b239059bbb

SHA1
451c72aa743038f02e6fe2bcb70def26a604967f

SHA256
d51c40025ffaea3c5fbedc24327743b82655329e3c850665a94ef79e1625948e

SHA512
0d16ca804183fd9eac48dc168d18a034246cd55d730183bf6dcb344bc94f2f8725ce2af64c053e39bc840346ba3660f4a5c6bfe06bf5ebc803a1198c8476b485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb1214d38dbf6e2b178f5498c48af1d7

SHA1
37984ec8305d7ca7c18a62d8546a5ef8d0c850fa

SHA256
1e253ae73752b5ddafb2edd25fd9456cd5dbce69dce1d18c6975b45aef5cbcf6

SHA512
6497a931a287e2709887c6612f327441c233925ea12eaef9f4c334f4f5fb7f727b383f86f42ca5ad36f1a6d63d51949daa3be3b30a1011c9d2fc10c1b8773243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4dcb698e82fb9ad1da4b56ddc710ce38

SHA1
a85c5db0a914e3b07fe0e50e0a5e156c7a00ebb3

SHA256
89e2a75629c88a399cab2438d5990a8d1c20499a892652905a5fec5fd2f53df5

SHA512
ef6b4d25a100909bc552332ab09c1664eea5488e2f363a512d5bd92aaf729cb35c2cdad93e107efad51bd0d38199fe7d880a0ca1da16df83712945cd49eda3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23033f9cf31e88cd1173b72c8d7b0f20

SHA1
4b2e275fdd1ce83754d177845948f4cebcd4338b

SHA256
b42f93f904bc9217f442ccb7c0811ab25ed4a98d7395f40ed9c6d8ed0f044ca8

SHA512
3bbaed264b6c178b411ac3923d76f32e6f1a588a1cc4d5fada268ceb4e196b65939817c87fbbf11d6ea38a1961d85b69314486bcf4b3de42afe5622e80ec9517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ecf8ea6778a90c0af3feaf32e22885ff

SHA1
3f9463089ffc5154e1ff57afb8420e94ad0872f0

SHA256
048c9c3ac3009917bd2754310b5c09a8d9f80695d7c0b8afdbae4e940545583d

SHA512
90255f59744287e17dedcd4de6f9f4c9198d7a52ba5cc8c95558a0070ff996d8e5257b02ab333897c4367c57b44227a6d73e7d1133c74c398a2082594b0e9208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fcb614a85dc7301fac97b43f65569fc5

SHA1
e023489e7002c7081a82d91405ea7c3a5c64ba5f

SHA256
de5e6116546046d5605b42dcfcc7b3451c29dbde0b53554aeb5aef3ddd761892

SHA512
6a2a3f2bfe0cfef09149fa810108b58192d93907d795440427a86fc722a39ea80fb54a4278e429c21b9dfdb36e840ca31b25406f3bc3151ae8d0b5742e25e3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
085c0a39fa6ceada40e33b73db6686f6

SHA1
6a844c8f5c71efac72847b712c224c937af2c5b2

SHA256
a6b0fa91c2ec36dacb750da1f3ba70bbc86f21209bdef4fd8b053c8a85901482

SHA512
a063bc2e33caeb6e7f441c2daa603d5958426fe293a8cf8b6eb72aa959e26146e5677eb269d07bb7346c53f91ce2fbd8d6fcddd22e0544e7141f72123af3e53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ddf8c6c6352ff47884ea16e1e68115f7

SHA1
6b89f00c404d8b3a350721ec212a65509ad301cc

SHA256
fda3e15a3a13660f385c2a2cfc554a2f90072898b678fefdbc0511eec964a946

SHA512
5ba98c974ae2c79b6a93b72167457f05cd80339f7fe6c5d2100ad398562e694d1d5771fecde1dc2bf18d777803ac621e84cd27a18023e49770d054779c627368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c88a91f199925b8ee183b9e8e605770d

SHA1
f54ae7e3206d55fbb5fd6fba93c74be12fe06011

SHA256
f989e2a7fef355064cd7af8f2b2ddca1d4b7f9d82b3bcd717d7579cd752ca31d

SHA512
3bbebc7d7e2e2e26a42a21a67f5f609b18f70cc7176c37653f59a727588f0d122712fabd9aa2129508e05f414c8aa25e0c9b0dbeb48c540764aa09c15f2a0f90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
b73f3a8fbd3e1fa0f1a564b0794cb100

SHA1
3c3d066fd04adbc9a299beeb33b5e505aca9cf0b

SHA256
edd6a4f38ad0753059e2f477606a18e62c8142822f6232dcdac43a2429ffb397

SHA512
65861ecaaf21351998106c468044c2309541ba82068826fb362a285471f7c7e3a6bb5fd99e49206105b4d637de9ba5e0551125b0dfc7a561959096d84f25a1ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bad4.TMP

Filesize
874B

MD5
3cb6d1d576f6957a966873beedcc5fdb

SHA1
804d5b0869f42800ae0867b268ad85aa9efa453d

SHA256
7efc2f518444868b3c91502ff646b182022cc400df1de2e620a47087622a848b

SHA512
0acffee2d5b066a802194098ef261d82ea92b7aca751ef2fbc9cfeae935d9e975221b4bd3374e3d0f0036a3e2df1cd61b94c5f75f788c979502662a2b4902e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dacd51799e5d9f3be23fb6251eb57fab

SHA1
dc3bc8dcba1e29e4333fc22979dcc193bd5721d7

SHA256
deac1ce231af4c06daca8001f168154a6fb321dfac0e831fea3bc39fc8acc8e1

SHA512
f205f5a9410798d0f1133e6ab6357a855a2b12879943852706204c646c6fe379cb49496997fa5bc227b113a6e669820c82196de9e706d84fb80b237ef19d3c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c30f4a80c4c2c2297863f19f6a1830bc

SHA1
5f2f4b5d1919ab2f680738b4804177979d740afb

SHA256
97721fd58de03496bd9350e51ae57cd9cee2818ebfe0bfeb90964ba104b97432

SHA512
323dc280111a6ff9b691c4a3298d1a0641382cef8d55062d2d3296f5904e79ce8cd875c84f1f550560d8df5dd06c905df8f522481767ab967b521a1e79dd10c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
87055fbd32a8949d45282db253dece6b

SHA1
10f1c082709d5950ecc47054f7ad7edfa7ec6c52

SHA256
8100c6bbbed23790ecd741e9a9dacb6eefd8cbaa4485e7ebe960921a4d16b206

SHA512
df93629a01d59195de19d57325f807d9218d14c9a9a18b4e38ed98ae6f47f78b8a703334582dbdee17a355f708f1ef41a8ed461c22090e0b2d9079a458058b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRD0002.docx

Filesize
11KB

MD5
5bd2e2341bdeef10c5c19790f0d64968

SHA1
08f21917e711cb8c22057a3d0303ee331580b291

SHA256
089d4ceb6a7de4d5c909a21e8c142ae7abb02653836b6a9351770732d00003b6

SHA512
d75331f2622f9f17c3c524c8db5dd532ef48bab2f251dc658867502bd9755c5f2531b067ed256a820600983e9de851990f8afd6c7899b8e147232ebca61e9eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRD0004.docx

Filesize
11KB

MD5
644dedbf962de6b2e62101303865d882

SHA1
b14d8fca9b671f6b8c1c4815a512a68007cff6ff

SHA256
996ae5e6b6daf28e69bf333cb8783f4143a884c6a0d93c5f9403fc9e1a28a251

SHA512
38a096ecebc7871eead7abda8747742c4f51195145d36b961f4764c4294cc6a31b07bfecebf813ec57d1efb39e1c2c72d695e68edd52178185008b70dd3ef63c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
255B

MD5
c468ac2ea54e1aa7d9c427f41898aabe

SHA1
ec8b1503edb3f0f14168dadfb5899e948c73ff95

SHA256
3df63fca5a83d7cdd339bf1ea03b60a1db0795081cd669c17bdc399393554e28

SHA512
78b8d23deea8ef440a8c876eb471cbeffb546f37e2efa3cd53aeff18a6c1a612ca1cc1a5a59279e91e5dc78720b94a85adadbef7542c9d34559e9e544a976241

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

Filesize
31KB

MD5
18883ac2e013bbf3b3530d976b9ec123

SHA1
cf8ce61304e9d5a7bcfcb94d33fa9a71f875640b

SHA256
b739bf3a3b96da685b9ee893a0c2ddebec9bb1bd2b551b426741256dee54ca92

SHA512
83f755703c912c6748cba1204ef281ab95acd85a66de46a7847022379aad167832f950080f359e7e403aba9ff7a6ef4fe34ae87f6c90df49670484e109cc5674

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
4bc5f819e93aafeb7ef080493088b5f0

SHA1
deee1153286c0b22c1f3e4109f8d8991125146c9

SHA256
f81ff1c08b95822dad02d183f21da0f18f2c64e2befdcd9a3a658f7dc1821b44

SHA512
bdf10cdd37e1d8f4241f91d92091dcba7c413aa06d124195e93cc8eb4edc75b4b1b36cd57ae953ee75a53f2ed83bf3f386f1e6176f2fcb2aff1758cb5f31fdbd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
ccd9eeb2b8dc252d7ffb2e8e896491f8

SHA1
f428ee5b67bbe47825989c0a161086d708f9d7db

SHA256
d904980beab4fc3316881401ebb47a454b4b0bc850baf6f5288a7d4456a35ec5

SHA512
8a3fac601804d0bd8987f325c0326dd30bfa91a3b4ad0b5708b075d43141f4faaef1d1e75011e0f7b91abf9c966dd7f70c77e08490ef22010e130ff267f760b5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
f4d3091df78bd56ba514867df9ab63f1

SHA1
c893be7e553497d34d17b30e6ee47e7b8d17f58b

SHA256
301cecccdc9e01ec8199c3f90cdfa144e2ffcc8f9e55a87d074b3d1058df9f9d

SHA512
659aaeebf1339ea7899fd686970e71b6d6ea37d1f6eaea3a8b7f5b60637e53575c791d4b809dfd4d126fd26afd953c624ea84e4db2aba46bc1da7d52551f30da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
930b7249e51bb6594c8303241a8121e3

SHA1
53899d3680edb2dc4d69ad8d68b0e99ed004a9d5

SHA256
b6267766fb560b52d8fc99f726a2eaaa5593e7fecc4f51cf993243008154dc3e

SHA512
f64ef4429f1b0ef0510716da260a988a99b44076bd4775b5fdcfbf7a9355aa4c75e5c0f564a25cfb900001dd1510ba7372f144cc1eccc1677ffb0ca80f197da8

Download Submit
C:\Users\Admin\Downloads\Melissa.doc

Filesize
40KB

MD5
4b68fdec8e89b3983ceb5190a2924003

SHA1
45588547dc335d87ea5768512b9f3fc72ffd84a3

SHA256
554701bc874da646285689df79e5002b3b1a1f76daf705bea9586640026697ca

SHA512
b2205ad850301f179a078219c6ce29da82f8259f4ec05d980c210718551de916df52c314cb3963f3dd99dcfb9de188bd1c7c9ee310662ece426706493500036f

Download Submit
C:\Users\Admin\Downloads\Melissa.doc:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
memory/3156-287-0x00007FFCB3CF0000-0x00007FFCB3D00000-memory.dmp

Filesize
64KB

Download
memory/3156-297-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-307-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-304-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-317-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-319-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-320-0x00007FFCF2DA0000-0x00007FFCF2E5D000-memory.dmp

Filesize
756KB

Download
memory/3156-303-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-321-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-300-0x00007FFCB13A0000-0x00007FFCB13B0000-memory.dmp

Filesize
64KB

Download
memory/3156-302-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-301-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-406-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-407-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-408-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-299-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-298-0x00007FFCB13A0000-0x00007FFCB13B0000-memory.dmp

Filesize
64KB

Download
memory/3156-305-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-296-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-295-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-294-0x00007FFCB3CF0000-0x00007FFCB3D00000-memory.dmp

Filesize
64KB

Download
memory/3156-293-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-562-0x00007FFCB3CF0000-0x00007FFCB3D00000-memory.dmp

Filesize
64KB

Download
memory/3156-563-0x00007FFCB3CF0000-0x00007FFCB3D00000-memory.dmp

Filesize
64KB

Download
memory/3156-564-0x00007FFCB3CF0000-0x00007FFCB3D00000-memory.dmp

Filesize
64KB

Download
memory/3156-565-0x00007FFCB3CF0000-0x00007FFCB3D00000-memory.dmp

Filesize
64KB

Download
memory/3156-566-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-567-0x00007FFCF2DA0000-0x00007FFCF2E5D000-memory.dmp

Filesize
756KB

Download
memory/3156-291-0x00007FFCB3CF0000-0x00007FFCB3D00000-memory.dmp

Filesize
64KB

Download
memory/3156-292-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-289-0x00007FFCB3CF0000-0x00007FFCB3D00000-memory.dmp

Filesize
64KB

Download
memory/3156-290-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-288-0x00007FFCF3C60000-0x00007FFCF3E69000-memory.dmp

Filesize
2.0MB

Download
memory/3156-286-0x00007FFCB3CF0000-0x00007FFCB3D00000-memory.dmp

Filesize
64KB

Download